mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-09-20 00:06:21 +00:00
f604a8dfd2
The TCP versions are extracted from the MAA token, that itself is taken from the verify command output. The configapi is adapted to directly work on the MAA claims JSON. Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
157 lines
5.9 KiB
YAML
157 lines
5.9 KiB
YAML
name: e2e test daily
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
schedule:
|
|
- cron: "0 3 * * 2-5" # At 03:00 on every day-of-week from Tuesday through Friday.
|
|
|
|
jobs:
|
|
find-latest-image:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"]
|
|
name: Find latest image
|
|
runs-on: ubuntu-22.04
|
|
permissions:
|
|
id-token: write
|
|
contents: read
|
|
outputs:
|
|
image-main-debug: ${{ steps.relabel-output.outputs.image-main-debug }}
|
|
image-release-stable: ${{ steps.relabel-output.outputs.image-release-stable }}
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
with:
|
|
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
|
|
|
- name: Select relevant image
|
|
id: select-image-action
|
|
uses: ./.github/actions/select_image
|
|
with:
|
|
osImage: ${{ matrix.refStream }}
|
|
|
|
- name: Relabel output
|
|
id: relabel-output
|
|
shell: bash
|
|
run: |
|
|
ref=$(echo ${{ matrix.refStream }} | cut -d/ -f2)
|
|
stream=$(echo ${{ matrix.refStream }} | cut -d/ -f4)
|
|
|
|
echo "image-$ref-$stream=${{ steps.select-image-action.outputs.osImage }}" | tee -a "$GITHUB_OUTPUT"
|
|
|
|
e2e-daily:
|
|
strategy:
|
|
fail-fast: false
|
|
max-parallel: 5
|
|
matrix:
|
|
kubernetesVersion: ["1.26"] # should be default
|
|
provider: ["gcp", "azure", "aws"]
|
|
refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"]
|
|
test: ["sonobuoy full"]
|
|
runs-on: ubuntu-22.04
|
|
permissions:
|
|
id-token: write
|
|
checks: write
|
|
contents: read
|
|
packages: write
|
|
needs: [find-latest-image]
|
|
steps:
|
|
- name: Check out repository
|
|
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
with:
|
|
fetch-depth: 0
|
|
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
|
|
|
- name: Run E2E test
|
|
id: e2e_test
|
|
uses: ./.github/actions/e2e_test
|
|
with:
|
|
workerNodesCount: "2"
|
|
controlNodesCount: "3"
|
|
cloudProvider: ${{ matrix.provider }}
|
|
osImage: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || needs.find-latest-image.outputs.image-main-debug }}
|
|
isDebugImage: ${{ matrix.refStream == 'ref/main/stream/debug/?' }}
|
|
cliVersion: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || '' }}
|
|
gcpProject: ${{ secrets.GCP_E2E_PROJECT }}
|
|
gcpClusterCreateServiceAccount: "constellation-e2e-cluster@constellation-331613.iam.gserviceaccount.com"
|
|
gcpIAMCreateServiceAccount: "constellation-iam-e2e@constellation-331613.iam.gserviceaccount.com"
|
|
gcpInClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }}
|
|
kubernetesVersion: ${{ matrix.kubernetesVersion }}
|
|
test: ${{ matrix.test }}
|
|
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
|
|
azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
|
|
azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
|
|
registry: ghcr.io
|
|
githubToken: ${{ secrets.GITHUB_TOKEN }}
|
|
cosignPassword: ${{ secrets.COSIGN_PASSWORD }}
|
|
cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }}
|
|
fetchMeasurements: ${{ matrix.refStream != 'ref/release/stream/stable/?' }}
|
|
|
|
- name: Always terminate cluster
|
|
if: always()
|
|
uses: ./.github/actions/constellation_destroy
|
|
with:
|
|
kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }}
|
|
|
|
- name: Always delete IAM configuration
|
|
if: always()
|
|
uses: ./.github/actions/constellation_iam_destroy
|
|
with:
|
|
cloudProvider: ${{ matrix.provider }}
|
|
azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
|
|
gcpServiceAccount: "constellation-iam-e2e@constellation-331613.iam.gserviceaccount.com"
|
|
|
|
- name: Always upload Terraform logs
|
|
if: always()
|
|
uses: ./.github/actions/upload_terraform_logs
|
|
with:
|
|
artifactNameSuffix: ${{ steps.e2e_test.outputs.namePrefix }}
|
|
|
|
- name: Notify about failure
|
|
if: |
|
|
failure() &&
|
|
github.ref == 'refs/heads/main' &&
|
|
github.event_name == 'schedule'
|
|
continue-on-error: true
|
|
uses: ./.github/actions/notify_failure
|
|
with:
|
|
projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }}
|
|
teamsWebhookUri: ${{ secrets.MS_TEAMS_WEBHOOK_URI }}
|
|
refStream: ${{ matrix.refStream }}
|
|
test: ${{ matrix.test }}
|
|
kubernetesVersion: ${{ matrix.kubernetesVersion }}
|
|
provider: ${{ matrix.provider }}
|
|
|
|
e2e-mini:
|
|
name: Run miniconstellation E2E test
|
|
runs-on: ubuntu-22.04
|
|
environment: e2e
|
|
permissions:
|
|
id-token: write
|
|
contents: read
|
|
packages: write
|
|
steps:
|
|
- name: Checkout
|
|
id: checkout
|
|
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
with:
|
|
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
|
|
|
- name: Azure login OIDC
|
|
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
|
|
with:
|
|
client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }}
|
|
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
|
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
|
|
- name: Run e2e MiniConstellation
|
|
uses: ./.github/actions/e2e_mini
|
|
with:
|
|
azureClientID: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }}
|
|
azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
azureTenantID: ${{ secrets.AZURE_TENANT_ID }}
|
|
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
|
|
registry: ghcr.io
|
|
githubToken: ${{ secrets.GITHUB_TOKEN }}
|