e2e test weekly #150

Workflow file for this run

.github/workflows/e2e-test-weekly.yml at db724ba

	name: e2e test weekly

	on:
	workflow_dispatch:
	schedule:
	- cron: "0 3 * * 6" # At 03:00 on Saturday.

	jobs:
	find-latest-image:
	strategy:
	fail-fast: false
	matrix:
	refStream: ["ref/main/stream/nightly/?","ref/main/stream/debug/?", "ref/release/stream/stable/?"]
	name: Find latest image
	runs-on: ubuntu-22.04
	permissions:
	id-token: write
	contents: read
	outputs:
	image-main-debug: ${{ steps.relabel-output.outputs.image-main-debug }}
	image-release-stable: ${{ steps.relabel-output.outputs.image-release-stable }}
	image-main-nightly: ${{ steps.relabel-output.outputs.image-main-nightly }}
	steps:
	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	with:
	ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref \|\| '' }}

	- name: Select relevant image
	id: select-image-action
	uses: ./.github/actions/select_image
	with:
	osImage: ${{ matrix.refStream }}

	- name: Relabel output
	id: relabel-output
	shell: bash
	run: \|
	ref=$(echo ${{ matrix.refStream }} \| cut -d/ -f2)
	stream=$(echo ${{ matrix.refStream }} \| cut -d/ -f4)

	echo "image-$ref-$stream=${{ steps.select-image-action.outputs.osImage }}" \| tee -a "$GITHUB_OUTPUT"

	e2e-weekly:
	strategy:
	fail-fast: false
	max-parallel: 4
	matrix:
	include:
	#
	# Tests on main-debug refStream
	#

	# Sonobuoy full test on latest k8s version
	- test: "sonobuoy full"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "gcp-sev-es"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"
	- test: "sonobuoy full"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "azure-sev-snp"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"
	- test: "sonobuoy full"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "azure-tdx"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"
	- test: "sonobuoy full"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "aws-sev-snp"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"

	# Sonobuoy quick test on all but the latest k8s versions
	- test: "sonobuoy quick"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "gcp-sev-es"
	kubernetes-version: "v1.28"
	clusterCreation: "cli"
	- test: "sonobuoy quick"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "azure-sev-snp"
	kubernetes-version: "v1.28"
	clusterCreation: "cli"
	- test: "sonobuoy quick"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "azure-tdx"
	kubernetes-version: "v1.28"
	clusterCreation: "cli"
	- test: "sonobuoy quick"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "aws-sev-snp"
	kubernetes-version: "v1.28"
	clusterCreation: "cli"

	- test: "sonobuoy quick"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "gcp-sev-es"
	kubernetes-version: "v1.27"
	clusterCreation: "cli"
	- test: "sonobuoy quick"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "azure-sev-snp"
	kubernetes-version: "v1.27"
	clusterCreation: "cli"
	- test: "sonobuoy quick"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "azure-tdx"
	kubernetes-version: "v1.27"
	clusterCreation: "cli"
	- test: "sonobuoy quick"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "aws-sev-snp"
	kubernetes-version: "v1.27"
	clusterCreation: "cli"


	# verify test on latest k8s version
	- test: "verify"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "gcp-sev-es"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"
	- test: "verify"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "azure-sev-snp"
	kubernetes-version: "v1.29"
	azureSNPEnforcementPolicy: "equal" # This run checks for unknown ID Key disgests.
	clusterCreation: "cli"
	- test: "verify"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "azure-tdx"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"
	- test: "verify"
	attestationVariant: "aws-sev-snp"
	refStream: "ref/main/stream/debug/?"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"

	# recover test on latest k8s version
	- test: "recover"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "gcp-sev-es"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"
	- test: "recover"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "azure-sev-snp"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"
	- test: "recover"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "azure-tdx"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"
	- test: "recover"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "aws-sev-snp"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"

	# lb test on latest k8s version
	- test: "lb"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "gcp-sev-es"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"
	- test: "lb"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "azure-sev-snp"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"
	- test: "lb"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "azure-tdx"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"
	- test: "lb"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "aws-sev-snp"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"

	# autoscaling test on latest k8s version
	- test: "autoscaling"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "gcp-sev-es"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"
	- test: "autoscaling"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "azure-sev-snp"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"
	- test: "autoscaling"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "azure-tdx"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"
	- test: "autoscaling"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "aws-sev-snp"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"

	# perf-bench test on latest k8s version, not supported on AWS
	- test: "perf-bench"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "gcp-sev-es"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"
	- test: "perf-bench"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "azure-sev-snp"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"
	# TODO: check what needs to be done for perf-bench on Azure TDX
	#- test: "perf-bench"
	# refStream: "ref/main/stream/debug/?"
	# attestationVariant: "azure-tdx"
	# kubernetes-version: "v1.29"
	# clusterCreation: "cli"

	# s3proxy test on latest k8s version
	- test: "s3proxy"
	refStream: "ref/main/stream/debug/?"
	attestationVariant: "gcp-sev-es"
	kubernetes-version: "v1.29"
	clusterCreation: "cli"

	#
	# Tests on release-stable refStream
	#

	# verify test on default k8s version
	- test: "verify"
	refStream: "ref/release/stream/stable/?"
	attestationVariant: "gcp-sev-es"
	kubernetes-version: "v1.28"
	clusterCreation: "cli"
	- test: "verify"
	refStream: "ref/release/stream/stable/?"
	attestationVariant: "azure-sev-snp"
	kubernetes-version: "v1.28"
	clusterCreation: "cli"
	- test: "verify"
	refStream: "ref/release/stream/stable/?"
	attestationVariant: "azure-tdx"
	kubernetes-version: "v1.28"
	clusterCreation: "cli"
	- test: "verify"
	refStream: "ref/release/stream/stable/?"
	attestationVariant: "aws-sev-snp"
	kubernetes-version: "v1.28"
	clusterCreation: "cli"

	runs-on: ubuntu-22.04
	permissions:
	id-token: write
	checks: write
	contents: read
	packages: write
	actions: write
	needs: [find-latest-image]
	steps:
	- name: Check out repository
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	with:
	fetch-depth: 0
	ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref \|\| '' }}

	- name: Split attestationVariant
	id: split-attestationVariant
	shell: bash
	run: \|
	attestationVariant="${{ matrix.attestationVariant }}"
	cloudProvider="${attestationVariant%%-*}"

	echo "cloudProvider=${cloudProvider}" \| tee -a "$GITHUB_OUTPUT"

	- name: Run E2E test
	id: e2e_test
	uses: ./.github/actions/e2e_test
	with:
	workerNodesCount: "2"
	controlNodesCount: "3"
	cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
	attestationVariant: ${{ matrix.attestationVariant }}
	osImage: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable \|\| needs.find-latest-image.outputs.image-main-debug }}
	isDebugImage: ${{ matrix.refStream == 'ref/main/stream/debug/?' }}
	cliVersion: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable \|\| '' }}
	kubernetesVersion: ${{ matrix.kubernetes-version }}
	refStream: ${{ matrix.refStream }}
	awsOpenSearchDomain: ${{ secrets.AWS_OPENSEARCH_DOMAIN }}
	awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }}
	awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }}
	gcpProject: constellation-e2e
	gcpClusterCreateServiceAccount: "[email protected]"
	gcpIAMCreateServiceAccount: "[email protected]"
	test: ${{ matrix.test }}
	buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
	azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
	azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
	registry: ghcr.io
	githubToken: ${{ secrets.GITHUB_TOKEN }}
	cosignPassword: ${{ secrets.COSIGN_PASSWORD }}
	cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }}
	fetchMeasurements: ${{ matrix.refStream != 'ref/release/stream/stable/?' }}
	azureSNPEnforcementPolicy: ${{ matrix.azureSNPEnforcementPolicy }}
	clusterCreation: ${{ matrix.clusterCreation }}
	s3AccessKey: ${{ secrets.AWS_ACCESS_KEY_ID_S3PROXY }}
	s3SecretKey: ${{ secrets.AWS_SECRET_ACCESS_KEY_S3PROXY }}
	encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

	- name: Always terminate cluster
	if: always()
	uses: ./.github/actions/constellation_destroy
	with:
	kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }}
	clusterCreation: ${{ matrix.clusterCreation }}
	cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
	azureClusterDeleteCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
	gcpClusterDeleteServiceAccount: "[email protected]"

	- name: Always delete IAM configuration
	if: always()
	uses: ./.github/actions/constellation_iam_destroy
	with:
	cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
	azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
	gcpServiceAccount: "[email protected]"

	- name: Check if tfstate should be deleted
	if: always()
	shell: bash
	run: \|
	if [ ! -d constellation-terraform ] && [ ! -d constellation-iam-terraform ]; then
	echo "DELETE_TF_STATE=true" >> "$GITHUB_ENV"
	else
	echo "DELETE_TF_STATE=false" >> "$GITHUB_ENV"
	fi

	- name: Delete tfstate artifact if necessary
	if: always() && env.DELETE_TF_STATE == 'true'
	env:
	GH_TOKEN: ${{ github.token }}
	uses: ./.github/actions/artifact_delete
	with:
	name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }}
	workflowID: ${{ github.run_id }}

	- name: Prepare terraform state folders
	if: always()
	shell: bash
	run: \|
	rm -rf to-zip/*
	to_upload=""
	if [ -d constellation-terraform ]; then
	cp -r constellation-terraform to-zip
	rm to-zip/constellation-terraform/plan.zip
	rm -rf to-zip/constellation-terraform/.terraform
	to_upload+="to-zip/constellation-terraform"
	fi
	if [ -d constellation-iam-terraform ]; then
	cp -r constellation-iam-terraform to-zip
	rm -rf to-zip/constellation-iam-terraform/.terraform
	to_upload+=" to-zip/constellation-iam-terraform"
	fi
	echo "TO_UPLOAD=$to_upload" >> "$GITHUB_ENV"

	- name: Update tfstate
	if: always()
	uses: ./.github/actions/artifact_upload
	with:
	name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }}
	path: >
	${{ env.TO_UPLOAD }}
	encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
	overwrite: true

	- name: Notify about failure
	if: \|
	failure() &&
	github.ref == 'refs/heads/main' &&
	github.event_name == 'schedule'
	continue-on-error: true
	uses: ./.github/actions/notify_e2e_failure
	with:
	projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }}
	refStream: ${{ matrix.refStream }}
	test: ${{ matrix.test }}
	kubernetesVersion: ${{ matrix.kubernetes-version }}
	provider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
	attestationVariant: ${{ matrix.attestationVariant }}
	clusterCreation: ${{ matrix.clusterCreation }}

	e2e-upgrade:
	strategy:
	fail-fast: false
	max-parallel: 1
	matrix:
	fromVersion: ["v2.16.2"]
	attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
	name: Run upgrade tests
	secrets: inherit
	permissions:
	id-token: write
	checks: write
	contents: read
	packages: write
	actions: write
	uses: ./.github/workflows/e2e-upgrade.yml
Check failure on line 415 in .github/workflows/e2e-test-weekly.yml View workflow run for this annotation GitHub Actions / e2e test weekly Invalid workflow file `error parsing called workflow ".github/workflows/e2e-test-weekly.yml" -> "./.github/workflows/e2e-upgrade.yml" : workflow was not found. See https://docs.github.com/actions/learn-github-actions/reusing-workflows#access-to-reusable-workflows for more information.`
	with:
	fromVersion: ${{ matrix.fromVersion }}
	attestationVariant: ${{ matrix.attestationVariant }}
	nodeCount: '3:2'
	scheduled: ${{ github.event_name == 'schedule' }}

	e2e-mini:
	name: Run miniconstellation E2E test
	runs-on: ubuntu-22.04
	environment: e2e
	permissions:
	id-token: write
	contents: read
	packages: write
	steps:
	- name: Checkout
	id: checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	with:
	ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref \|\| '' }}

	- name: Azure login OIDC
	uses: azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
	with:
	client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	- name: Run e2e MiniConstellation
	uses: ./.github/actions/e2e_mini
	with:
	azureClientID: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }}
	azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	azureTenantID: ${{ secrets.AZURE_TENANT_ID }}
	buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
	registry: ghcr.io
	githubToken: ${{ secrets.GITHUB_TOKEN }}

	- name: Notify about failure
	if: \|
	failure() &&
	github.ref == 'refs/heads/main' &&
	github.event_name == 'schedule'
	continue-on-error: true
	uses: ./.github/actions/notify_e2e_failure
	with:
	projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }}
	test: "MiniConstellation"
	provider: "QEMU"
	attestationVariant: "qemu-vtpm"

	e2e-windows:
	name: Run Windows E2E test
	permissions:
	id-token: write
	contents: read
	packages: write
	checks: write
	secrets: inherit
	uses: ./.github/workflows/e2e-windows.yml
Check failure on line 475 in .github/workflows/e2e-test-weekly.yml View workflow run for this annotation GitHub Actions / e2e test weekly Invalid workflow file `error parsing called workflow ".github/workflows/e2e-test-weekly.yml" -> "./.github/workflows/e2e-windows.yml" : workflow was not found. See https://docs.github.com/actions/learn-github-actions/reusing-workflows#access-to-reusable-workflows for more information.`
	with:
	scheduled: ${{ github.event_name == 'schedule' }}

	e2e-terraform-provider-example:
	name: Run Terraform provider example E2E test
	strategy:
	fail-fast: false
	matrix:
	attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
	permissions:
	id-token: write
	contents: read
	packages: write
	secrets: inherit
	uses: ./.github/workflows/e2e-test-provider-example.yml
	with:
	attestationVariant: ${{ matrix.attestationVariant }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

e2e test weekly #150

Workflow file

e2e test weekly #150

Jobs

Run details

Workflow file for this run

GitHub Actions / e2e test weekly

GitHub Actions / e2e test weekly