mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-11 17:04:22 -05:00
266 lines
10 KiB
YAML
266 lines
10 KiB
YAML
name: E2E meta test
|
|
description: "This test does the infrastructure management and runs the e2e test of your choice."
|
|
|
|
inputs:
|
|
workerNodesCount:
|
|
description: "Number of worker nodes to spawn."
|
|
required: false
|
|
default: "2"
|
|
controlNodesCount:
|
|
description: "Number of control-plane nodes to spawn."
|
|
required: false
|
|
default: "3"
|
|
cloudProvider:
|
|
description: "Which cloud provider to use."
|
|
required: true
|
|
machineType:
|
|
description: "VM machine type. Make sure it matches selected cloud provider!"
|
|
required: false
|
|
osImage:
|
|
description: "OS image to run."
|
|
required: true
|
|
isDebugImage:
|
|
description: "Is OS img a debug img?"
|
|
default: "true"
|
|
required: true
|
|
kubernetesVersion:
|
|
description: "Kubernetes version to create the cluster from."
|
|
required: false
|
|
keepMeasurements:
|
|
default: "false"
|
|
description: "Keep measurements embedded in the CLI."
|
|
gcpProject:
|
|
description: "The GCP project to deploy Constellation in."
|
|
required: false
|
|
gcp_service_account:
|
|
description: "Service account with permissions to create Constellation on GCP."
|
|
required: false
|
|
gcpClusterServiceAccountKey:
|
|
description: "Service account to use inside the created Constellation cluster on GCP."
|
|
required: false
|
|
awsOpenSearchDomain:
|
|
description: "AWS OpenSearch Endpoint Domain to upload the benchmark results."
|
|
required: false
|
|
awsOpenSearchUsers:
|
|
description: "AWS OpenSearch User to upload the benchmark results."
|
|
required: false
|
|
awsOpenSearchPwd:
|
|
description: "AWS OpenSearch Password to upload the benchmark results."
|
|
required: false
|
|
azureSubscription:
|
|
description: "The Azure subscription ID to deploy Constellation in."
|
|
required: false
|
|
azureTenant:
|
|
description: "The Azure tenant ID to deploy Constellation in."
|
|
required: false
|
|
azureClientID:
|
|
description: "The client ID of the application registration created for Constellation in Azure."
|
|
required: false
|
|
azureClientSecret:
|
|
description: "The client secret value of the used secret"
|
|
required: false
|
|
azureUserAssignedIdentity:
|
|
description: "The Azure user assigned identity to use for Constellation."
|
|
required: false
|
|
azureResourceGroup:
|
|
description: "The resource group to use"
|
|
required: false
|
|
test:
|
|
description: "The test to run. Can currently be one of [sonobuoy full, sonobuoy quick, autoscaling, lb, perf-bench, verify, recover, nop, iamcreate]."
|
|
required: true
|
|
sonobuoyTestSuiteCmd:
|
|
description: "The sonobuoy test suite to run."
|
|
required: false
|
|
|
|
outputs:
|
|
kubeconfig:
|
|
description: "The kubeconfig for the cluster."
|
|
value: ${{ steps.constellation-create.outputs.kubeconfig }}
|
|
|
|
runs:
|
|
using: "composite"
|
|
steps:
|
|
- name: Check input
|
|
if: (!contains(fromJson('["sonobuoy full", "sonobuoy quick", "autoscaling", "perf-bench", "verify", "lb", "recover", "nop", "iamcreate"]'), inputs.test))
|
|
shell: bash
|
|
run: |
|
|
echo "Invalid input for test field: ${{ inputs.test }}"
|
|
exit 1
|
|
|
|
# Perf-bench's network benchmarks require at least two distinct worker nodes.
|
|
- name: Validate perf-bench inputs
|
|
if: inputs.test == 'perf-bench'
|
|
shell: bash
|
|
run: |
|
|
if [[ "${{ inputs.workerNodesCount }}" -lt 2 ]]; then
|
|
echo "::error::Test Perf-Bench requires at least 2 worker nodes."
|
|
exit 1
|
|
fi
|
|
|
|
- name: Determine build target
|
|
id: determine-build-target
|
|
shell: bash
|
|
run: |
|
|
echo "hostOS=$(go env GOOS)" >> $GITHUB_OUTPUT
|
|
echo "hostArch=$(go env GOARCH)" >> $GITHUB_OUTPUT
|
|
|
|
- name: Build CLI
|
|
uses: ./.github/actions/build_cli
|
|
with:
|
|
targetOS: ${{ steps.determine-build-target.outputs.hostOS }}
|
|
targetArch: ${{ steps.determine-build-target.outputs.hostArch }}
|
|
enterpriseCLI: ${{ inputs.keepMeasurements }}
|
|
|
|
# macOS runners don't have Docker preinstalled, so they cannot build the bootstrapper.
|
|
# But we can use a Linux runner to build it and store/retrieve it from the action cache.
|
|
- name: Download the bootstrapper from cache
|
|
id: download-bootstrapper-cache
|
|
if: inputs.isDebugImage == 'true' && runner.os == 'macOS'
|
|
uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6
|
|
with:
|
|
key: bootstrapper-${{ github.sha }}
|
|
path: "build/bootstrapper"
|
|
|
|
- name: Build the bootstrapper
|
|
id: build-bootstrapper
|
|
if: inputs.isDebugImage == 'true' && runner.os != 'macOS'
|
|
uses: ./.github/actions/build_bootstrapper
|
|
|
|
# macOS runners don't have Docker preinstalled, so they cannot build the upgrade-agent.
|
|
# But we can use a Linux runner to build it and store/retrieve it from the action cache.
|
|
- name: Download the upgrade-agent from cache
|
|
id: download-upgrade-agent-cache
|
|
if: inputs.isDebugImage == 'true' && runner.os == 'macOS'
|
|
uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6
|
|
with:
|
|
key: upgrade-agent-${{ github.sha }}
|
|
path: "build/upgrade-agent"
|
|
|
|
- name: Build the upgrade-agent
|
|
id: build-upgrade-agent
|
|
if: inputs.isDebugImage == 'true' && runner.os != 'macOS'
|
|
uses: ./.github/actions/build_upgrade_agent
|
|
|
|
- name: Build cdbg
|
|
id: build-cdbg
|
|
if: inputs.isDebugImage == 'true'
|
|
uses: ./.github/actions/build_cdbg
|
|
with:
|
|
targetOS: ${{ steps.determine-build-target.outputs.hostOS }}
|
|
targetArch: ${{ steps.determine-build-target.outputs.hostArch }}
|
|
|
|
- name: Login to GCP
|
|
if: inputs.cloudProvider == 'gcp'
|
|
uses: ./.github/actions/login_gcp
|
|
with:
|
|
service_account: ${{ inputs.gcp_service_account }}
|
|
|
|
- name: Login to AWS
|
|
if: inputs.cloudProvider == 'aws'
|
|
uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # tag=v1.7.0
|
|
with:
|
|
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2E
|
|
aws-region: eu-central-1
|
|
# extend token expiry to 6 hours to ensure constellation can terminate
|
|
role-duration-seconds: 21600
|
|
|
|
- name: Create IAM configuration
|
|
id: constellation-iam-create
|
|
if: inputs.test == 'iamcreate' && inputs.cloudProvider != 'azure' # skip for Azure, as the SP / MI does not have the required permissions
|
|
uses: ./.github/actions/constellation_iam_create
|
|
with:
|
|
cloudProvider: ${{ inputs.cloudProvider }}
|
|
awsZone: eu-central-1c
|
|
awsPrefix: e2e_${{ github.run_id }}_${{ github.run_attempt }}
|
|
azureRegion: northeurope
|
|
azureResourceGroup: e2e_${{ github.run_id }}_${{ github.run_attempt }}_rg
|
|
azureServicePrincipal: e2e_${{ github.run_id }}_${{ github.run_attempt }}_sp
|
|
gcpProjectID: ${{ inputs.gcpProject }}
|
|
gcpZone: europe-west3-b
|
|
gcpServiceAccountID: e2e-${{ github.run_id }}-${{ github.run_attempt }}-sa
|
|
|
|
- name: Create cluster
|
|
id: constellation-create
|
|
uses: ./.github/actions/constellation_create
|
|
with:
|
|
cloudProvider: ${{ inputs.cloudProvider }}
|
|
gcpProject: ${{ inputs.gcpProject }}
|
|
gcpClusterServiceAccountKey: ${{ inputs.gcpClusterServiceAccountKey }}
|
|
workerNodesCount: ${{ inputs.workerNodesCount }}
|
|
controlNodesCount: ${{ inputs.controlNodesCount }}
|
|
machineType: ${{ inputs.machineType }}
|
|
osImage: ${{ inputs.osImage }}
|
|
isDebugImage: ${{ inputs.isDebugImage }}
|
|
kubernetesVersion: ${{ inputs.kubernetesVersion }}
|
|
keepMeasurements: ${{ inputs.keepMeasurements }}
|
|
azureSubscription: ${{ inputs.azureSubscription }}
|
|
azureTenant: ${{ inputs.azureTenant }}
|
|
azureClientID: ${{ inputs.azureClientID }}
|
|
azureClientSecret: ${{ inputs.azureClientSecret }}
|
|
azureUserAssignedIdentity: ${{ inputs.azureUserAssignedIdentity }}
|
|
azureResourceGroup: ${{ inputs.azureResourceGroup }}
|
|
existingConfig: ${{ steps.constellation-iam-create.outputs.existingConfig }}
|
|
|
|
#
|
|
# Test payloads
|
|
#
|
|
|
|
- name: Nop test payload
|
|
if: inputs.test == 'nop'
|
|
shell: bash
|
|
run: echo "::warning::This test has a nop payload. It doesn't run any tests."
|
|
|
|
- name: Run sonobuoy quick test
|
|
if: inputs.test == 'sonobuoy quick'
|
|
uses: ./.github/actions/e2e_sonobuoy
|
|
with:
|
|
sonobuoyTestSuiteCmd: "--mode quick"
|
|
kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
|
|
cloudProvider: ${{ inputs.cloudProvider }}
|
|
|
|
- name: Run sonobuoy full test
|
|
if: inputs.test == 'sonobuoy full'
|
|
uses: ./.github/actions/e2e_sonobuoy
|
|
with:
|
|
# TODO: Remove E2E_SKIP once AB#2174 is resolved
|
|
sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml'
|
|
kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
|
|
cloudProvider: ${{ inputs.cloudProvider }}
|
|
|
|
- name: Run autoscaling test
|
|
if: inputs.test == 'autoscaling'
|
|
uses: ./.github/actions/e2e_autoscaling
|
|
with:
|
|
kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
|
|
|
|
- name: Run lb test
|
|
if: inputs.test == 'lb'
|
|
uses: ./.github/actions/e2e_lb
|
|
with:
|
|
kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
|
|
|
|
- name: Run Performance Benchmark
|
|
if: inputs.test == 'perf-bench'
|
|
uses: ./.github/actions/e2e_benchmark
|
|
with:
|
|
cloudProvider: ${{ inputs.cloudProvider }}
|
|
kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
|
|
awsOpenSearchDomain: ${{ inputs.awsOpenSearchDomain }}
|
|
awsOpenSearchUsers: ${{ inputs.awsOpenSearchUsers }}
|
|
awsOpenSearchPwd: ${{ inputs.awsOpenSearchPwd }}
|
|
|
|
- name: Run constellation verify test
|
|
if: inputs.test == 'verify'
|
|
uses: ./.github/actions/e2e_verify
|
|
with:
|
|
cloudProvider: ${{ inputs.cloudProvider }}
|
|
osImage: ${{ inputs.osImage }}
|
|
|
|
- name: Run recover test
|
|
if: inputs.test == 'recover'
|
|
uses: ./.github/actions/e2e_recover
|
|
with:
|
|
controlNodesCount: ${{ inputs.controlNodesCount }}
|
|
kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
|
|
masterSecret: ${{ steps.constellation-create.outputs.masterSecret }}
|