constellation/.github/actions/e2e_test/action.yml
Malte Poll c3c0940adb
bazel: use remote caching (#1456)
* bazel: add configuration for remote caching
* ci: enable bazel remote caching for building binaries
* ci: use bazel directly when building go binaries
* ci: enable cache for most build steps
* dev-docs: document remote caching
2023-03-20 16:05:08 +01:00

256 lines
9.7 KiB
YAML

name: E2E meta test
description: "This test does the infrastructure management and runs the e2e test of your choice."
inputs:
workerNodesCount:
description: "Number of worker nodes to spawn."
required: false
default: "2"
controlNodesCount:
description: "Number of control-plane nodes to spawn."
required: false
default: "3"
cloudProvider:
description: "Which cloud provider to use."
required: true
machineType:
description: "VM machine type. Make sure it matches selected cloud provider!"
required: false
osImage:
description: "OS image to run."
required: true
isDebugImage:
description: "Is OS img a debug img?"
default: "true"
required: true
kubernetesVersion:
description: "Kubernetes version to create the cluster from."
required: false
keepMeasurements:
default: "false"
description: "Keep measurements embedded in the CLI."
gcpProject:
description: "The GCP project to deploy Constellation in."
required: false
gcp_service_account:
description: "Service account with permissions to create Constellation on GCP."
required: false
gcpClusterServiceAccountKey:
description: "Service account to use inside the created Constellation cluster on GCP."
required: false
awsOpenSearchDomain:
description: "AWS OpenSearch Endpoint Domain to upload the benchmark results."
required: false
awsOpenSearchUsers:
description: "AWS OpenSearch User to upload the benchmark results."
required: false
awsOpenSearchPwd:
description: "AWS OpenSearch Password to upload the benchmark results."
required: false
azureSubscription:
description: "The Azure subscription ID to deploy Constellation in."
required: false
azureTenant:
description: "The Azure tenant ID to deploy Constellation in."
required: false
azureClientID:
description: "The client ID of the application registration created for Constellation in Azure."
required: false
azureClientSecret:
description: "The client secret value of the used secret"
required: false
azureUserAssignedIdentity:
description: "The Azure user assigned identity to use for Constellation."
required: false
azureResourceGroup:
description: "The resource group to use"
required: false
test:
description: "The test to run. Can currently be one of [sonobuoy full, sonobuoy quick, autoscaling, lb, perf-bench, verify, recover, nop, iamcreate]."
required: true
sonobuoyTestSuiteCmd:
description: "The sonobuoy test suite to run."
required: false
buildBuddyApiKey:
description: "BuildBuddy API key for caching Bazel artifacts"
required: true
outputs:
kubeconfig:
description: "The kubeconfig for the cluster."
value: ${{ steps.constellation-create.outputs.kubeconfig }}
runs:
using: "composite"
steps:
- name: Check input
if: (!contains(fromJson('["sonobuoy full", "sonobuoy quick", "autoscaling", "perf-bench", "verify", "lb", "recover", "nop", "iamcreate"]'), inputs.test))
shell: bash
run: |
echo "Invalid input for test field: ${{ inputs.test }}"
exit 1
# Perf-bench's network benchmarks require at least two distinct worker nodes.
- name: Validate perf-bench inputs
if: inputs.test == 'perf-bench'
shell: bash
run: |
if [[ "${{ inputs.workerNodesCount }}" -lt 2 ]]; then
echo "::error::Test Perf-Bench requires at least 2 worker nodes."
exit 1
fi
- name: Determine build target
id: determine-build-target
shell: bash
run: |
echo "hostOS=$(go env GOOS)" >> $GITHUB_OUTPUT
echo "hostArch=$(go env GOARCH)" >> $GITHUB_OUTPUT
- name: Setup bazel
uses: ./.github/actions/setup_bazel
with:
useCache: "true"
buildBuddyApiKey: ${{ inputs.buildBuddyApiKey }}
- name: Build CLI
uses: ./.github/actions/build_cli
with:
targetOS: ${{ steps.determine-build-target.outputs.hostOS }}
targetArch: ${{ steps.determine-build-target.outputs.hostArch }}
enterpriseCLI: ${{ inputs.keepMeasurements }}
outputPath: "build/constellation"
- name: Build the bootstrapper
id: build-bootstrapper
if: inputs.isDebugImage == 'true'
uses: ./.github/actions/build_bootstrapper
- name: Build the upgrade-agent
id: build-upgrade-agent
if: inputs.isDebugImage == 'true'
uses: ./.github/actions/build_upgrade_agent
- name: Build cdbg
id: build-cdbg
if: inputs.isDebugImage == 'true'
uses: ./.github/actions/build_cdbg
with:
targetOS: ${{ steps.determine-build-target.outputs.hostOS }}
targetArch: ${{ steps.determine-build-target.outputs.hostArch }}
- name: Login to GCP
if: inputs.cloudProvider == 'gcp'
uses: ./.github/actions/login_gcp
with:
service_account: ${{ inputs.gcp_service_account }}
- name: Login to AWS
if: inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # tag=v1.7.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2E
aws-region: eu-central-1
# extend token expiry to 6 hours to ensure constellation can terminate
role-duration-seconds: 21600
- name: Create IAM configuration
id: constellation-iam-create
if: inputs.test == 'iamcreate' && inputs.cloudProvider != 'azure' # skip for Azure, as the SP / MI does not have the required permissions
uses: ./.github/actions/constellation_iam_create
with:
cloudProvider: ${{ inputs.cloudProvider }}
awsZone: eu-central-1c
awsPrefix: e2e_${{ github.run_id }}_${{ github.run_attempt }}
azureRegion: northeurope
azureResourceGroup: e2e_${{ github.run_id }}_${{ github.run_attempt }}_rg
azureServicePrincipal: e2e_${{ github.run_id }}_${{ github.run_attempt }}_sp
gcpProjectID: ${{ inputs.gcpProject }}
gcpZone: europe-west3-b
gcpServiceAccountID: e2e-${{ github.run_id }}-${{ github.run_attempt }}-sa
- name: Create cluster
id: constellation-create
uses: ./.github/actions/constellation_create
with:
cloudProvider: ${{ inputs.cloudProvider }}
gcpProject: ${{ inputs.gcpProject }}
gcpClusterServiceAccountKey: ${{ inputs.gcpClusterServiceAccountKey }}
workerNodesCount: ${{ inputs.workerNodesCount }}
controlNodesCount: ${{ inputs.controlNodesCount }}
machineType: ${{ inputs.machineType }}
osImage: ${{ inputs.osImage }}
isDebugImage: ${{ inputs.isDebugImage }}
kubernetesVersion: ${{ inputs.kubernetesVersion }}
keepMeasurements: ${{ inputs.keepMeasurements }}
azureSubscription: ${{ inputs.azureSubscription }}
azureTenant: ${{ inputs.azureTenant }}
azureClientID: ${{ inputs.azureClientID }}
azureClientSecret: ${{ inputs.azureClientSecret }}
azureUserAssignedIdentity: ${{ inputs.azureUserAssignedIdentity }}
azureResourceGroup: ${{ inputs.azureResourceGroup }}
existingConfig: ${{ steps.constellation-iam-create.outputs.existingConfig }}
#
# Test payloads
#
- name: Nop test payload
if: inputs.test == 'nop'
shell: bash
run: echo "::warning::This test has a nop payload. It doesn't run any tests."
- name: Run sonobuoy quick test
if: inputs.test == 'sonobuoy quick'
uses: ./.github/actions/e2e_sonobuoy
with:
sonobuoyTestSuiteCmd: "--mode quick"
kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
cloudProvider: ${{ inputs.cloudProvider }}
- name: Run sonobuoy full test
if: inputs.test == 'sonobuoy full'
uses: ./.github/actions/e2e_sonobuoy
with:
# TODO: Remove E2E_SKIP once AB#2174 is resolved
sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml'
kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
cloudProvider: ${{ inputs.cloudProvider }}
- name: Run autoscaling test
if: inputs.test == 'autoscaling'
uses: ./.github/actions/e2e_autoscaling
with:
kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
- name: Run lb test
if: inputs.test == 'lb'
uses: ./.github/actions/e2e_lb
with:
kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
- name: Run Performance Benchmark
if: inputs.test == 'perf-bench'
uses: ./.github/actions/e2e_benchmark
with:
cloudProvider: ${{ inputs.cloudProvider }}
kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
awsOpenSearchDomain: ${{ inputs.awsOpenSearchDomain }}
awsOpenSearchUsers: ${{ inputs.awsOpenSearchUsers }}
awsOpenSearchPwd: ${{ inputs.awsOpenSearchPwd }}
- name: Run constellation verify test
if: inputs.test == 'verify'
uses: ./.github/actions/e2e_verify
with:
cloudProvider: ${{ inputs.cloudProvider }}
osImage: ${{ inputs.osImage }}
- name: Run recover test
if: inputs.test == 'recover'
uses: ./.github/actions/e2e_recover
with:
controlNodesCount: ${{ inputs.controlNodesCount }}
kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
masterSecret: ${{ steps.constellation-create.outputs.masterSecret }}