constellation/.github/actions/e2e_malicious_join/action.yml
Malte Poll 93fcb51e67 ci: explicitly set bazel test timeout to four hours for e2e tests
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2024-05-14 13:34:50 +02:00

53 lines
1.9 KiB
YAML

name: Malicious join
description: "Verify that a malicious node cannot join a Constellation cluster."
inputs:
cloudProvider:
description: "The cloud provider the test runs on."
required: true
attestationVariant:
description: "The attestation variant used in the cluster."
required: true
kubeconfig:
description: "The kubeconfig file for the cluster."
required: true
githubToken:
description: "GitHub authorization token"
required: true
runs:
using: "composite"
steps:
- name: Log in to the Container registry
id: docker-login
uses: ./.github/actions/container_registry_login
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ inputs.githubToken }}
- name: Run malicious join
shell: bash
env:
KUBECONFIG: ${{ inputs.kubeconfig }}
working-directory: e2e/malicious-join
run: |
bazel run --test_timeout=14400 //e2e/malicious-join:stamp_and_push
yq eval -i "(.spec.template.spec.containers[0].command) = \
[ \"/malicious-join_bin\", \
\"--js-endpoint=join-service.kube-system:9090\", \
\"--csp=${{ inputs.cloudProvider }}\", \
\"--variant=${{ inputs.attestationVariant }}\" ]" stamped_job.yaml
kubectl create ns malicious-join
kubectl apply -n malicious-join -f stamped_job.yaml
kubectl wait -n malicious-join --for=condition=complete --timeout=10m job/malicious-join
kubectl logs -n malicious-join job/malicious-join | tail -n 1 | jq '.'
ALL_TESTS_PASSED=$(kubectl logs -n malicious-join job/malicious-join | tail -n 1 | jq -r '.result.allPassed')
if [[ "$ALL_TESTS_PASSED" != "true" ]]; then
kubectl logs -n malicious-join job/malicious-join
kubectl logs -n kube-system svc/join-service
exit 1
fi
kubectl delete ns malicious-join