mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-08 06:08:04 -05:00
724ee44466
* Refactor selfManagedInfra input to clusterCreation in e2e tests * Run e2e test using terraform provider * Allow insecure measurement fetching in Terraform provider * Run Terraform provider test instead of module test in weekly runs --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>
90 lines
3.2 KiB
YAML
90 lines
3.2 KiB
YAML
name: Constellation destroy
|
|
description: "Destroy a running Constellation cluster."
|
|
|
|
inputs:
|
|
kubeconfig:
|
|
description: "The kubeconfig for the cluster."
|
|
required: true
|
|
clusterCreation:
|
|
description: "How the infrastructure for the e2e test was created. One of [cli, self-managed, terraform]."
|
|
default: "cli"
|
|
gcpClusterDeleteServiceAccount:
|
|
description: "Service account with permissions to delete a Constellation cluster on GCP."
|
|
required: true
|
|
azureClusterDeleteCredentials:
|
|
description: "Azure credentials authorized to delete a Constellation cluster."
|
|
required: true
|
|
cloudProvider:
|
|
description: "Either 'aws', 'azure' or 'gcp'."
|
|
required: true
|
|
|
|
runs:
|
|
using: "composite"
|
|
steps:
|
|
- name: Delete persistent volumes
|
|
if: inputs.kubeconfig != ''
|
|
shell: bash
|
|
env:
|
|
KUBECONFIG: ${{ inputs.kubeconfig }}
|
|
PV_DELETION_TIMEOUT: "120" # 2 minutes timeout for pv deletion
|
|
run: |
|
|
ELAPSED=0
|
|
echo "::group::Wait for PV deletion"
|
|
|
|
# Scrap namespaces that contain PVCs
|
|
for namespace in `kubectl get namespace --no-headers=true -o custom-columns=":metadata.name"`; do
|
|
if [[ `kubectl get pvc -n $namespace --no-headers=true -o custom-columns=":metadata.name" | wc -l` -gt 0 ]]; then
|
|
kubectl delete namespace $namespace --wait
|
|
fi
|
|
done
|
|
|
|
until [[ "$(kubectl get pv -o json | jq '.items | length')" == "0" ]] || [[ $ELAPSED -gt $PV_DELETION_TIMEOUT ]];
|
|
do
|
|
echo $(kubectl get pv -o json | jq '.items | length') PV remaining..
|
|
sleep 1
|
|
ELAPSED=$((ELAPSED+1))
|
|
done
|
|
if [[ $ELAPSED -gt $PV_DELETION_TIMEOUT ]]; then
|
|
echo "Timed out waiting for PV deletion.."
|
|
exit 1
|
|
fi
|
|
echo "::endgroup::"
|
|
|
|
- name: Login to GCP (Cluster service account)
|
|
if: inputs.cloudProvider == 'gcp'
|
|
uses: ./.github/actions/login_gcp
|
|
with:
|
|
service_account: ${{ inputs.gcpClusterDeleteServiceAccount }}
|
|
|
|
- name: Login to AWS (Cluster role)
|
|
if: inputs.cloudProvider == 'aws'
|
|
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
|
|
with:
|
|
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster
|
|
aws-region: eu-central-1
|
|
# extend token expiry to 6 hours to ensure constellation can terminate
|
|
role-duration-seconds: 21600
|
|
|
|
- name: Login to Azure (Cluster service principal)
|
|
if: inputs.cloudProvider == 'azure'
|
|
uses: ./.github/actions/login_azure
|
|
with:
|
|
azure_credentials: ${{ inputs.azureClusterDeleteCredentials }}
|
|
|
|
- name: Constellation terminate
|
|
if: inputs.clusterCreation != 'self-managed'
|
|
shell: bash
|
|
run: |
|
|
constellation terminate --yes --tf-log=DEBUG
|
|
|
|
- name: Constellation terminate (self-managed)
|
|
if: inputs.clusterCreation == 'self-managed'
|
|
shell: bash
|
|
working-directory: ${{ github.workspace }}/e2e-infra
|
|
run: |
|
|
terraform init
|
|
terraform destroy -auto-approve
|
|
|
|
rm -f ${{ github.workspace }}/constellation-state.yaml
|
|
rm -f ${{ github.workspace }}/constellation-admin.conf
|