constellation/.github/workflows/e2e-windows.yml

211 lines
6.6 KiB
YAML

name: e2e test windows
on:
workflow_dispatch:
workflow_call:
inputs:
scheduled:
description: Whether this is a scheduled run.
type: boolean
default: false
required: false
jobs:
build-cli:
name: Build Windows CLI
runs-on: ubuntu-22.04
permissions:
id-token: write
checks: write
contents: read
packages: write
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Setup bazel
uses: ./.github/actions/setup_bazel_nix
with:
useCache: "true"
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
- name: Log in to the Container registry
uses: ./.github/actions/container_registry_login
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build CLI
uses: ./.github/actions/build_cli
with:
targetOS: "windows"
targetArch: "amd64"
enterpriseCLI: true
outputPath: "build/constellation"
push: true
- name: Upload CLI artifact
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
path: build/constellation.exe
name: "constell-exe"
e2e-test:
name: E2E Test Windows
runs-on: windows-2022
needs: build-cli
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Download CLI artifact
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with:
name: "constell-exe"
- name: Check CLI version
shell: pwsh
run: |
.\constellation.exe version
Add-Content -Path $env:windir\System32\drivers\etc\hosts -Value "`n127.0.0.1`tlicense.confidential.cloud" -Force
- name: Login to Azure (IAM service principal)
uses: ./.github/actions/login_azure
with:
azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
- name: Create IAM configuration
id: iam-create
shell: pwsh
run: |
$uid = Get-Random -Minimum 1000 -Maximum 9999
$rgName = "e2e-win-${{ github.run_id }}-${{ github.run_attempt }}-$uid"
"rgName=$($rgName)" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
.\constellation.exe config generate azure -t "workflow=${{ github.run_id }}"
.\constellation.exe iam create azure --region=westus --resourceGroup=$rgName-rg --servicePrincipal=$rgName-sp --update-config --debug -y
- name: Login to Azure (Cluster service principal)
uses: ./.github/actions/login_azure
with:
azure_credentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
- name: Apply config
shell: pwsh
run: |
.\constellation.exe apply --debug -y
- name: Liveness probe
shell: pwsh
run: |
$retryIntervalSeconds = 30
$maxRetries = 50
$retryCount = 0
$allNodesReady = $false
while (-not $allNodesReady -and $retryCount -lt $maxRetries) {
${retryCount}++
Write-Host "Retry ${retryCount}: Checking node status..."
$nodesOutput = & kubectl get nodes --kubeconfig "$PWD\constellation-admin.conf"
$status = $?
$nodesOutput
if ($status) {
$lines = $nodesOutput -split "`r?`n" | Select-Object -Skip 1
if ($lines.count -eq 4) {
$allNodesReady = $true
foreach ($line in $lines) {
$columns = $line -split '\s+' | Where-Object { $_ -ne '' }
$nodeName = $columns[0]
$status = $columns[1]
if ($status -ne "Ready") {
Write-Host "Node $nodeName is not ready!"
$allNodesReady = $false
}
}
}
}
if (-not $allNodesReady -and $retryCount -lt $maxRetries) {
Write-Host "Retrying in $retryIntervalSeconds seconds..."
Start-Sleep -Seconds $retryIntervalSeconds
}
}
if ($allNodesReady) {
Write-Host "All nodes are ready!"
}
else {
Write-Host "Node status check failed after $maxRetries retries."
EXIT 1
}
- name: Terminate cluster
id: terminate-cluster
if: always()
shell: pwsh
run: |
.\constellation.exe terminate --debug -y
- name: Login to Azure (IAM service principal)
if: always()
uses: ./.github/actions/login_azure
with:
azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
- name: Delete IAM configuration
id: delete-iam
if: always()
shell: pwsh
run: |
.\constellation.exe iam destroy --debug -y
- name: Clean up after failure
# run on a cleanup failure or if cancelled
if: (failure() && (steps.terminate-cluster.conclusion == 'failure' || steps.delete-iam.conclusion == 'failure')) || cancelled()
shell: pwsh
run: |
az group delete --name ${{ steps.iam-create.outputs.rgName }}-rg --yes
az group delete --name ${{ steps.iam-create.outputs.rgName }}-rg-identity --yes
notify-failure:
name: Notify about failure
runs-on: ubuntu-22.04
needs: e2e-test
if: |
failure() &&
github.ref == 'refs/heads/main' &&
inputs.scheduled
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Setup bazel
uses: ./.github/actions/setup_bazel_nix
with:
useCache: "true"
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
- name: Notify about failure
continue-on-error: true
uses: ./.github/actions/notify_e2e_failure
with:
projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }}
test: Windows E2E Test
provider: Azure
attestationVariant: "azure-sev-snp"