From ec6b20a4c6c4b1ac3b7ebf041bdd78f5105faa68 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Fri, 15 Dec 2023 09:03:22 +0100 Subject: [PATCH 1/7] ci: parallelize upgrade e2e test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --- .github/actions/artifact_download/action.yml | 4 +- .github/actions/artifact_upload/action.yml | 4 +- .../actions/constellation_create/action.yml | 4 +- .github/actions/e2e_benchmark/action.yml | 8 +- .github/actions/e2e_sonobuoy/action.yml | 4 +- .github/actions/e2e_test/action.yml | 10 +- .github/workflows/e2e-test-daily.yml | 2 +- .github/workflows/e2e-test-release.yml | 2 +- .github/workflows/e2e-test-weekly.yml | 2 +- .github/workflows/e2e-test.yml | 2 +- .github/workflows/e2e-upgrade.yml | 253 +++++++++++++++--- 11 files changed, 243 insertions(+), 52 deletions(-) diff --git a/.github/actions/artifact_download/action.yml b/.github/actions/artifact_download/action.yml index 5db482d3d1..9eb16d77d2 100644 --- a/.github/actions/artifact_download/action.yml +++ b/.github/actions/artifact_download/action.yml @@ -9,7 +9,7 @@ inputs: description: 'Download to a specified path.' required: false default: ./ - encryptionSecret: + encryption-secret: description: 'The secret to use for decrypting the artifact.' required: true @@ -37,4 +37,4 @@ runs: shell: bash run: | mkdir -p ${{ inputs.path }} - unzip -P '${{ inputs.encryptionSecret }}' -qq -d ${{ inputs.path }} ${{ steps.tempdir.outputs.directory }}/archive.zip + unzip -P '${{ inputs.encryption-secret }}' -qq -d ${{ inputs.path }} ${{ steps.tempdir.outputs.directory }}/archive.zip diff --git a/.github/actions/artifact_upload/action.yml b/.github/actions/artifact_upload/action.yml index 8de9b113ae..f6a5ec9bf9 100644 --- a/.github/actions/artifact_upload/action.yml +++ b/.github/actions/artifact_upload/action.yml @@ -11,7 +11,7 @@ inputs: retention-days: description: 'How long the artifact should be retained for.' default: 60 - encryptionSecret: + encryption-secret: description: 'The secret to use for encrypting the files.' required: true @@ -58,7 +58,7 @@ runs: for target in ${paths} do pushd "$(dirname "${target}")" || exit 1 - zip -e -P '${{ inputs.encryptionSecret }}' -r "${{ steps.tempdir.outputs.directory }}/archive.zip" "$(basename "${target}")" + zip -e -P '${{ inputs.encryption-secret }}' -r "${{ steps.tempdir.outputs.directory }}/archive.zip" "$(basename "${target}")" popd || exit 1 done diff --git a/.github/actions/constellation_create/action.yml b/.github/actions/constellation_create/action.yml index fa2d8f7e34..0c9c6e6d2f 100644 --- a/.github/actions/constellation_create/action.yml +++ b/.github/actions/constellation_create/action.yml @@ -59,7 +59,7 @@ inputs: force: description: "Set the force-flag on apply to ignore version mismatches." required: false - encryptionSecret: + encryption-secret: description: "The secret to use for encrypting the artifact." required: true @@ -274,4 +274,4 @@ runs: name: serial-logs-${{ inputs.artifactNameSuffix }} path: > !(terraform).log - encryptionSecret: ${{ inputs.encryptionSecret }} + encryption-secret: ${{ inputs.encryption-secret }} diff --git a/.github/actions/e2e_benchmark/action.yml b/.github/actions/e2e_benchmark/action.yml index afc9aed388..b082856292 100644 --- a/.github/actions/e2e_benchmark/action.yml +++ b/.github/actions/e2e_benchmark/action.yml @@ -17,7 +17,7 @@ inputs: awsOpenSearchPwd: description: "AWS OpenSearch Password to upload the results." required: false - encryptionSecret: + encryption-secret: description: 'The secret to use for encrypting the artifact.' required: true @@ -100,7 +100,7 @@ runs: with: path: "out/fio-constellation-${{ inputs.cloudProvider }}.json" name: "fio-constellation-${{ inputs.cloudProvider }}.json" - encryptionSecret: ${{ inputs.encryptionSecret }} + encryption-secret: ${{ inputs.encryption-secret }} - name: Run knb benchmark shell: bash @@ -122,7 +122,7 @@ runs: with: path: "out/knb-constellation-${{ inputs.cloudProvider }}.json" name: "knb-constellation-${{ inputs.cloudProvider }}.json" - encryptionSecret: ${{ inputs.encryptionSecret }} + encryption-secret: ${{ inputs.encryption-secret }} - name: Assume AWS role to retrieve and update benchmarks in S3 uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 @@ -176,7 +176,7 @@ runs: path: > benchmarks/constellation-${{ inputs.cloudProvider }}.json name: "benchmarks" - encryptionSecret: ${{ inputs.encryptionSecret }} + encryption-secret: ${{ inputs.encryption-secret }} - name: Upload benchmark results to opensearch if: (!env.ACT) diff --git a/.github/actions/e2e_sonobuoy/action.yml b/.github/actions/e2e_sonobuoy/action.yml index 7b87d0ee10..7c129a692b 100644 --- a/.github/actions/e2e_sonobuoy/action.yml +++ b/.github/actions/e2e_sonobuoy/action.yml @@ -11,7 +11,7 @@ inputs: kubeconfig: description: "The kubeconfig of the cluster to test." required: true - encryptionSecret: + encryption-secret: description: 'The secret to use for encrypting the artifact.' required: true @@ -54,7 +54,7 @@ runs: with: name: "sonobuoy-logs-${{ inputs.artifactNameSuffix }}.tar.gz" path: "*_sonobuoy_*.tar.gz" - encryptionSecret: ${{ inputs.encryptionSecret }} + encryption-secret: ${{ inputs.encryption-secret }} # Only works on "sonobuoy full" tests (e2e plugin) - name: Extract test results diff --git a/.github/actions/e2e_test/action.yml b/.github/actions/e2e_test/action.yml index 99452fa460..c1532200f2 100644 --- a/.github/actions/e2e_test/action.yml +++ b/.github/actions/e2e_test/action.yml @@ -86,7 +86,7 @@ inputs: force: description: "Set the force-flag on apply to ignore version mismatches." required: false - encryptionSecret: + encryption-secret: description: 'The secret to use for decrypting the artifact.' required: true @@ -299,7 +299,7 @@ runs: clusterCreation: ${{ inputs.clusterCreation }} marketplaceImageVersion: ${{ inputs.marketplaceImageVersion }} force: ${{ inputs.force }} - encryptionSecret: ${{ inputs.encryptionSecret }} + encryption-secret: ${{ inputs.encryption-secret }} - name: Deploy log- and metrics-collection (Kubernetes) id: deploy-logcollection @@ -334,7 +334,7 @@ runs: sonobuoyTestSuiteCmd: "--mode quick" kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }} artifactNameSuffix: ${{ steps.create-prefix.outputs.prefix }} - encryptionSecret: ${{ inputs.encryptionSecret }} + encryption-secret: ${{ inputs.encryption-secret }} - name: Run sonobuoy full test if: inputs.test == 'sonobuoy full' @@ -344,7 +344,7 @@ runs: sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol|Services should serve endpoints on same port and different protocols" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml' kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }} artifactNameSuffix: ${{ steps.create-prefix.outputs.prefix }} - encryptionSecret: ${{ inputs.encryptionSecret }} + encryption-secret: ${{ inputs.encryption-secret }} - name: Run autoscaling test if: inputs.test == 'autoscaling' @@ -367,7 +367,7 @@ runs: awsOpenSearchDomain: ${{ inputs.awsOpenSearchDomain }} awsOpenSearchUsers: ${{ inputs.awsOpenSearchUsers }} awsOpenSearchPwd: ${{ inputs.awsOpenSearchPwd }} - encryptionSecret: ${{ inputs.encryptionSecret }} + encryption-secret: ${{ inputs.encryption-secret }} - name: Run constellation verify test if: inputs.test == 'verify' diff --git a/.github/workflows/e2e-test-daily.yml b/.github/workflows/e2e-test-daily.yml index 2a94d260fb..3514a887f3 100644 --- a/.github/workflows/e2e-test-daily.yml +++ b/.github/workflows/e2e-test-daily.yml @@ -91,7 +91,7 @@ jobs: awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }} awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }} clusterCreation: "cli" - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Always terminate cluster if: always() diff --git a/.github/workflows/e2e-test-release.yml b/.github/workflows/e2e-test-release.yml index e1229b0883..06a89138b7 100644 --- a/.github/workflows/e2e-test-release.yml +++ b/.github/workflows/e2e-test-release.yml @@ -265,7 +265,7 @@ jobs: clusterCreation: ${{ matrix.clusterCreation }} s3AccessKey: ${{ secrets.AWS_ACCESS_KEY_ID_S3PROXY }} s3SecretKey: ${{ secrets.AWS_SECRET_ACCESS_KEY_S3PROXY }} - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Always terminate cluster if: always() diff --git a/.github/workflows/e2e-test-weekly.yml b/.github/workflows/e2e-test-weekly.yml index 4de0bb6179..759e7e3e38 100644 --- a/.github/workflows/e2e-test-weekly.yml +++ b/.github/workflows/e2e-test-weekly.yml @@ -305,7 +305,7 @@ jobs: clusterCreation: ${{ matrix.clusterCreation }} s3AccessKey: ${{ secrets.AWS_ACCESS_KEY_ID_S3PROXY }} s3SecretKey: ${{ secrets.AWS_SECRET_ACCESS_KEY_S3PROXY }} - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Always terminate cluster if: always() diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index 2218a32700..902dd24da6 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -246,7 +246,7 @@ jobs: s3SecretKey: ${{ secrets.AWS_SECRET_ACCESS_KEY_S3PROXY }} marketplaceImageVersion: ${{ inputs.marketplaceImageVersion }} force: ${{ inputs.force }} - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Always terminate cluster if: always() diff --git a/.github/workflows/e2e-upgrade.yml b/.github/workflows/e2e-upgrade.yml index 1a0311f7dd..9002f80663 100644 --- a/.github/workflows/e2e-upgrade.yml +++ b/.github/workflows/e2e-upgrade.yml @@ -111,53 +111,85 @@ jobs: echo "workerNodes=${workerNodes}" | tee -a "$GITHUB_OUTPUT" echo "controlPlaneNodes=${controlPlaneNodes}" | tee -a "$GITHUB_OUTPUT" - e2e-upgrade: + build-target-cli: + name: Build upgrade target version CLI runs-on: ubuntu-22.04 permissions: id-token: write checks: write contents: read packages: write - needs: [split-nodeCount] steps: - name: Checkout if: inputs.gitRef == 'head' - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.gitRef != 'head' - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 ref: ${{ inputs.gitRef }} - - uses: ./.github/actions/setup_bazel_nix + - name: Setup Bazel & Nix + uses: ./.github/actions/setup_bazel_nix with: useCache: "true" buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }} - - name: Login to AWS - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 + - name: Log in to the Container registry + uses: ./.github/actions/container_registry_login with: - role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead - aws-region: eu-central-1 + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - - name: Find latest nightly image - id: find-image - if: inputs.toImage == '' - uses: ./.github/actions/versionsapi + - name: Build CLI + uses: ./.github/actions/build_cli with: - command: latest - ref: main - stream: nightly + enterpriseCLI: true + outputPath: "build/constellation" + push: true - - name: Simulate patch upgrade - if: inputs.simulatedTargetVersion != '' - run: | - echo ${{ inputs.simulatedTargetVersion }} > version.txt + - name: Upload CLI binary + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: constellation + path: build/constellation + + create-cluster: + name: Create upgrade origin version cluster + runs-on: ubuntu-22.04 + permissions: + id-token: write + checks: write + contents: read + packages: write + needs: [split-nodeCount] + outputs: + kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }} + steps: + - name: Checkout + if: inputs.gitRef == 'head' + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} + + - name: Checkout ref + if: inputs.gitRef != 'head' + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + ref: ${{ inputs.gitRef }} + + - uses: ./.github/actions/setup_bazel_nix + with: + useCache: "true" + buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }} - name: Create cluster with 'fromVersion' CLI. id: e2e_test @@ -183,14 +215,80 @@ jobs: awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }} awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }} clusterCreation: "cli" - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - - name: Build CLI - uses: ./.github/actions/build_cli + - name: Remove Terraform plugin cache + if: always() + run: | + rm -rf constellation-terraform/.terraform + rm -rf constellation-iam-terraform/.terraform + + - name: Upload Working Directory + if: always() + uses: ./.github/actions/artifact_upload with: - enterpriseCLI: true - outputPath: "build/constellation" - push: true + name: constellation-pre-test + path: > + ${{ steps.e2e_test.outputs.kubeconfig }} + constellation-terraform + constellation-iam-terraform + constellation-conf.yaml + constellation-state.yaml + constellation-mastersecret.json + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + + e2e-upgrade: + name: Run upgrade test + runs-on: ubuntu-22.04 + permissions: + id-token: write + checks: write + contents: read + packages: write + needs: + - split-nodeCount + - build-target-cli + - create-cluster + steps: + - name: Checkout + if: inputs.gitRef == 'head' + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + with: + fetch-depth: 0 + ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} + + - name: Checkout ref + if: inputs.gitRef != 'head' + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + with: + fetch-depth: 0 + ref: ${{ inputs.gitRef }} + + - name: Setup Bazel & Nix + uses: ./.github/actions/setup_bazel_nix + with: + useCache: "true" + buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }} + + - name: Login to AWS + uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 + with: + role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead + aws-region: eu-central-1 + + - name: Find latest nightly image + id: find-image + if: inputs.toImage == '' + uses: ./.github/actions/versionsapi + with: + command: latest + ref: main + stream: nightly + + - name: Simulate patch upgrade + if: inputs.simulatedTargetVersion != '' + run: | + echo ${{ inputs.simulatedTargetVersion }} > version.txt - name: Login to GCP (IAM service account) if: inputs.cloudProvider == 'gcp' @@ -213,6 +311,25 @@ jobs: with: azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} + - name: Download CLI + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + with: + name: constellation + path: build + + - name: Download Working Directory (Pre-test) + uses: ./.github/actions/artifact_download + with: + name: constellation-pre-test + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + + - name: Make Constellation executable and add to PATH + if: always() + run: | + chmod +x build/constellation + export PATH="$PATH:build" + echo "build" >> "$GITHUB_PATH" + - name: Migrate config id: constellation-config-migrate run: | @@ -245,7 +362,7 @@ jobs: - name: Run upgrade test env: - KUBECONFIG: ${{ steps.e2e_test.outputs.kubeconfig }} + KUBECONFIG: ${{ needs.create-cluster.outputs.kubeconfig }} IMAGE: ${{ inputs.toImage && inputs.toImage || steps.find-image.outputs.output }} KUBERNETES: ${{ inputs.toKubernetes }} MICROSERVICES: ${{ inputs.toMicroservices }} @@ -265,10 +382,82 @@ jobs: bazel run //e2e/internal/upgrade:upgrade_test -- --want-worker "$WORKERNODES" --want-control "$CONTROLNODES" --target-image "$IMAGE" "$KUBERNETES_FLAG" "$MICROSERVICES_FLAG" + - name: Remove Terraform plugin cache + if: always() + run: | + rm -rf constellation-terraform/.terraform + rm -rf constellation-iam-terraform/.terraform + + - name: Upload Working Directory + if: always() + uses: ./.github/actions/artifact_upload + with: + name: constellation-post-test + path: | + ${{ needs.create-cluster.outputs.kubeconfig }} + constellation-terraform + constellation-iam-terraform + constellation-conf.yaml + constellation-state.yaml + constellation-mastersecret.json + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + + clean-up: + name: Clean up resources + runs-on: ubuntu-22.04 + permissions: + id-token: write + checks: write + contents: read + packages: write + if: always() + needs: [create-cluster, e2e-upgrade] + steps: + - name: Checkout + if: inputs.gitRef == 'head' + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + with: + fetch-depth: 0 + ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} + + - name: Checkout ref + if: inputs.gitRef != 'head' + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + with: + fetch-depth: 0 + ref: ${{ inputs.gitRef }} + + - name: Download CLI + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + with: + name: constellation + path: build + + - name: Download Working Directory (Pre-test) + if: always() && needs.e2e-upgrade.result != 'success' + uses: ./.github/actions/artifact_download + with: + name: constellation-pre-test + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + + - name: Download Working Directory (Post-test) + if: always() && needs.e2e-upgrade.result == 'success' + uses: ./.github/actions/artifact_download + with: + name: constellation-post-test + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + + - name: Make Constellation executable and add to PATH + if: always() + run: | + chmod +x build/constellation + export PATH="$PATH:build" + echo "build" >> "$GITHUB_PATH" + - name: Always fetch logs if: always() env: - KUBECONFIG: ${{ steps.e2e_test.outputs.kubeconfig }} + KUBECONFIG: ${{ needs.create-cluster.outputs.kubeconfig }} run: | kubectl logs -n kube-system -l "app.kubernetes.io/name=constellation-operator" --tail=-1 > node-operator.logs kubectl logs -n kube-system -l "app.kubernetes.io/name=node-maintenance-operator" --tail=-1 > node-maintenance-operator.logs @@ -283,14 +472,14 @@ jobs: node-operator.logs node-maintenance-operator.logs constellation-version.yaml - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Always terminate cluster if: always() uses: ./.github/actions/constellation_destroy with: - kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }} clusterCreation: "cli" + kubeconfig: ${{ needs.create-cluster.outputs.kubeconfig }} cloudProvider: ${{ inputs.cloudProvider }} azureClusterDeleteCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} gcpClusterDeleteServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com" @@ -305,7 +494,9 @@ jobs: - name: Notify about failure if: | - failure() && + always() && + needs.create-cluster.result != 'success' && + needs.e2e-upgrade.result != 'success' && github.ref == 'refs/heads/main' && inputs.scheduled continue-on-error: true From 561fc395b9f3e6aba31aecff673b29f5d33cb823 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 16 Jan 2024 14:03:04 +0100 Subject: [PATCH 2/7] ci: revert name change --- .github/actions/artifact_download/action.yml | 4 ++-- .github/actions/artifact_upload/action.yml | 4 ++-- .github/actions/constellation_create/action.yml | 4 ++-- .github/actions/e2e_benchmark/action.yml | 8 ++++---- .github/actions/e2e_sonobuoy/action.yml | 4 ++-- .github/actions/e2e_test/action.yml | 10 +++++----- .github/workflows/e2e-test-daily.yml | 2 +- .github/workflows/e2e-test-release.yml | 2 +- .github/workflows/e2e-test-weekly.yml | 2 +- .github/workflows/e2e-test.yml | 2 +- .github/workflows/e2e-upgrade.yml | 16 ++++++++-------- 11 files changed, 29 insertions(+), 29 deletions(-) diff --git a/.github/actions/artifact_download/action.yml b/.github/actions/artifact_download/action.yml index 9eb16d77d2..5db482d3d1 100644 --- a/.github/actions/artifact_download/action.yml +++ b/.github/actions/artifact_download/action.yml @@ -9,7 +9,7 @@ inputs: description: 'Download to a specified path.' required: false default: ./ - encryption-secret: + encryptionSecret: description: 'The secret to use for decrypting the artifact.' required: true @@ -37,4 +37,4 @@ runs: shell: bash run: | mkdir -p ${{ inputs.path }} - unzip -P '${{ inputs.encryption-secret }}' -qq -d ${{ inputs.path }} ${{ steps.tempdir.outputs.directory }}/archive.zip + unzip -P '${{ inputs.encryptionSecret }}' -qq -d ${{ inputs.path }} ${{ steps.tempdir.outputs.directory }}/archive.zip diff --git a/.github/actions/artifact_upload/action.yml b/.github/actions/artifact_upload/action.yml index f6a5ec9bf9..8de9b113ae 100644 --- a/.github/actions/artifact_upload/action.yml +++ b/.github/actions/artifact_upload/action.yml @@ -11,7 +11,7 @@ inputs: retention-days: description: 'How long the artifact should be retained for.' default: 60 - encryption-secret: + encryptionSecret: description: 'The secret to use for encrypting the files.' required: true @@ -58,7 +58,7 @@ runs: for target in ${paths} do pushd "$(dirname "${target}")" || exit 1 - zip -e -P '${{ inputs.encryption-secret }}' -r "${{ steps.tempdir.outputs.directory }}/archive.zip" "$(basename "${target}")" + zip -e -P '${{ inputs.encryptionSecret }}' -r "${{ steps.tempdir.outputs.directory }}/archive.zip" "$(basename "${target}")" popd || exit 1 done diff --git a/.github/actions/constellation_create/action.yml b/.github/actions/constellation_create/action.yml index 0c9c6e6d2f..fa2d8f7e34 100644 --- a/.github/actions/constellation_create/action.yml +++ b/.github/actions/constellation_create/action.yml @@ -59,7 +59,7 @@ inputs: force: description: "Set the force-flag on apply to ignore version mismatches." required: false - encryption-secret: + encryptionSecret: description: "The secret to use for encrypting the artifact." required: true @@ -274,4 +274,4 @@ runs: name: serial-logs-${{ inputs.artifactNameSuffix }} path: > !(terraform).log - encryption-secret: ${{ inputs.encryption-secret }} + encryptionSecret: ${{ inputs.encryptionSecret }} diff --git a/.github/actions/e2e_benchmark/action.yml b/.github/actions/e2e_benchmark/action.yml index b082856292..afc9aed388 100644 --- a/.github/actions/e2e_benchmark/action.yml +++ b/.github/actions/e2e_benchmark/action.yml @@ -17,7 +17,7 @@ inputs: awsOpenSearchPwd: description: "AWS OpenSearch Password to upload the results." required: false - encryption-secret: + encryptionSecret: description: 'The secret to use for encrypting the artifact.' required: true @@ -100,7 +100,7 @@ runs: with: path: "out/fio-constellation-${{ inputs.cloudProvider }}.json" name: "fio-constellation-${{ inputs.cloudProvider }}.json" - encryption-secret: ${{ inputs.encryption-secret }} + encryptionSecret: ${{ inputs.encryptionSecret }} - name: Run knb benchmark shell: bash @@ -122,7 +122,7 @@ runs: with: path: "out/knb-constellation-${{ inputs.cloudProvider }}.json" name: "knb-constellation-${{ inputs.cloudProvider }}.json" - encryption-secret: ${{ inputs.encryption-secret }} + encryptionSecret: ${{ inputs.encryptionSecret }} - name: Assume AWS role to retrieve and update benchmarks in S3 uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 @@ -176,7 +176,7 @@ runs: path: > benchmarks/constellation-${{ inputs.cloudProvider }}.json name: "benchmarks" - encryption-secret: ${{ inputs.encryption-secret }} + encryptionSecret: ${{ inputs.encryptionSecret }} - name: Upload benchmark results to opensearch if: (!env.ACT) diff --git a/.github/actions/e2e_sonobuoy/action.yml b/.github/actions/e2e_sonobuoy/action.yml index 7c129a692b..7b87d0ee10 100644 --- a/.github/actions/e2e_sonobuoy/action.yml +++ b/.github/actions/e2e_sonobuoy/action.yml @@ -11,7 +11,7 @@ inputs: kubeconfig: description: "The kubeconfig of the cluster to test." required: true - encryption-secret: + encryptionSecret: description: 'The secret to use for encrypting the artifact.' required: true @@ -54,7 +54,7 @@ runs: with: name: "sonobuoy-logs-${{ inputs.artifactNameSuffix }}.tar.gz" path: "*_sonobuoy_*.tar.gz" - encryption-secret: ${{ inputs.encryption-secret }} + encryptionSecret: ${{ inputs.encryptionSecret }} # Only works on "sonobuoy full" tests (e2e plugin) - name: Extract test results diff --git a/.github/actions/e2e_test/action.yml b/.github/actions/e2e_test/action.yml index c1532200f2..99452fa460 100644 --- a/.github/actions/e2e_test/action.yml +++ b/.github/actions/e2e_test/action.yml @@ -86,7 +86,7 @@ inputs: force: description: "Set the force-flag on apply to ignore version mismatches." required: false - encryption-secret: + encryptionSecret: description: 'The secret to use for decrypting the artifact.' required: true @@ -299,7 +299,7 @@ runs: clusterCreation: ${{ inputs.clusterCreation }} marketplaceImageVersion: ${{ inputs.marketplaceImageVersion }} force: ${{ inputs.force }} - encryption-secret: ${{ inputs.encryption-secret }} + encryptionSecret: ${{ inputs.encryptionSecret }} - name: Deploy log- and metrics-collection (Kubernetes) id: deploy-logcollection @@ -334,7 +334,7 @@ runs: sonobuoyTestSuiteCmd: "--mode quick" kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }} artifactNameSuffix: ${{ steps.create-prefix.outputs.prefix }} - encryption-secret: ${{ inputs.encryption-secret }} + encryptionSecret: ${{ inputs.encryptionSecret }} - name: Run sonobuoy full test if: inputs.test == 'sonobuoy full' @@ -344,7 +344,7 @@ runs: sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol|Services should serve endpoints on same port and different protocols" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml' kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }} artifactNameSuffix: ${{ steps.create-prefix.outputs.prefix }} - encryption-secret: ${{ inputs.encryption-secret }} + encryptionSecret: ${{ inputs.encryptionSecret }} - name: Run autoscaling test if: inputs.test == 'autoscaling' @@ -367,7 +367,7 @@ runs: awsOpenSearchDomain: ${{ inputs.awsOpenSearchDomain }} awsOpenSearchUsers: ${{ inputs.awsOpenSearchUsers }} awsOpenSearchPwd: ${{ inputs.awsOpenSearchPwd }} - encryption-secret: ${{ inputs.encryption-secret }} + encryptionSecret: ${{ inputs.encryptionSecret }} - name: Run constellation verify test if: inputs.test == 'verify' diff --git a/.github/workflows/e2e-test-daily.yml b/.github/workflows/e2e-test-daily.yml index 3514a887f3..2a94d260fb 100644 --- a/.github/workflows/e2e-test-daily.yml +++ b/.github/workflows/e2e-test-daily.yml @@ -91,7 +91,7 @@ jobs: awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }} awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }} clusterCreation: "cli" - encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Always terminate cluster if: always() diff --git a/.github/workflows/e2e-test-release.yml b/.github/workflows/e2e-test-release.yml index 06a89138b7..e1229b0883 100644 --- a/.github/workflows/e2e-test-release.yml +++ b/.github/workflows/e2e-test-release.yml @@ -265,7 +265,7 @@ jobs: clusterCreation: ${{ matrix.clusterCreation }} s3AccessKey: ${{ secrets.AWS_ACCESS_KEY_ID_S3PROXY }} s3SecretKey: ${{ secrets.AWS_SECRET_ACCESS_KEY_S3PROXY }} - encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Always terminate cluster if: always() diff --git a/.github/workflows/e2e-test-weekly.yml b/.github/workflows/e2e-test-weekly.yml index 759e7e3e38..4de0bb6179 100644 --- a/.github/workflows/e2e-test-weekly.yml +++ b/.github/workflows/e2e-test-weekly.yml @@ -305,7 +305,7 @@ jobs: clusterCreation: ${{ matrix.clusterCreation }} s3AccessKey: ${{ secrets.AWS_ACCESS_KEY_ID_S3PROXY }} s3SecretKey: ${{ secrets.AWS_SECRET_ACCESS_KEY_S3PROXY }} - encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Always terminate cluster if: always() diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index 902dd24da6..2218a32700 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -246,7 +246,7 @@ jobs: s3SecretKey: ${{ secrets.AWS_SECRET_ACCESS_KEY_S3PROXY }} marketplaceImageVersion: ${{ inputs.marketplaceImageVersion }} force: ${{ inputs.force }} - encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Always terminate cluster if: always() diff --git a/.github/workflows/e2e-upgrade.yml b/.github/workflows/e2e-upgrade.yml index 9002f80663..98e5c2f375 100644 --- a/.github/workflows/e2e-upgrade.yml +++ b/.github/workflows/e2e-upgrade.yml @@ -215,7 +215,7 @@ jobs: awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }} awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }} clusterCreation: "cli" - encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Remove Terraform plugin cache if: always() @@ -235,7 +235,7 @@ jobs: constellation-conf.yaml constellation-state.yaml constellation-mastersecret.json - encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} e2e-upgrade: name: Run upgrade test @@ -321,8 +321,8 @@ jobs: uses: ./.github/actions/artifact_download with: name: constellation-pre-test - encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - + encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + - name: Make Constellation executable and add to PATH if: always() run: | @@ -400,7 +400,7 @@ jobs: constellation-conf.yaml constellation-state.yaml constellation-mastersecret.json - encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} clean-up: name: Clean up resources @@ -438,14 +438,14 @@ jobs: uses: ./.github/actions/artifact_download with: name: constellation-pre-test - encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Download Working Directory (Post-test) if: always() && needs.e2e-upgrade.result == 'success' uses: ./.github/actions/artifact_download with: name: constellation-post-test - encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Make Constellation executable and add to PATH if: always() @@ -472,7 +472,7 @@ jobs: node-operator.logs node-maintenance-operator.logs constellation-version.yaml - encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Always terminate cluster if: always() From aebafa2e74314d77c44d6171d4f9075c7ac6814a Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 16 Jan 2024 14:11:15 +0100 Subject: [PATCH 3/7] ci: upgrade checkout action --- .github/workflows/e2e-upgrade.yml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/e2e-upgrade.yml b/.github/workflows/e2e-upgrade.yml index 98e5c2f375..340ce7879b 100644 --- a/.github/workflows/e2e-upgrade.yml +++ b/.github/workflows/e2e-upgrade.yml @@ -122,14 +122,14 @@ jobs: steps: - name: Checkout if: inputs.gitRef == 'head' - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.gitRef != 'head' - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 ref: ${{ inputs.gitRef }} @@ -215,7 +215,7 @@ jobs: awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }} awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }} clusterCreation: "cli" - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Remove Terraform plugin cache if: always() @@ -235,7 +235,7 @@ jobs: constellation-conf.yaml constellation-state.yaml constellation-mastersecret.json - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} e2e-upgrade: name: Run upgrade test @@ -252,14 +252,14 @@ jobs: steps: - name: Checkout if: inputs.gitRef == 'head' - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.gitRef != 'head' - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 ref: ${{ inputs.gitRef }} @@ -321,7 +321,7 @@ jobs: uses: ./.github/actions/artifact_download with: name: constellation-pre-test - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Make Constellation executable and add to PATH if: always() @@ -400,7 +400,7 @@ jobs: constellation-conf.yaml constellation-state.yaml constellation-mastersecret.json - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} clean-up: name: Clean up resources @@ -415,14 +415,14 @@ jobs: steps: - name: Checkout if: inputs.gitRef == 'head' - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.gitRef != 'head' - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 ref: ${{ inputs.gitRef }} @@ -438,14 +438,14 @@ jobs: uses: ./.github/actions/artifact_download with: name: constellation-pre-test - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Download Working Directory (Post-test) if: always() && needs.e2e-upgrade.result == 'success' uses: ./.github/actions/artifact_download with: name: constellation-post-test - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Make Constellation executable and add to PATH if: always() @@ -472,7 +472,7 @@ jobs: node-operator.logs node-maintenance-operator.logs constellation-version.yaml - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Always terminate cluster if: always() From 0880b438178878711c164ad85d84d5ecea462091 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 16 Jan 2024 14:15:08 +0100 Subject: [PATCH 4/7] ci: add target version before building target cli --- .github/workflows/e2e-upgrade.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/e2e-upgrade.yml b/.github/workflows/e2e-upgrade.yml index 340ce7879b..0d273947ab 100644 --- a/.github/workflows/e2e-upgrade.yml +++ b/.github/workflows/e2e-upgrade.yml @@ -147,6 +147,11 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Simulate patch upgrade + if: inputs.simulatedTargetVersion != '' + run: | + echo ${{ inputs.simulatedTargetVersion }} > version.txt + - name: Build CLI uses: ./.github/actions/build_cli with: @@ -285,11 +290,6 @@ jobs: ref: main stream: nightly - - name: Simulate patch upgrade - if: inputs.simulatedTargetVersion != '' - run: | - echo ${{ inputs.simulatedTargetVersion }} > version.txt - - name: Login to GCP (IAM service account) if: inputs.cloudProvider == 'gcp' uses: ./.github/actions/login_gcp From bef50b2aeaae8ad95dfc0194fd773d840fe1cbae Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 16 Jan 2024 14:27:18 +0100 Subject: [PATCH 5/7] ci: rename input --- .github/workflows/e2e-upgrade.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/e2e-upgrade.yml b/.github/workflows/e2e-upgrade.yml index 0d273947ab..37a3612918 100644 --- a/.github/workflows/e2e-upgrade.yml +++ b/.github/workflows/e2e-upgrade.yml @@ -220,7 +220,7 @@ jobs: awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }} awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }} clusterCreation: "cli" - encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Remove Terraform plugin cache if: always() @@ -240,7 +240,7 @@ jobs: constellation-conf.yaml constellation-state.yaml constellation-mastersecret.json - encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} e2e-upgrade: name: Run upgrade test @@ -321,7 +321,7 @@ jobs: uses: ./.github/actions/artifact_download with: name: constellation-pre-test - encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Make Constellation executable and add to PATH if: always() @@ -400,7 +400,7 @@ jobs: constellation-conf.yaml constellation-state.yaml constellation-mastersecret.json - encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} clean-up: name: Clean up resources @@ -438,14 +438,14 @@ jobs: uses: ./.github/actions/artifact_download with: name: constellation-pre-test - encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Download Working Directory (Post-test) if: always() && needs.e2e-upgrade.result == 'success' uses: ./.github/actions/artifact_download with: name: constellation-post-test - encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Make Constellation executable and add to PATH if: always() @@ -472,7 +472,7 @@ jobs: node-operator.logs node-maintenance-operator.logs constellation-version.yaml - encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Always terminate cluster if: always() From 923056b0f14faee65201fbfaea2f3f82f8e8db33 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Fri, 19 Jan 2024 09:17:16 +0100 Subject: [PATCH 6/7] ci: upload service account key --- .github/workflows/e2e-upgrade.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/e2e-upgrade.yml b/.github/workflows/e2e-upgrade.yml index 37a3612918..5a4462b211 100644 --- a/.github/workflows/e2e-upgrade.yml +++ b/.github/workflows/e2e-upgrade.yml @@ -240,6 +240,7 @@ jobs: constellation-conf.yaml constellation-state.yaml constellation-mastersecret.json + gcpServiceAccountKey.json encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} e2e-upgrade: @@ -400,6 +401,7 @@ jobs: constellation-conf.yaml constellation-state.yaml constellation-mastersecret.json + gcpServiceAccountKey.json encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} clean-up: From 9724111eca62eabbaa5930c15495e716605d4024 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Fri, 19 Jan 2024 09:21:28 +0100 Subject: [PATCH 7/7] ci: download sa key on GCP --- .github/workflows/e2e-upgrade.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e-upgrade.yml b/.github/workflows/e2e-upgrade.yml index 5a4462b211..e221067d34 100644 --- a/.github/workflows/e2e-upgrade.yml +++ b/.github/workflows/e2e-upgrade.yml @@ -240,6 +240,14 @@ jobs: constellation-conf.yaml constellation-state.yaml constellation-mastersecret.json + encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + + - name: Upload SA Key + if: always() && inputs.cloudProvider == 'gcp' + uses: ./.github/actions/artifact_upload + with: + name: sa-key + path: > gcpServiceAccountKey.json encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} @@ -324,6 +332,13 @@ jobs: name: constellation-pre-test encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + - name: Download SA Key + if: inputs.cloudProvider == 'gcp' + uses: ./.github/actions/artifact_download + with: + name: sa-key + encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + - name: Make Constellation executable and add to PATH if: always() run: | @@ -401,7 +416,6 @@ jobs: constellation-conf.yaml constellation-state.yaml constellation-mastersecret.json - gcpServiceAccountKey.json encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} clean-up: