e2e test weekly #121
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: e2e test weekly | |
on: | |
workflow_dispatch: | |
schedule: | |
- cron: "0 3 * * 6" # At 03:00 on Saturday. | |
jobs: | |
find-latest-image: | |
strategy: | |
fail-fast: false | |
matrix: | |
refStream: ["ref/main/stream/nightly/?","ref/main/stream/debug/?", "ref/release/stream/stable/?"] | |
name: Find latest image | |
runs-on: ubuntu-22.04 | |
permissions: | |
id-token: write | |
contents: read | |
outputs: | |
image-main-debug: ${{ steps.relabel-output.outputs.image-main-debug }} | |
image-release-stable: ${{ steps.relabel-output.outputs.image-release-stable }} | |
image-main-nightly: ${{ steps.relabel-output.outputs.image-main-nightly }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
with: | |
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} | |
- name: Select relevant image | |
id: select-image-action | |
uses: ./.github/actions/select_image | |
with: | |
osImage: ${{ matrix.refStream }} | |
- name: Relabel output | |
id: relabel-output | |
shell: bash | |
run: | | |
ref=$(echo ${{ matrix.refStream }} | cut -d/ -f2) | |
stream=$(echo ${{ matrix.refStream }} | cut -d/ -f4) | |
echo "image-$ref-$stream=${{ steps.select-image-action.outputs.osImage }}" | tee -a "$GITHUB_OUTPUT" | |
e2e-weekly: | |
strategy: | |
fail-fast: false | |
max-parallel: 4 | |
matrix: | |
include: | |
# | |
# Tests on main-debug refStream | |
# | |
# sonobuoy full test on all k8s versions | |
- test: "sonobuoy full" | |
refStream: "ref/main/stream/debug/?" | |
provider: "gcp" | |
kubernetes-version: "v1.28" | |
- test: "sonobuoy full" | |
refStream: "ref/main/stream/debug/?" | |
provider: "azure" | |
kubernetes-version: "v1.28" | |
- test: "sonobuoy full" | |
refStream: "ref/main/stream/debug/?" | |
provider: "aws" | |
kubernetes-version: "v1.28" | |
- test: "sonobuoy full" | |
refStream: "ref/main/stream/debug/?" | |
provider: "gcp" | |
kubernetes-version: "v1.27" | |
- test: "sonobuoy full" | |
refStream: "ref/main/stream/debug/?" | |
provider: "azure" | |
kubernetes-version: "v1.27" | |
- test: "sonobuoy full" | |
refStream: "ref/main/stream/debug/?" | |
provider: "aws" | |
kubernetes-version: "v1.27" | |
- test: "sonobuoy full" | |
refStream: "ref/main/stream/debug/?" | |
provider: "gcp" | |
kubernetes-version: "v1.26" | |
- test: "sonobuoy full" | |
refStream: "ref/main/stream/debug/?" | |
provider: "azure" | |
kubernetes-version: "v1.26" | |
- test: "sonobuoy full" | |
refStream: "ref/main/stream/debug/?" | |
provider: "aws" | |
kubernetes-version: "v1.26" | |
# verify test on latest k8s version | |
- test: "verify" | |
refStream: "ref/main/stream/debug/?" | |
provider: "gcp" | |
kubernetes-version: "v1.28" | |
- test: "verify" | |
refStream: "ref/main/stream/debug/?" | |
provider: "azure" | |
kubernetes-version: "v1.28" | |
azureSNPEnforcementPolicy: "equal" # This run checks for unknown ID Key disgests. | |
- test: "verify" | |
provider: "aws" | |
refStream: "ref/main/stream/debug/?" | |
kubernetes-version: "v1.28" | |
# recover test on latest k8s version | |
- test: "recover" | |
refStream: "ref/main/stream/debug/?" | |
provider: "gcp" | |
kubernetes-version: "v1.28" | |
- test: "recover" | |
refStream: "ref/main/stream/debug/?" | |
provider: "azure" | |
kubernetes-version: "v1.28" | |
- test: "recover" | |
refStream: "ref/main/stream/debug/?" | |
provider: "aws" | |
kubernetes-version: "v1.28" | |
# lb test on latest k8s version | |
- test: "lb" | |
refStream: "ref/main/stream/debug/?" | |
provider: "gcp" | |
kubernetes-version: "v1.28" | |
- test: "lb" | |
refStream: "ref/main/stream/debug/?" | |
provider: "azure" | |
kubernetes-version: "v1.28" | |
- test: "lb" | |
refStream: "ref/main/stream/debug/?" | |
provider: "aws" | |
kubernetes-version: "v1.28" | |
# autoscaling test on latest k8s version | |
- test: "autoscaling" | |
refStream: "ref/main/stream/debug/?" | |
provider: "gcp" | |
kubernetes-version: "v1.28" | |
- test: "autoscaling" | |
refStream: "ref/main/stream/debug/?" | |
provider: "azure" | |
kubernetes-version: "v1.28" | |
- test: "autoscaling" | |
refStream: "ref/main/stream/debug/?" | |
provider: "aws" | |
kubernetes-version: "v1.28" | |
# perf-bench test on latest k8s version, not supported on AWS | |
- test: "perf-bench" | |
refStream: "ref/main/stream/debug/?" | |
provider: "gcp" | |
kubernetes-version: "v1.28" | |
- test: "perf-bench" | |
refStream: "ref/main/stream/debug/?" | |
provider: "azure" | |
kubernetes-version: "v1.28" | |
# malicious join test on latest k8s version | |
- test: "malicious join" | |
refStream: "ref/main/stream/debug/?" | |
provider: "gcp" | |
kubernetes-version: "v1.28" | |
- test: "malicious join" | |
refStream: "ref/main/stream/debug/?" | |
provider: "azure" | |
kubernetes-version: "v1.28" | |
- test: "malicious join" | |
refStream: "ref/main/stream/debug/?" | |
provider: "aws" | |
kubernetes-version: "v1.28" | |
# self-managed infra test on latest k8s version | |
# with Sonobuoy full | |
- test: "sonobuoy full" | |
refStream: "ref/main/stream/debug/?" | |
provider: "gcp" | |
kubernetes-version: "v1.28" | |
selfManagedInfra: "true" | |
- test: "sonobuoy full" | |
refStream: "ref/main/stream/debug/?" | |
provider: "azure" | |
kubernetes-version: "v1.28" | |
selfManagedInfra: "true" | |
- test: "sonobuoy full" | |
provider: "aws" | |
refStream: "ref/main/stream/debug/?" | |
kubernetes-version: "v1.28" | |
selfManagedInfra: "true" | |
# s3proxy test on latest k8s version | |
- test: "s3proxy" | |
refStream: "ref/main/stream/debug/?" | |
provider: "gcp" | |
kubernetes-version: "v1.28" | |
# | |
# Tests on release-stable refStream | |
# | |
# verify test on default k8s version | |
- test: "verify" | |
refStream: "ref/release/stream/stable/?" | |
provider: "gcp" | |
kubernetes-version: "v1.27" | |
- test: "verify" | |
refStream: "ref/release/stream/stable/?" | |
provider: "azure" | |
kubernetes-version: "v1.27" | |
- test: "verify" | |
refStream: "ref/release/stream/stable/?" | |
provider: "aws" | |
kubernetes-version: "v1.27" | |
runs-on: ubuntu-22.04 | |
permissions: | |
id-token: write | |
checks: write | |
contents: read | |
packages: write | |
needs: [find-latest-image] | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
with: | |
fetch-depth: 0 | |
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} | |
- name: Run E2E test | |
id: e2e_test | |
uses: ./.github/actions/e2e_test | |
with: | |
workerNodesCount: "2" | |
controlNodesCount: "3" | |
cloudProvider: ${{ matrix.provider }} | |
osImage: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || needs.find-latest-image.outputs.image-main-debug }} | |
isDebugImage: ${{ matrix.refStream == 'ref/main/stream/debug/?' }} | |
cliVersion: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || '' }} | |
kubernetesVersion: ${{ matrix.kubernetes-version }} | |
refStream: ${{ matrix.refStream }} | |
awsOpenSearchDomain: ${{ secrets.AWS_OPENSEARCH_DOMAIN }} | |
awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }} | |
awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }} | |
gcpProject: ${{ secrets.GCP_E2E_PROJECT }} | |
gcpClusterCreateServiceAccount: "constellation-e2e-cluster@constellation-331613.iam.gserviceaccount.com" | |
gcpIAMCreateServiceAccount: "constellation-iam-e2e@constellation-331613.iam.gserviceaccount.com" | |
gcpInClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }} | |
test: ${{ matrix.test }} | |
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }} | |
azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} | |
azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} | |
registry: ghcr.io | |
githubToken: ${{ secrets.GITHUB_TOKEN }} | |
cosignPassword: ${{ secrets.COSIGN_PASSWORD }} | |
cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
fetchMeasurements: ${{ matrix.refStream != 'ref/release/stream/stable/?' }} | |
azureSNPEnforcementPolicy: ${{ matrix.azureSNPEnforcementPolicy }} | |
selfManagedInfra: ${{ matrix.selfManagedInfra == 'true' }} | |
s3AccessKey: ${{ secrets.AWS_ACCESS_KEY_ID_S3PROXY }} | |
s3SecretKey: ${{ secrets.AWS_SECRET_ACCESS_KEY_S3PROXY }} | |
- name: Always terminate cluster | |
if: always() | |
uses: ./.github/actions/constellation_destroy | |
with: | |
kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }} | |
selfManagedInfra: ${{ matrix.selfManagedInfra == 'true' }} | |
cloudProvider: ${{ matrix.provider }} | |
azureClusterDeleteCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} | |
gcpClusterDeleteServiceAccount: "constellation-e2e-cluster@constellation-331613.iam.gserviceaccount.com" | |
- name: Always delete IAM configuration | |
if: always() | |
uses: ./.github/actions/constellation_iam_destroy | |
with: | |
cloudProvider: ${{ matrix.provider }} | |
azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} | |
gcpServiceAccount: "constellation-iam-e2e@constellation-331613.iam.gserviceaccount.com" | |
- name: Notify about failure | |
if: | | |
failure() && | |
github.ref == 'refs/heads/main' && | |
github.event_name == 'schedule' | |
continue-on-error: true | |
uses: ./.github/actions/notify_e2e_failure | |
with: | |
projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }} | |
teamsWebhookUri: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} | |
refStream: ${{ matrix.refStream }} | |
test: ${{ matrix.test }} | |
kubernetesVersion: ${{ matrix.kubernetes-version }} | |
provider: ${{ matrix.provider }} | |
selfManagedInfra: ${{ matrix.selfManagedInfra == 'true' }} | |
e2e-upgrade: | |
strategy: | |
fail-fast: false | |
max-parallel: 1 | |
matrix: | |
fromVersion: ["v2.13.0"] | |
cloudProvider: ["gcp", "azure", "aws"] | |
name: Run upgrade tests | |
secrets: inherit | |
permissions: | |
id-token: write | |
checks: write | |
contents: read | |
packages: write | |
uses: ./.github/workflows/e2e-upgrade.yml | |
with: | |
fromVersion: ${{ matrix.fromVersion }} | |
cloudProvider: ${{ matrix.cloudProvider }} | |
nodeCount: '3:2' | |
scheduled: ${{ github.event_name == 'schedule' }} | |
e2e-mini: | |
name: Run miniconstellation E2E test | |
runs-on: ubuntu-22.04 | |
environment: e2e | |
permissions: | |
id-token: write | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout | |
id: checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
with: | |
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} | |
- name: Azure login OIDC | |
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 | |
with: | |
client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: Run e2e MiniConstellation | |
uses: ./.github/actions/e2e_mini | |
with: | |
azureClientID: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} | |
azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
azureTenantID: ${{ secrets.AZURE_TENANT_ID }} | |
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }} | |
registry: ghcr.io | |
githubToken: ${{ secrets.GITHUB_TOKEN }} | |
- name: Notify about failure | |
if: | | |
failure() && | |
github.ref == 'refs/heads/main' && | |
github.event_name == 'schedule' | |
continue-on-error: true | |
uses: ./.github/actions/notify_e2e_failure | |
with: | |
projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }} | |
teamsWebhookUri: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} | |
test: "MiniConstellation" | |
provider: "QEMU" | |
e2e-windows: | |
name: Run Windows E2E test | |
permissions: | |
id-token: write | |
contents: read | |
packages: write | |
secrets: inherit | |
uses: ./.github/workflows/e2e-windows.yml | |
with: | |
scheduled: ${{ github.event_name == 'schedule' }} | |
e2e-tf-module: | |
name: Test Terraform Module | |
strategy: | |
fail-fast: false | |
max-parallel: 5 | |
matrix: | |
include: | |
- provider: "gcp" | |
- provider: "aws" | |
- provider: "azure" | |
permissions: | |
id-token: write | |
contents: read | |
packages: write | |
secrets: inherit | |
uses: ./.github/workflows/e2e-test-tf-module.yml | |
with: | |
cloudProvider: "${{ matrix.provider }}" |