mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
60bf770e62
* refactor `debugd` file structure * create `hack`-tool to deploy logcollection to non-debug clusters * integrate changes into CI * update fields * update workflow input names * use `working-directory` * add opensearch creds to upgrade workflow * make template func generic * make templating func generic * linebreaks * remove magic defaults * move `os.Exit` to main package * make logging index configurable * make templating generic * remove excess brace * update fields * copy fields * fix flag name * fix linter warnings Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * remove unused workflow inputs * remove makefiles * fix command * bazel: fix output paths of container This fixes the output paths of builds within the container by mounting directories to paths that exist on the host. We also explicitly set the output path in a .bazelrc to the user specific path. The rc file is mounted into the container and overrides the host rc. Also adding automatic stop in case start is called and a containers is already running. Sym links like bazel-out and paths bazel outputs should generally work with this change. Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * tabs -> spaces --------- Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
160 lines
6.1 KiB
YAML
160 lines
6.1 KiB
YAML
name: e2e test daily
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
schedule:
|
|
- cron: "0 3 * * 2-5" # At 03:00 on every day-of-week from Tuesday through Friday.
|
|
|
|
jobs:
|
|
find-latest-image:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"]
|
|
name: Find latest image
|
|
runs-on: ubuntu-22.04
|
|
permissions:
|
|
id-token: write
|
|
contents: read
|
|
outputs:
|
|
image-main-debug: ${{ steps.relabel-output.outputs.image-main-debug }}
|
|
image-release-stable: ${{ steps.relabel-output.outputs.image-release-stable }}
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
with:
|
|
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
|
|
|
- name: Select relevant image
|
|
id: select-image-action
|
|
uses: ./.github/actions/select_image
|
|
with:
|
|
osImage: ${{ matrix.refStream }}
|
|
|
|
- name: Relabel output
|
|
id: relabel-output
|
|
shell: bash
|
|
run: |
|
|
ref=$(echo ${{ matrix.refStream }} | cut -d/ -f2)
|
|
stream=$(echo ${{ matrix.refStream }} | cut -d/ -f4)
|
|
|
|
echo "image-$ref-$stream=${{ steps.select-image-action.outputs.osImage }}" | tee -a "$GITHUB_OUTPUT"
|
|
|
|
e2e-daily:
|
|
strategy:
|
|
fail-fast: false
|
|
max-parallel: 5
|
|
matrix:
|
|
kubernetesVersion: ["1.27"] # should be default
|
|
provider: ["gcp", "azure", "aws"]
|
|
refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"]
|
|
test: ["sonobuoy full"]
|
|
runs-on: ubuntu-22.04
|
|
permissions:
|
|
id-token: write
|
|
checks: write
|
|
contents: read
|
|
packages: write
|
|
needs: [find-latest-image]
|
|
steps:
|
|
- name: Check out repository
|
|
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
with:
|
|
fetch-depth: 0
|
|
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
|
|
|
- name: Run E2E test
|
|
id: e2e_test
|
|
uses: ./.github/actions/e2e_test
|
|
with:
|
|
workerNodesCount: "2"
|
|
controlNodesCount: "3"
|
|
cloudProvider: ${{ matrix.provider }}
|
|
osImage: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || needs.find-latest-image.outputs.image-main-debug }}
|
|
isDebugImage: ${{ matrix.refStream == 'ref/main/stream/debug/?' }}
|
|
cliVersion: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || '' }}
|
|
gcpProject: ${{ secrets.GCP_E2E_PROJECT }}
|
|
gcpClusterCreateServiceAccount: "constellation-e2e-cluster@constellation-331613.iam.gserviceaccount.com"
|
|
gcpIAMCreateServiceAccount: "constellation-iam-e2e@constellation-331613.iam.gserviceaccount.com"
|
|
gcpInClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }}
|
|
kubernetesVersion: ${{ matrix.kubernetesVersion }}
|
|
test: ${{ matrix.test }}
|
|
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
|
|
azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
|
|
azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
|
|
registry: ghcr.io
|
|
githubToken: ${{ secrets.GITHUB_TOKEN }}
|
|
cosignPassword: ${{ secrets.COSIGN_PASSWORD }}
|
|
cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }}
|
|
fetchMeasurements: ${{ matrix.refStream != 'ref/release/stream/stable/?' }}
|
|
awsOpenSearchDomain: ${{ secrets.AWS_OPENSEARCH_DOMAIN }}
|
|
awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }}
|
|
awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }}
|
|
|
|
- name: Always terminate cluster
|
|
if: always()
|
|
uses: ./.github/actions/constellation_destroy
|
|
with:
|
|
kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }}
|
|
|
|
- name: Always delete IAM configuration
|
|
if: always()
|
|
uses: ./.github/actions/constellation_iam_destroy
|
|
with:
|
|
cloudProvider: ${{ matrix.provider }}
|
|
azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
|
|
gcpServiceAccount: "constellation-iam-e2e@constellation-331613.iam.gserviceaccount.com"
|
|
|
|
- name: Always upload Terraform logs
|
|
if: always()
|
|
uses: ./.github/actions/upload_terraform_logs
|
|
with:
|
|
artifactNameSuffix: ${{ steps.e2e_test.outputs.namePrefix }}
|
|
|
|
- name: Notify about failure
|
|
if: |
|
|
failure() &&
|
|
github.ref == 'refs/heads/main' &&
|
|
github.event_name == 'schedule'
|
|
continue-on-error: true
|
|
uses: ./.github/actions/notify_failure
|
|
with:
|
|
projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }}
|
|
teamsWebhookUri: ${{ secrets.MS_TEAMS_WEBHOOK_URI }}
|
|
refStream: ${{ matrix.refStream }}
|
|
test: ${{ matrix.test }}
|
|
kubernetesVersion: ${{ matrix.kubernetesVersion }}
|
|
provider: ${{ matrix.provider }}
|
|
|
|
e2e-mini:
|
|
name: Run miniconstellation E2E test
|
|
runs-on: ubuntu-22.04
|
|
environment: e2e
|
|
permissions:
|
|
id-token: write
|
|
contents: read
|
|
packages: write
|
|
steps:
|
|
- name: Checkout
|
|
id: checkout
|
|
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
with:
|
|
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
|
|
|
- name: Azure login OIDC
|
|
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
|
|
with:
|
|
client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }}
|
|
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
|
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
|
|
- name: Run e2e MiniConstellation
|
|
uses: ./.github/actions/e2e_mini
|
|
with:
|
|
azureClientID: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }}
|
|
azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
azureTenantID: ${{ secrets.AZURE_TENANT_ID }}
|
|
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
|
|
registry: ghcr.io
|
|
githubToken: ${{ secrets.GITHUB_TOKEN }}
|