e2e test daily #738
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: e2e test daily | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "0 3 * * 2-5" # At 03:00 on every day-of-week from Tuesday through Friday. | |
| jobs: | |
| find-latest-image: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"] | |
| name: Find latest image | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| id-token: write | |
| contents: read | |
| outputs: | |
| image-main-debug: ${{ steps.relabel-output.outputs.image-main-debug }} | |
| image-release-stable: ${{ steps.relabel-output.outputs.image-release-stable }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} | |
| - name: Select relevant image | |
| id: select-image-action | |
| uses: ./.github/actions/select_image | |
| with: | |
| osImage: ${{ matrix.refStream }} | |
| - name: Relabel output | |
| id: relabel-output | |
| shell: bash | |
| run: | | |
| ref=$(echo ${{ matrix.refStream }} | cut -d/ -f2) | |
| stream=$(echo ${{ matrix.refStream }} | cut -d/ -f4) | |
| echo "image-$ref-$stream=${{ steps.select-image-action.outputs.osImage }}" | tee -a "$GITHUB_OUTPUT" | |
| e2e-daily: | |
| strategy: | |
| fail-fast: false | |
| max-parallel: 5 | |
| matrix: | |
| kubernetesVersion: ["v1.31"] # This should correspond to the current default k8s minor. | |
| attestationVariant: ["gcp-sev-snp", "azure-sev-snp", "aws-sev-snp"] | |
| refStream: ["ref/release/stream/stable/?"] # ["ref/main/stream/debug/?", "ref/release/stream/stable/?"] | |
| test: ["sonobuoy quick"] | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| id-token: write | |
| checks: write | |
| contents: read | |
| packages: write | |
| actions: write | |
| needs: [find-latest-image] | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} | |
| - name: Split attestationVariant | |
| id: split-attestationVariant | |
| shell: bash | |
| run: | | |
| attestationVariant="${{ matrix.attestationVariant }}" | |
| cloudProvider="${attestationVariant%%-*}" | |
| echo "cloudProvider=${cloudProvider}" | tee -a "$GITHUB_OUTPUT" | |
| - name: Run E2E test | |
| id: e2e_test | |
| uses: ./.github/actions/e2e_test | |
| with: | |
| workerNodesCount: "2" | |
| controlNodesCount: "3" | |
| cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }} | |
| attestationVariant: ${{ matrix.attestationVariant }} | |
| osImage: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || needs.find-latest-image.outputs.image-main-debug }} | |
| isDebugImage: ${{ matrix.refStream == 'ref/main/stream/debug/?' }} | |
| cliVersion: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || '' }} | |
| refStream: ${{ matrix.refStream }} | |
| gcpProject: constellation-e2e | |
| gcpClusterCreateServiceAccount: "[email protected]" | |
| gcpIAMCreateServiceAccount: "[email protected]" | |
| kubernetesVersion: ${{ matrix.kubernetesVersion }} | |
| test: ${{ matrix.test }} | |
| azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} | |
| azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} | |
| registry: ghcr.io | |
| githubToken: ${{ secrets.GITHUB_TOKEN }} | |
| cosignPassword: ${{ secrets.COSIGN_PASSWORD }} | |
| cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
| fetchMeasurements: ${{ matrix.refStream != 'ref/release/stream/stable/?' }} | |
| awsOpenSearchDomain: ${{ secrets.AWS_OPENSEARCH_DOMAIN }} | |
| awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }} | |
| awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }} | |
| clusterCreation: "cli" | |
| encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} | |
| - name: Always terminate cluster | |
| if: always() | |
| uses: ./.github/actions/constellation_destroy | |
| with: | |
| kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }} | |
| clusterCreation: "cli" | |
| cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }} | |
| azureClusterDeleteCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} | |
| gcpClusterDeleteServiceAccount: "[email protected]" | |
| - name: Always delete IAM configuration | |
| if: always() | |
| uses: ./.github/actions/constellation_iam_destroy | |
| with: | |
| cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }} | |
| azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} | |
| gcpServiceAccount: "[email protected]" | |
| - name: Update tfstate | |
| if: always() | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| uses: ./.github/actions/update_tfstate | |
| with: | |
| name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }} | |
| runID: ${{ github.run_id }} | |
| encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} | |
| - name: Notify about failure | |
| if: | | |
| failure() && | |
| github.ref == 'refs/heads/main' && | |
| github.event_name == 'schedule' | |
| continue-on-error: true | |
| uses: ./.github/actions/notify_e2e_failure | |
| with: | |
| projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }} | |
| refStream: ${{ matrix.refStream }} | |
| test: ${{ matrix.test }} | |
| kubernetesVersion: ${{ matrix.kubernetesVersion }} | |
| provider: ${{ steps.split-attestationVariant.outputs.cloudProvider }} | |
| attestationVariant: ${{ matrix.attestationVariant }} | |
| clusterCreation: "cli" | |
| e2e-mini: | |
| name: Run miniconstellation E2E test | |
| runs-on: ubuntu-24.04 | |
| environment: e2e | |
| permissions: | |
| id-token: write | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout | |
| id: checkout | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} | |
| - name: Azure login OIDC | |
| uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0 | |
| with: | |
| client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Run e2e MiniConstellation | |
| uses: ./.github/actions/e2e_mini | |
| with: | |
| azureClientID: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} | |
| azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| azureTenantID: ${{ secrets.AZURE_TENANT_ID }} | |
| azureIAMCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} | |
| registry: ghcr.io | |
| githubToken: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Notify about failure | |
| if: | | |
| failure() && | |
| github.ref == 'refs/heads/main' && | |
| github.event_name == 'schedule' | |
| continue-on-error: true | |
| uses: ./.github/actions/notify_e2e_failure | |
| with: | |
| projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }} | |
| attestationVariant: "qemu-vtpm" | |
| test: "MiniConstellation" | |
| provider: "QEMU" |