mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
680d3318af
* Use github.run_id to correctly tag resources with the run id * Ensure `--tags` flag is only set if CLI supports it --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>
198 lines
6.0 KiB
YAML
198 lines
6.0 KiB
YAML
name: e2e test windows
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
workflow_call:
|
|
inputs:
|
|
scheduled:
|
|
description: Whether this is a scheduled run.
|
|
type: boolean
|
|
default: false
|
|
required: false
|
|
|
|
jobs:
|
|
build-cli:
|
|
name: Build Windows CLI
|
|
runs-on: ubuntu-22.04
|
|
permissions:
|
|
id-token: write
|
|
checks: write
|
|
contents: read
|
|
packages: write
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
|
with:
|
|
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
|
|
|
- name: Setup bazel
|
|
uses: ./.github/actions/setup_bazel_nix
|
|
with:
|
|
useCache: "true"
|
|
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
|
|
|
|
- name: Log in to the Container registry
|
|
uses: ./.github/actions/container_registry_login
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Build CLI
|
|
uses: ./.github/actions/build_cli
|
|
with:
|
|
targetOS: "windows"
|
|
targetArch: "amd64"
|
|
enterpriseCLI: true
|
|
outputPath: "build/constellation"
|
|
push: true
|
|
|
|
- name: Upload CLI artifact
|
|
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
|
with:
|
|
path: build/constellation.exe
|
|
name: "constell-exe"
|
|
|
|
e2e-test:
|
|
name: E2E Test Windows
|
|
runs-on: windows-2022
|
|
needs: build-cli
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
|
with:
|
|
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
|
|
|
- name: Download CLI artifact
|
|
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
|
with:
|
|
name: "constell-exe"
|
|
|
|
- name: Check CLI version
|
|
shell: pwsh
|
|
run: |
|
|
.\constellation.exe version
|
|
Add-Content -Path $env:windir\System32\drivers\etc\hosts -Value "`n127.0.0.1`tlicense.confidential.cloud" -Force
|
|
|
|
- name: Login to Azure (IAM service principal)
|
|
uses: ./.github/actions/login_azure
|
|
with:
|
|
azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
|
|
|
|
- name: Create IAM configuration
|
|
shell: pwsh
|
|
run: |
|
|
$uid = Get-Random -Minimum 1000 -Maximum 9999
|
|
$rgName = "e2e-win-${{ github.run_id }}-${{ github.run_attempt }}-$uid"
|
|
.\constellation.exe config generate azure -t "workflow=${{ github.run_id }}"
|
|
.\constellation.exe iam create azure --region=westus --resourceGroup=$rgName-rg --servicePrincipal=$rgName-sp --update-config --debug -y
|
|
|
|
- name: Login to Azure (Cluster service principal)
|
|
uses: ./.github/actions/login_azure
|
|
with:
|
|
azure_credentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
|
|
|
|
- name: Apply config
|
|
shell: pwsh
|
|
run: |
|
|
.\constellation.exe apply --debug -y
|
|
|
|
- name: Liveness probe
|
|
shell: pwsh
|
|
run: |
|
|
$retryIntervalSeconds = 30
|
|
$maxRetries = 50
|
|
|
|
$retryCount = 0
|
|
$allNodesReady = $false
|
|
|
|
while (-not $allNodesReady -and $retryCount -lt $maxRetries) {
|
|
${retryCount}++
|
|
Write-Host "Retry ${retryCount}: Checking node status..."
|
|
|
|
$nodesOutput = & kubectl get nodes --kubeconfig "$PWD\constellation-admin.conf"
|
|
$status = $?
|
|
|
|
$nodesOutput
|
|
|
|
if ($status) {
|
|
$lines = $nodesOutput -split "`r?`n" | Select-Object -Skip 1
|
|
|
|
if ($lines.count -eq 4) {
|
|
$allNodesReady = $true
|
|
|
|
foreach ($line in $lines) {
|
|
$columns = $line -split '\s+' | Where-Object { $_ -ne '' }
|
|
|
|
$nodeName = $columns[0]
|
|
$status = $columns[1]
|
|
|
|
if ($status -ne "Ready") {
|
|
Write-Host "Node $nodeName is not ready!"
|
|
$allNodesReady = $false
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if (-not $allNodesReady -and $retryCount -lt $maxRetries) {
|
|
Write-Host "Retrying in $retryIntervalSeconds seconds..."
|
|
Start-Sleep -Seconds $retryIntervalSeconds
|
|
}
|
|
}
|
|
|
|
if ($allNodesReady) {
|
|
Write-Host "All nodes are ready!"
|
|
}
|
|
else {
|
|
Write-Host "Node status check failed after $maxRetries retries."
|
|
EXIT 1
|
|
}
|
|
|
|
- name: Terminate cluster
|
|
if: always()
|
|
shell: pwsh
|
|
run: |
|
|
.\constellation.exe terminate --debug -y
|
|
|
|
- name: Login to Azure (IAM service principal)
|
|
if: always()
|
|
uses: ./.github/actions/login_azure
|
|
with:
|
|
azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
|
|
|
|
- name: Delete IAM configuration
|
|
if: always()
|
|
shell: pwsh
|
|
run: |
|
|
.\constellation.exe iam destroy --debug -y
|
|
|
|
notify-failure:
|
|
name: Notify about failure
|
|
runs-on: ubuntu-22.04
|
|
needs: e2e-test
|
|
if: |
|
|
failure() &&
|
|
github.ref == 'refs/heads/main' &&
|
|
inputs.scheduled
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
|
with:
|
|
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
|
|
|
- name: Setup bazel
|
|
uses: ./.github/actions/setup_bazel_nix
|
|
with:
|
|
useCache: "true"
|
|
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
|
|
|
|
- name: Notify about failure
|
|
continue-on-error: true
|
|
uses: ./.github/actions/notify_e2e_failure
|
|
with:
|
|
projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }}
|
|
test: Windows E2E Test
|
|
provider: Azure
|
|
attestationVariant: "azure-sev-snp"
|