mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
a295ecaffb
* deps: update Terraform azurerm to v4 * Set Azure subscription ID when applying Terraform files * Upgrade azurerm to v4.1.0 * Mark subscriptionID flag as not required * deps: tidy all modules --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
204 lines
6.4 KiB
YAML
204 lines
6.4 KiB
YAML
name: e2e test windows
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
workflow_call:
|
|
inputs:
|
|
scheduled:
|
|
description: Whether this is a scheduled run.
|
|
type: boolean
|
|
default: false
|
|
required: false
|
|
|
|
jobs:
|
|
build-cli:
|
|
name: Build Windows CLI
|
|
runs-on: ubuntu-22.04
|
|
permissions:
|
|
id-token: write
|
|
checks: write
|
|
contents: read
|
|
packages: write
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
|
with:
|
|
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
|
|
|
- name: Setup bazel
|
|
uses: ./.github/actions/setup_bazel_nix
|
|
|
|
- name: Log in to the Container registry
|
|
uses: ./.github/actions/container_registry_login
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Build CLI
|
|
uses: ./.github/actions/build_cli
|
|
with:
|
|
targetOS: "windows"
|
|
targetArch: "amd64"
|
|
enterpriseCLI: true
|
|
outputPath: "build/constellation"
|
|
push: true
|
|
|
|
- name: Upload CLI artifact
|
|
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
|
|
with:
|
|
path: build/constellation.exe
|
|
name: "constell-exe"
|
|
|
|
e2e-test:
|
|
name: E2E Test Windows
|
|
runs-on: windows-2022
|
|
needs: build-cli
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
|
with:
|
|
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
|
|
|
- name: Download CLI artifact
|
|
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
|
|
with:
|
|
name: "constell-exe"
|
|
|
|
- name: Check CLI version
|
|
shell: pwsh
|
|
run: |
|
|
.\constellation.exe version
|
|
Add-Content -Path $env:windir\System32\drivers\etc\hosts -Value "`n127.0.0.1`tlicense.confidential.cloud" -Force
|
|
|
|
- name: Login to Azure (IAM service principal)
|
|
uses: ./.github/actions/login_azure
|
|
with:
|
|
azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
|
|
|
|
- name: Create IAM configuration
|
|
id: iam-create
|
|
shell: pwsh
|
|
run: |
|
|
$uid = Get-Random -Minimum 1000 -Maximum 9999
|
|
$rgName = "e2e-win-${{ github.run_id }}-${{ github.run_attempt }}-$uid"
|
|
"rgName=$($rgName)" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
|
|
.\constellation.exe config generate azure -t "workflow=${{ github.run_id }}"
|
|
.\constellation.exe iam create azure --subscriptionID=${{ secrets.AZURE_SUBSCRIPTION_ID }} --region=westus --resourceGroup=$rgName-rg --servicePrincipal=$rgName-sp --update-config --debug -y
|
|
|
|
- name: Login to Azure (Cluster service principal)
|
|
uses: ./.github/actions/login_azure
|
|
with:
|
|
azure_credentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
|
|
|
|
- name: Apply config
|
|
shell: pwsh
|
|
run: |
|
|
.\constellation.exe apply --debug -y
|
|
|
|
- name: Liveness probe
|
|
shell: pwsh
|
|
run: |
|
|
$retryIntervalSeconds = 30
|
|
$maxRetries = 50
|
|
|
|
$retryCount = 0
|
|
$allNodesReady = $false
|
|
|
|
while (-not $allNodesReady -and $retryCount -lt $maxRetries) {
|
|
${retryCount}++
|
|
Write-Host "Retry ${retryCount}: Checking node status..."
|
|
|
|
$nodesOutput = & kubectl get nodes --kubeconfig "$PWD\constellation-admin.conf"
|
|
$status = $?
|
|
|
|
$nodesOutput
|
|
|
|
if ($status) {
|
|
$lines = $nodesOutput -split "`r?`n" | Select-Object -Skip 1
|
|
|
|
if ($lines.count -eq 4) {
|
|
$allNodesReady = $true
|
|
|
|
foreach ($line in $lines) {
|
|
$columns = $line -split '\s+' | Where-Object { $_ -ne '' }
|
|
|
|
$nodeName = $columns[0]
|
|
$status = $columns[1]
|
|
|
|
if ($status -ne "Ready") {
|
|
Write-Host "Node $nodeName is not ready!"
|
|
$allNodesReady = $false
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if (-not $allNodesReady -and $retryCount -lt $maxRetries) {
|
|
Write-Host "Retrying in $retryIntervalSeconds seconds..."
|
|
Start-Sleep -Seconds $retryIntervalSeconds
|
|
}
|
|
}
|
|
|
|
if ($allNodesReady) {
|
|
Write-Host "All nodes are ready!"
|
|
}
|
|
else {
|
|
Write-Host "Node status check failed after $maxRetries retries."
|
|
EXIT 1
|
|
}
|
|
|
|
- name: Terminate cluster
|
|
id: terminate-cluster
|
|
if: always()
|
|
shell: pwsh
|
|
run: |
|
|
.\constellation.exe terminate --debug -y
|
|
|
|
- name: Login to Azure (IAM service principal)
|
|
if: always()
|
|
uses: ./.github/actions/login_azure
|
|
with:
|
|
azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
|
|
|
|
- name: Delete IAM configuration
|
|
id: delete-iam
|
|
if: always()
|
|
shell: pwsh
|
|
run: |
|
|
.\constellation.exe iam destroy --debug -y
|
|
|
|
- name: Clean up after failure
|
|
# run on a cleanup failure or if cancelled
|
|
if: (failure() && (steps.terminate-cluster.conclusion == 'failure' || steps.delete-iam.conclusion == 'failure')) || cancelled()
|
|
shell: pwsh
|
|
run: |
|
|
az group delete --name ${{ steps.iam-create.outputs.rgName }}-rg --yes
|
|
az group delete --name ${{ steps.iam-create.outputs.rgName }}-rg-identity --yes
|
|
|
|
notify-failure:
|
|
name: Notify about failure
|
|
runs-on: ubuntu-22.04
|
|
needs: e2e-test
|
|
if: |
|
|
failure() &&
|
|
github.ref == 'refs/heads/main' &&
|
|
inputs.scheduled
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
|
with:
|
|
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
|
|
|
- name: Setup bazel
|
|
uses: ./.github/actions/setup_bazel_nix
|
|
|
|
- name: Notify about failure
|
|
continue-on-error: true
|
|
uses: ./.github/actions/notify_e2e_failure
|
|
with:
|
|
projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }}
|
|
test: Windows E2E Test
|
|
provider: Azure
|
|
attestationVariant: "azure-sev-snp"
|