constellation/.github/actions/constellation_create/action.yml
2022-09-02 15:20:25 +02:00

154 lines
6.7 KiB
YAML

name: Constellation create
description: |
Create a new Constellation cluster using latest CoreOS image.
inputs:
workerNodesCount:
description: "Number of worker nodes to spawn."
required: true
controlNodesCount:
description: "Number of control-plane nodes to spawn."
required: true
autoscale:
description: "Enable / Disable autoscaling."
required: true
cloudProvider:
description: "Either 'gcp' or 'azure'."
required: true
gcpClusterServiceAccountKey:
description: "Service account to use inside the created Constellation cluster on GCP."
required: false
machineType:
description: "Machine type of VM to spawn."
required: true
coreosImage:
description: "CoreOS image to use. The default value 'debug-latest' will select the latest available debug image."
required: true
isDebugImage:
description: "Is CoreOS img a debug img?"
required: true
kubernetesVersion:
description: "Kubernetes version to create the cluster from."
required: false
azureClientSecret:
description: "The client secret value of the used secret"
required: false
azureResourceGroup:
description: "The resource group to use for Constellation cluster"
required: false
runs:
using: "composite"
steps:
- name: Install kubectl
run: |
curl -LO https://dl.k8s.io/release/v1.23.0/bin/linux/amd64/kubectl
install kubectl /usr/local/bin
shell: bash
- name: Install yq jq
run: |
echo "::group::Install dependencies"
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CC86BB64
sudo add-apt-repository ppa:rmescandon/yq
sudo apt update
sudo apt install yq jq -y
echo "::endgroup::"
shell: bash
- name: Constellation config generate
run: |
constellation config generate ${{ inputs.cloudProvider }}
yq eval -i \
"(.provider | select(. | has(\"azure\")).azure.subscription) = \"0d202bbb-4fa7-4af8-8125-58c269a05435\" |
(.provider | select(. | has(\"azure\")).azure.tenant) = \"adb650a8-5da3-4b15-b4b0-3daf65ff7626\" |
(.provider | select(. | has(\"azure\")).azure.location) = \"West US\" |
(.provider | select(. | has(\"azure\")).azure.userAssignedIdentity) = \"/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/e2e-test-creds/providers/Microsoft.ManagedIdentity/userAssignedIdentities/e2e-test-user-assigned-id\" |
(.provider | select(. | has(\"azure\")).azure.resourceGroup) = \"${{ inputs.azureResourceGroup }}\" |
(.provider | select(. | has(\"azure\")).azure.appClientID) = \"b657a00e-813a-4dc7-9b09-fa498a254d71\" |
(.provider | select(. | has(\"azure\")).azure.clientSecretValue) = \"${{ inputs.azureClientSecret }}\" |
(.provider | select(. | has(\"azure\")).azure.enforcedMeasurements) = [11,12]" \
constellation-conf.yaml
yq eval -i \
"(.provider | select(. | has(\"gcp\")).gcp.project) = \"constellation-331613\" |
(.provider | select(. | has(\"gcp\")).gcp.region) = \"europe-west3\" |
(.provider | select(. | has(\"gcp\")).gcp.zone) = \"europe-west3-b\" |
(.provider | select(. | has(\"gcp\")).gcp.enforcedMeasurements) = [11,12]" \
constellation-conf.yaml
if [ ${{ inputs.kubernetesVersion != '' }} = true ]; then
yq eval -i "(.kubernetesVersion) = ${{ inputs.kubernetesVersion }}" constellation-conf.yaml
fi
shell: bash
- name: Set image
run: |
case $CSP in
azure)
if [ "${{ inputs.coreosImage == 'debug-latest' }}" = true ]
then
IMAGE_DEFINITION=$(az sig image-definition list --resource-group constellation-images --gallery-name Constellation_Debug_CVM --query "[].name" -o tsv | sort --version-sort | tail -n 1)
AZURE_IMAGE=$(az sig image-version list --resource-group constellation-images --gallery-name Constellation_Debug_CVM --gallery-image-definition ${IMAGE_DEFINITION} --query "sort_by([], &publishingProfile.publishedDate)[].id" -o table | tail -n 1)
else
AZURE_IMAGE=${{ inputs.coreosImage }}
fi
yq eval -i "(.provider.azure.image) = \"${AZURE_IMAGE}\"" constellation-conf.yaml
;;
gcp)
if [ "${{ inputs.coreosImage == 'debug-latest' }}" = true ]
then
GCP_LATEST_FAMILY=$(gcloud compute images list --project constellation-images --filter="family ~ constellation-debug-v\d+-\d+-\d+" --format="value(family)" | sort --version-sort | tail -n 1)
GCP_IMAGE_NAME=$(gcloud compute images list --project constellation-images --filter="name ~ constellation-\d{10} AND family:${GCP_LATEST_FAMILY}" --sort-by=creationTimestamp --format="table(name)" | tail -n 1)
GCP_IMAGE="projects/constellation-images/global/images/${GCP_IMAGE_NAME}"
else
GCP_IMAGE=${{ inputs.coreosImage }}
fi
yq eval -i "(.provider.gcp.image) = \"${GCP_IMAGE}\"" constellation-conf.yaml
;;
esac
shell: bash
env:
CSP: ${{ inputs.cloudProvider }}
- name: Add debugd firewall rule
run: |
yq eval -i '(.ingressFirewall) += {"name": "debugd", "description": "debugd default port", "protocol": "tcp", "iprange": "0.0.0.0/0", "fromport": 4000, "toport": 0}' constellation-conf.yaml
shell: bash
if: ${{ inputs.isDebugImage == 'true' }}
- name: Constellation create
run: |
echo "Creating cluster using config:"
cat constellation-conf.yaml
constellation create ${{ inputs.cloudProvider }} -c ${{ inputs.controlNodesCount }} -w ${{ inputs.workerNodesCount }} -t ${{ inputs.machineType }} --name e2e-test -y
shell: bash
- name: Upload constellation-state.json
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
with:
name: constellation-state.json
path: constellation-state.json
if: ${{ always() && !env.ACT }}
- name: Cdbg deploy
run: |
echo "::group::cdbg deploy"
cdbg deploy --bootstrapper $GITHUB_WORKSPACE/build/bootstrapper
echo "::endgroup::"
shell: bash
if: ${{ inputs.isDebugImage == 'true' }}
- name: Create serviceAccountKey.json
if: ${{ inputs.cloudProvider == 'gcp' }}
shell: bash
run: |
echo "$GCP_CLUSTER_SERVICE_ACCOUNT_KEY" > serviceAccountKey.json
env:
GCP_CLUSTER_SERVICE_ACCOUNT_KEY: ${{ inputs.gcpClusterServiceAccountKey }}
- name: Constellation init
run: |
if [ ${{ inputs.autoscale }} = true ]; then autoscale=--autoscale; fi
constellation init ${autoscale}
shell: bash