fixup! ci: call TCB upload step for AWS

ensure terminate has correct permissions

.github/actions/constellation_destroy/action.yml

@@ -8,6 +8,15 @@ inputs:
   selfManagedInfra:
     description: "Use self-managed infrastructure instead of infrastructure created by the Constellation CLI."
     required: true
+  gcpClusterDeleteServiceAccount:
+    description: "Service account with permissions to delete a Constellation cluster on GCP."
+    required: true
+  azureClusterDeleteCredentials:
+    description: "Azure credentials authorized to delete a Constellation cluster."
+    required: true
+  cloudProvider:
+    description: "Either 'aws', 'azure' or 'gcp'."
+    required: true
 
 runs:
   using: "composite"
@@ -41,6 +50,27 @@ runs:
         fi
         echo "::endgroup::"
 
+    - name: Login to GCP (Cluster service account)
+      if: inputs.cloudProvider == 'gcp'
+      uses: ./.github/actions/login_gcp
+      with:
+        service_account: ${{ inputs.gcpClusterDeleteServiceAccount }}
+
+    - name: Login to AWS (Cluster role)
+      if: inputs.cloudProvider == 'aws'
+      uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
+      with:
+        role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster
+        aws-region: eu-central-1
+        # extend token expiry to 6 hours to ensure constellation can terminate
+        role-duration-seconds: 21600
+
+    - name: Login to Azure (Cluster service principal)
+      if: inputs.cloudProvider == 'azure'
+      uses: ./.github/actions/login_azure
+      with:
+        azure_credentials: ${{ inputs.azureClusterDeleteCredentials }}
+
     - name: Constellation terminate
       if: inputs.selfManagedInfra != 'true'
       shell: bash

.github/workflows/e2e-test-daily.yml

@@ -99,6 +99,9 @@ jobs:
         with:
           kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }}
           selfManagedInfra: "false"
+          cloudProvider: ${{ matrix.provider }}
+          azureCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
+          gcpServiceAccount: "constellation-e2e-cluster@constellation-331613.iam.gserviceaccount.com"
 
       - name: Always delete IAM configuration
         if: always()

.github/workflows/e2e-test-weekly.yml

@@ -267,6 +267,9 @@ jobs:
         with:
           kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }}
           selfManagedInfra: ${{ matrix.selfManagedInfra == 'true' }}
+          cloudProvider: ${{ matrix.provider }}
+          azureCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
+          gcpServiceAccount: "constellation-e2e-cluster@constellation-331613.iam.gserviceaccount.com"
 
       - name: Always delete IAM configuration
         if: always()

.github/workflows/e2e-test.yml

@@ -165,7 +165,7 @@ jobs:
         uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
         with:
           ref: ${{ inputs.git-ref }}
-          
+
       - name: Get Latest Image
         id: find-latest-image
         uses: ./.github/actions/find_latest_image
@@ -246,6 +246,9 @@ jobs:
         with:
           kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }}
           selfManagedInfra: "false"
+          cloudProvider: ${{ inputs.cloudProvider }}
+          azureCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
+          gcpServiceAccount: "constellation-e2e-cluster@constellation-331613.iam.gserviceaccount.com"
 
       - name: Always delete IAM configuration
         if: always()

.github/workflows/e2e-upgrade.yml

@@ -290,6 +290,9 @@ jobs:
         with:
           kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }}
           selfManagedInfra: "false"
+          cloudProvider: ${{ inputs.cloudProvider }}
+          azureCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
+          gcpServiceAccount: "constellation-e2e-cluster@constellation-331613.iam.gserviceaccount.com"
 
       - name: Always delete IAM configuration
         if: always()