Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-02-17 13:24:21 -05:00
Code Issues Packages Projects Releases Wiki Activity
constellation/.github/workflows/e2e-test-weekly.yml
Paul Meyer f604a8dfd2 e2e: upload TCB versions in verify test 
The TCP versions are extracted from the MAA token, that itself is taken
from the verify command output. The configapi is adapted to directly
work on the MAA claims JSON.

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-16 11:41:02 +02:00

303 lines
11 KiB
YAML
Raw Blame History

name: e2e test weekly
on:
workflow_dispatch:
schedule:
- cron: "0 3 * * 6" # At 03:00 on Saturday.
jobs:
find-latest-image:
strategy:
fail-fast: false
matrix:
refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"]
name: Find latest image
runs-on: ubuntu-22.04
permissions:
id-token: write
contents: read
outputs:
image-main-debug: ${{ steps.relabel-output.outputs.image-main-debug }}
image-release-stable: ${{ steps.relabel-output.outputs.image-release-stable }}
steps:
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Select relevant image
id: select-image-action
uses: ./.github/actions/select_image
with:
osImage: ${{ matrix.refStream }}
- name: Relabel output
id: relabel-output
shell: bash
run: |
ref=$(echo ${{ matrix.refStream }} | cut -d/ -f2)
stream=$(echo ${{ matrix.refStream }} | cut -d/ -f4)
echo "image-$ref-$stream=${{ steps.select-image-action.outputs.osImage }}" | tee -a "$GITHUB_OUTPUT"
e2e-weekly:
strategy:
fail-fast: false
max-parallel: 4
matrix:
include:
#
# Tests on main-debug refStream
#
# sonobuoy full test on all k8s versions
- test: "sonobuoy full"
refStream: "ref/main/stream/debug/?"
provider: "gcp"
kubernetes-version: "v1.27"
- test: "sonobuoy full"
refStream: "ref/main/stream/debug/?"
provider: "azure"
kubernetes-version: "v1.27"
- test: "sonobuoy full"
refStream: "ref/main/stream/debug/?"
provider: "aws"
kubernetes-version: "v1.27"
- test: "sonobuoy full"
refStream: "ref/main/stream/debug/?"
provider: "gcp"
kubernetes-version: "v1.26"
- test: "sonobuoy full"
refStream: "ref/main/stream/debug/?"
provider: "azure"
kubernetes-version: "v1.26"
- test: "sonobuoy full"
refStream: "ref/main/stream/debug/?"
provider: "aws"
kubernetes-version: "v1.26"
- test: "sonobuoy full"
refStream: "ref/main/stream/debug/?"
provider: "gcp"
kubernetes-version: "v1.25"
- test: "sonobuoy full"
refStream: "ref/main/stream/debug/?"
provider: "azure"
kubernetes-version: "v1.25"
- test: "sonobuoy full"
refStream: "ref/main/stream/debug/?"
provider: "aws"
kubernetes-version: "v1.25"
# verify test on latest k8s version
- test: "verify"
refStream: "ref/main/stream/debug/?"
provider: "gcp"
kubernetes-version: "v1.27"
- test: "verify"
refStream: "ref/main/stream/debug/?"
provider: "azure"
kubernetes-version: "v1.27"
azureSNPEnforcementPolicy: "equal" # This run checks for unknown ID Key disgests.
- test: "verify"
provider: "aws"
refStream: "ref/main/stream/debug/?"
kubernetes-version: "v1.27"
# recover test on latest k8s version
- test: "recover"
refStream: "ref/main/stream/debug/?"
provider: "gcp"
kubernetes-version: "v1.27"
- test: "recover"
refStream: "ref/main/stream/debug/?"
provider: "azure"
kubernetes-version: "v1.27"
- test: "recover"
refStream: "ref/main/stream/debug/?"
provider: "aws"
kubernetes-version: "v1.27"
# lb test on latest k8s version
- test: "lb"
refStream: "ref/main/stream/debug/?"
provider: "gcp"
kubernetes-version: "v1.27"
- test: "lb"
refStream: "ref/main/stream/debug/?"
provider: "azure"
kubernetes-version: "v1.27"
- test: "lb"
refStream: "ref/main/stream/debug/?"
provider: "aws"
kubernetes-version: "v1.27"
# autoscaling test on latest k8s version, not supported on AWS
- test: "autoscaling"
refStream: "ref/main/stream/debug/?"
provider: "gcp"
kubernetes-version: "v1.27"
- test: "autoscaling"
refStream: "ref/main/stream/debug/?"
provider: "azure"
kubernetes-version: "v1.27"
# perf-bench test on latest k8s version, not supported on AWS
- test: "perf-bench"
refStream: "ref/main/stream/debug/?"
provider: "gcp"
kubernetes-version: "v1.27"
- test: "perf-bench"
refStream: "ref/main/stream/debug/?"
provider: "azure"
kubernetes-version: "v1.27"
#
# Tests on release-stable refStream
#
# verify test on default k8s version
- test: "verify"
refStream: "ref/release/stream/stable/?"
provider: "gcp"
kubernetes-version: "v1.26"
- test: "verify"
refStream: "ref/release/stream/stable/?"
provider: "azure"
kubernetes-version: "v1.26"
- test: "verify"
refStream: "ref/release/stream/stable/?"
provider: "aws"
kubernetes-version: "v1.26"
runs-on: ubuntu-22.04
permissions:
id-token: write
checks: write
contents: read
packages: write
needs: [find-latest-image]
steps:
- name: Check out repository
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
fetch-depth: 0
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Run E2E test
id: e2e_test
uses: ./.github/actions/e2e_test
with:
workerNodesCount: "2"
controlNodesCount: "3"
cloudProvider: ${{ matrix.provider }}
osImage: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || needs.find-latest-image.outputs.image-main-debug }}
isDebugImage: ${{ matrix.refStream == 'ref/main/stream/debug/?' }}
cliVersion: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || '' }}
kubernetesVersion: ${{ matrix.kubernetes-version }}
awsOpenSearchDomain: ${{ secrets.AWS_OPENSEARCH_DOMAIN }}
awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }}
awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }}
gcpProject: ${{ secrets.GCP_E2E_PROJECT }}
gcpClusterCreateServiceAccount: "constellation-e2e-cluster@constellation-331613.iam.gserviceaccount.com"
gcpIAMCreateServiceAccount: "constellation-iam-e2e@constellation-331613.iam.gserviceaccount.com"
gcpInClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }}
test: ${{ matrix.test }}
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
registry: ghcr.io
githubToken: ${{ secrets.GITHUB_TOKEN }}
cosignPassword: ${{ secrets.COSIGN_PASSWORD }}
cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }}
fetchMeasurements: ${{ matrix.refStream != 'ref/release/stream/stable/?' }}
azureSNPEnforcementPolicy: ${{ matrix.azureSNPEnforcementPolicy }}
- name: Always terminate cluster
if: always()
uses: ./.github/actions/constellation_destroy
with:
kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }}
- name: Always delete IAM configuration
if: always()
uses: ./.github/actions/constellation_iam_destroy
with:
cloudProvider: ${{ matrix.provider }}
azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
gcpServiceAccount: "constellation-iam-e2e@constellation-331613.iam.gserviceaccount.com"
- name: Notify about failure
if: |
failure() &&
github.ref == 'refs/heads/main' &&
github.event_name == 'schedule'
continue-on-error: true
uses: ./.github/actions/notify_failure
with:
projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }}
teamsWebhookUri: ${{ secrets.MS_TEAMS_WEBHOOK_URI }}
refStream: ${{ matrix.refStream }}
test: ${{ matrix.test }}
kubernetesVersion: ${{ matrix.kubernetes-version }}
provider: ${{ matrix.provider }}
- name: Always upload Terraform logs
if: always()
uses: ./.github/actions/upload_terraform_logs
with:
artifactNameSuffix: ${{ steps.e2e_test.outputs.namePrefix }}
e2e-upgrade:
strategy:
fail-fast: false
max-parallel: 1
matrix:
fromVersion: ["v2.10.0"]
cloudProvider: ["gcp", "azure", "aws"]
name: Run upgrade tests
secrets: inherit
permissions:
id-token: write
checks: write
contents: read
packages: write
uses: ./.github/workflows/e2e-upgrade.yml
with:
fromVersion: ${{ matrix.fromVersion }}
cloudProvider: ${{ matrix.cloudProvider }}
nodeCount: '3:2'
scheduled: ${{ github.event_name == 'schedule' }}
e2e-mini:
name: Run miniconstellation E2E test
runs-on: ubuntu-22.04
environment: e2e
permissions:
id-token: write
contents: read
packages: write
steps:
- name: Checkout
id: checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Azure login OIDC
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with:
client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Run e2e MiniConstellation
uses: ./.github/actions/e2e_mini
with:
azureClientID: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }}
azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
azureTenantID: ${{ secrets.AZURE_TENANT_ID }}
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
registry: ghcr.io
githubToken: ${{ secrets.GITHUB_TOKEN }}
Reference in New Issue View Git Blame Copy Permalink