e2e test weekly #149
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: e2e test weekly | ||
on: | ||
workflow_dispatch: | ||
schedule: | ||
- cron: "0 3 * * 6" # At 03:00 on Saturday. | ||
jobs: | ||
find-latest-image: | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
refStream: ["ref/main/stream/nightly/?","ref/main/stream/debug/?", "ref/release/stream/stable/?"] | ||
name: Find latest image | ||
runs-on: ubuntu-22.04 | ||
permissions: | ||
id-token: write | ||
contents: read | ||
outputs: | ||
image-main-debug: ${{ steps.relabel-output.outputs.image-main-debug }} | ||
image-release-stable: ${{ steps.relabel-output.outputs.image-release-stable }} | ||
image-main-nightly: ${{ steps.relabel-output.outputs.image-main-nightly }} | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
with: | ||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} | ||
- name: Select relevant image | ||
id: select-image-action | ||
uses: ./.github/actions/select_image | ||
with: | ||
osImage: ${{ matrix.refStream }} | ||
- name: Relabel output | ||
id: relabel-output | ||
shell: bash | ||
run: | | ||
ref=$(echo ${{ matrix.refStream }} | cut -d/ -f2) | ||
stream=$(echo ${{ matrix.refStream }} | cut -d/ -f4) | ||
echo "image-$ref-$stream=${{ steps.select-image-action.outputs.osImage }}" | tee -a "$GITHUB_OUTPUT" | ||
e2e-weekly: | ||
strategy: | ||
fail-fast: false | ||
max-parallel: 4 | ||
matrix: | ||
include: | ||
# | ||
# Tests on main-debug refStream | ||
# | ||
# Sonobuoy full test on latest k8s version | ||
- test: "sonobuoy full" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "gcp-sev-es" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
- test: "sonobuoy full" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "azure-sev-snp" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
- test: "sonobuoy full" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "azure-tdx" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
- test: "sonobuoy full" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "aws-sev-snp" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
# Sonobuoy quick test on all but the latest k8s versions | ||
- test: "sonobuoy quick" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "gcp-sev-es" | ||
kubernetes-version: "v1.28" | ||
clusterCreation: "cli" | ||
- test: "sonobuoy quick" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "azure-sev-snp" | ||
kubernetes-version: "v1.28" | ||
clusterCreation: "cli" | ||
- test: "sonobuoy quick" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "azure-tdx" | ||
kubernetes-version: "v1.28" | ||
clusterCreation: "cli" | ||
- test: "sonobuoy quick" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "aws-sev-snp" | ||
kubernetes-version: "v1.28" | ||
clusterCreation: "cli" | ||
- test: "sonobuoy quick" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "gcp-sev-es" | ||
kubernetes-version: "v1.27" | ||
clusterCreation: "cli" | ||
- test: "sonobuoy quick" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "azure-sev-snp" | ||
kubernetes-version: "v1.27" | ||
clusterCreation: "cli" | ||
- test: "sonobuoy quick" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "azure-tdx" | ||
kubernetes-version: "v1.27" | ||
clusterCreation: "cli" | ||
- test: "sonobuoy quick" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "aws-sev-snp" | ||
kubernetes-version: "v1.27" | ||
clusterCreation: "cli" | ||
# verify test on latest k8s version | ||
- test: "verify" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "gcp-sev-es" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
- test: "verify" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "azure-sev-snp" | ||
kubernetes-version: "v1.29" | ||
azureSNPEnforcementPolicy: "equal" # This run checks for unknown ID Key disgests. | ||
clusterCreation: "cli" | ||
- test: "verify" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "azure-tdx" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
- test: "verify" | ||
attestationVariant: "aws-sev-snp" | ||
refStream: "ref/main/stream/debug/?" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
# recover test on latest k8s version | ||
- test: "recover" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "gcp-sev-es" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
- test: "recover" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "azure-sev-snp" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
- test: "recover" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "azure-tdx" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
- test: "recover" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "aws-sev-snp" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
# lb test on latest k8s version | ||
- test: "lb" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "gcp-sev-es" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
- test: "lb" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "azure-sev-snp" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
- test: "lb" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "azure-tdx" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
- test: "lb" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "aws-sev-snp" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
# autoscaling test on latest k8s version | ||
- test: "autoscaling" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "gcp-sev-es" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
- test: "autoscaling" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "azure-sev-snp" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
- test: "autoscaling" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "azure-tdx" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
- test: "autoscaling" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "aws-sev-snp" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
# perf-bench test on latest k8s version, not supported on AWS | ||
- test: "perf-bench" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "gcp-sev-es" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
- test: "perf-bench" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "azure-sev-snp" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
# TODO: check what needs to be done for perf-bench on Azure TDX | ||
#- test: "perf-bench" | ||
# refStream: "ref/main/stream/debug/?" | ||
# attestationVariant: "azure-tdx" | ||
# kubernetes-version: "v1.29" | ||
# clusterCreation: "cli" | ||
# s3proxy test on latest k8s version | ||
- test: "s3proxy" | ||
refStream: "ref/main/stream/debug/?" | ||
attestationVariant: "gcp-sev-es" | ||
kubernetes-version: "v1.29" | ||
clusterCreation: "cli" | ||
# | ||
# Tests on release-stable refStream | ||
# | ||
# verify test on default k8s version | ||
- test: "verify" | ||
refStream: "ref/release/stream/stable/?" | ||
attestationVariant: "gcp-sev-es" | ||
kubernetes-version: "v1.28" | ||
clusterCreation: "cli" | ||
- test: "verify" | ||
refStream: "ref/release/stream/stable/?" | ||
attestationVariant: "azure-sev-snp" | ||
kubernetes-version: "v1.28" | ||
clusterCreation: "cli" | ||
- test: "verify" | ||
refStream: "ref/release/stream/stable/?" | ||
attestationVariant: "azure-tdx" | ||
kubernetes-version: "v1.28" | ||
clusterCreation: "cli" | ||
- test: "verify" | ||
refStream: "ref/release/stream/stable/?" | ||
attestationVariant: "aws-sev-snp" | ||
kubernetes-version: "v1.28" | ||
clusterCreation: "cli" | ||
runs-on: ubuntu-22.04 | ||
permissions: | ||
id-token: write | ||
checks: write | ||
contents: read | ||
packages: write | ||
actions: write | ||
needs: [find-latest-image] | ||
steps: | ||
- name: Check out repository | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
with: | ||
fetch-depth: 0 | ||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} | ||
- name: Split attestationVariant | ||
id: split-attestationVariant | ||
shell: bash | ||
run: | | ||
attestationVariant="${{ matrix.attestationVariant }}" | ||
cloudProvider="${attestationVariant%%-*}" | ||
echo "cloudProvider=${cloudProvider}" | tee -a "$GITHUB_OUTPUT" | ||
- name: Run E2E test | ||
id: e2e_test | ||
uses: ./.github/actions/e2e_test | ||
with: | ||
workerNodesCount: "2" | ||
controlNodesCount: "3" | ||
cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }} | ||
attestationVariant: ${{ matrix.attestationVariant }} | ||
osImage: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || needs.find-latest-image.outputs.image-main-debug }} | ||
isDebugImage: ${{ matrix.refStream == 'ref/main/stream/debug/?' }} | ||
cliVersion: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || '' }} | ||
kubernetesVersion: ${{ matrix.kubernetes-version }} | ||
refStream: ${{ matrix.refStream }} | ||
awsOpenSearchDomain: ${{ secrets.AWS_OPENSEARCH_DOMAIN }} | ||
awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }} | ||
awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }} | ||
gcpProject: constellation-e2e | ||
gcpClusterCreateServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com" | ||
gcpIAMCreateServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com" | ||
test: ${{ matrix.test }} | ||
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }} | ||
azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} | ||
azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} | ||
registry: ghcr.io | ||
githubToken: ${{ secrets.GITHUB_TOKEN }} | ||
cosignPassword: ${{ secrets.COSIGN_PASSWORD }} | ||
cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }} | ||
fetchMeasurements: ${{ matrix.refStream != 'ref/release/stream/stable/?' }} | ||
azureSNPEnforcementPolicy: ${{ matrix.azureSNPEnforcementPolicy }} | ||
clusterCreation: ${{ matrix.clusterCreation }} | ||
s3AccessKey: ${{ secrets.AWS_ACCESS_KEY_ID_S3PROXY }} | ||
s3SecretKey: ${{ secrets.AWS_SECRET_ACCESS_KEY_S3PROXY }} | ||
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} | ||
- name: Always terminate cluster | ||
if: always() | ||
uses: ./.github/actions/constellation_destroy | ||
with: | ||
kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }} | ||
clusterCreation: ${{ matrix.clusterCreation }} | ||
cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }} | ||
azureClusterDeleteCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} | ||
gcpClusterDeleteServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com" | ||
- name: Always delete IAM configuration | ||
if: always() | ||
uses: ./.github/actions/constellation_iam_destroy | ||
with: | ||
cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }} | ||
azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} | ||
gcpServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com" | ||
- name: Check if tfstate should be deleted | ||
if: always() | ||
shell: bash | ||
run: | | ||
if [ ! -d constellation-terraform ] && [ ! -d constellation-iam-terraform ]; then | ||
echo "DELETE_TF_STATE=true" >> "$GITHUB_ENV" | ||
else | ||
echo "DELETE_TF_STATE=false" >> "$GITHUB_ENV" | ||
fi | ||
- name: Delete tfstate artifact if necessary | ||
if: always() && env.DELETE_TF_STATE == 'true' | ||
env: | ||
GH_TOKEN: ${{ github.token }} | ||
uses: ./.github/actions/artifact_delete | ||
with: | ||
name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }} | ||
workflowID: ${{ github.run_id }} | ||
- name: Prepare terraform state folders | ||
if: always() | ||
shell: bash | ||
run: | | ||
rm -rf to-zip/* | ||
to_upload="" | ||
if [ -d constellation-terraform ]; then | ||
cp -r constellation-terraform to-zip | ||
rm to-zip/constellation-terraform/plan.zip | ||
rm -rf to-zip/constellation-terraform/.terraform | ||
to_upload+="to-zip/constellation-terraform" | ||
fi | ||
if [ -d constellation-iam-terraform ]; then | ||
cp -r constellation-iam-terraform to-zip | ||
rm -rf to-zip/constellation-iam-terraform/.terraform | ||
to_upload+=" to-zip/constellation-iam-terraform" | ||
fi | ||
echo "TO_UPLOAD=$to_upload" >> "$GITHUB_ENV" | ||
- name: Update tfstate | ||
if: always() | ||
uses: ./.github/actions/artifact_upload | ||
with: | ||
name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }} | ||
path: > | ||
${{ env.TO_UPLOAD }} | ||
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} | ||
overwrite: true | ||
- name: Notify about failure | ||
if: | | ||
failure() && | ||
github.ref == 'refs/heads/main' && | ||
github.event_name == 'schedule' | ||
continue-on-error: true | ||
uses: ./.github/actions/notify_e2e_failure | ||
with: | ||
projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }} | ||
refStream: ${{ matrix.refStream }} | ||
test: ${{ matrix.test }} | ||
kubernetesVersion: ${{ matrix.kubernetes-version }} | ||
provider: ${{ steps.split-attestationVariant.outputs.cloudProvider }} | ||
attestationVariant: ${{ matrix.attestationVariant }} | ||
clusterCreation: ${{ matrix.clusterCreation }} | ||
e2e-upgrade: | ||
strategy: | ||
fail-fast: false | ||
max-parallel: 1 | ||
matrix: | ||
fromVersion: ["v2.16.2"] | ||
attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] | ||
name: Run upgrade tests | ||
secrets: inherit | ||
permissions: | ||
id-token: write | ||
checks: write | ||
contents: read | ||
packages: write | ||
actions: write | ||
uses: ./.github/workflows/e2e-upgrade.yml | ||
with: | ||
fromVersion: ${{ matrix.fromVersion }} | ||
attestationVariant: ${{ matrix.attestationVariant }} | ||
nodeCount: '3:2' | ||
scheduled: ${{ github.event_name == 'schedule' }} | ||
e2e-mini: | ||
name: Run miniconstellation E2E test | ||
runs-on: ubuntu-22.04 | ||
environment: e2e | ||
permissions: | ||
id-token: write | ||
contents: read | ||
packages: write | ||
steps: | ||
- name: Checkout | ||
id: checkout | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
with: | ||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} | ||
- name: Azure login OIDC | ||
uses: azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1 | ||
with: | ||
client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} | ||
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | ||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
- name: Run e2e MiniConstellation | ||
uses: ./.github/actions/e2e_mini | ||
with: | ||
azureClientID: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} | ||
azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
azureTenantID: ${{ secrets.AZURE_TENANT_ID }} | ||
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }} | ||
registry: ghcr.io | ||
githubToken: ${{ secrets.GITHUB_TOKEN }} | ||
- name: Notify about failure | ||
if: | | ||
failure() && | ||
github.ref == 'refs/heads/main' && | ||
github.event_name == 'schedule' | ||
continue-on-error: true | ||
uses: ./.github/actions/notify_e2e_failure | ||
with: | ||
projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }} | ||
test: "MiniConstellation" | ||
provider: "QEMU" | ||
attestationVariant: "qemu-vtpm" | ||
e2e-windows: | ||
Check failure on line 467 in .github/workflows/e2e-test-weekly.yml GitHub Actions / e2e test weeklyInvalid workflow file
|
||
name: Run Windows E2E test | ||
permissions: | ||
id-token: write | ||
contents: read | ||
packages: write | ||
secrets: inherit | ||
uses: ./.github/workflows/e2e-windows.yml | ||
with: | ||
scheduled: ${{ github.event_name == 'schedule' }} | ||
e2e-terraform-provider-example: | ||
name: Run Terraform provider example E2E test | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] | ||
permissions: | ||
id-token: write | ||
contents: read | ||
packages: write | ||
secrets: inherit | ||
uses: ./.github/workflows/e2e-test-provider-example.yml | ||
with: | ||
attestationVariant: ${{ matrix.attestationVariant }} |