From 2cfb3baeb8a83ba1c15baec13ec76164b2ae3c25 Mon Sep 17 00:00:00 2001 From: miampf Date: Thu, 2 May 2024 13:32:32 +0200 Subject: [PATCH 01/10] logic for deleting resource groups without terraform --- .github/workflows/e2e-windows.yml | 33 +++++++++++-------------------- 1 file changed, 11 insertions(+), 22 deletions(-) diff --git a/.github/workflows/e2e-windows.yml b/.github/workflows/e2e-windows.yml index 893ff83067..f04a549408 100644 --- a/.github/workflows/e2e-windows.yml +++ b/.github/workflows/e2e-windows.yml @@ -80,10 +80,12 @@ jobs: azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} - name: Create IAM configuration + id: iam-create shell: pwsh run: | $uid = Get-Random -Minimum 1000 -Maximum 9999 $rgName = "e2e-win-${{ github.run_id }}-${{ github.run_attempt }}-$uid" + Write-Output "rgName=$($rgName)" >> $Env::GITHUB_OUTPUT .\constellation.exe config generate azure -t "workflow=${{ github.run_id }}" .\constellation.exe iam create azure --region=westus --resourceGroup=$rgName-rg --servicePrincipal=$rgName-sp --update-config --debug -y @@ -150,6 +152,7 @@ jobs: } - name: Terminate cluster + id: terminate-cluster if: always() shell: pwsh run: | @@ -162,11 +165,19 @@ jobs: azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} - name: Delete IAM configuration + id: delete-iam if: always() shell: pwsh run: | .\constellation.exe iam destroy --debug -y + - name: Clean up after failure + if: ${{ (failure() && (steps.terminate-cluster.conclusion == 'failure' || steps.delete-iam.conclusion == 'failure') || cancelled() }} # run on a cleanup failure or if cancelled + shell: pwsh + run: | + az rg delete --name ${{ steps.iam-create.outputs.rgName }}-rg --yes + az rg delete --name ${{ steps.iam-create.outputs.rgName }}-sp --yes + notify-failure: name: Notify about failure runs-on: ubuntu-22.04 @@ -196,25 +207,3 @@ jobs: provider: Azure attestationVariant: "azure-sev-snp" - upload-tfstate: - name: Upload terraform state if it exists - runs-on: ubuntu-22.04 - needs: e2e-test - if: always() - steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - - - name: Upload tfstate - if: always() - env: - GH_TOKEN: ${{ github.token }} - uses: ./.github/actions/update_tfstate - with: - name: terraform-state-${{ github.run_id }} - runID: ${{ github.run_id }} - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - skipDeletion: "true" - From 058455d1f79ff3de973439d17017bf792b7e4da4 Mon Sep 17 00:00:00 2001 From: miampf Date: Thu, 2 May 2024 13:33:32 +0200 Subject: [PATCH 02/10] TEST: fail terminate --- .github/workflows/e2e-windows.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e-windows.yml b/.github/workflows/e2e-windows.yml index f04a549408..3f9b9f427a 100644 --- a/.github/workflows/e2e-windows.yml +++ b/.github/workflows/e2e-windows.yml @@ -156,7 +156,8 @@ jobs: if: always() shell: pwsh run: | - .\constellation.exe terminate --debug -y + # .\constellation.exe terminate --debug -y + exit 1 - name: Login to Azure (IAM service principal) if: always() From a4cfa94f6d6d71ae7fb1f966ce2be480ee81f4b6 Mon Sep 17 00:00:00 2001 From: miampf Date: Thu, 2 May 2024 13:34:43 +0200 Subject: [PATCH 03/10] added missing parentheses --- .github/workflows/e2e-windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e-windows.yml b/.github/workflows/e2e-windows.yml index 3f9b9f427a..2b8427cb8b 100644 --- a/.github/workflows/e2e-windows.yml +++ b/.github/workflows/e2e-windows.yml @@ -173,7 +173,7 @@ jobs: .\constellation.exe iam destroy --debug -y - name: Clean up after failure - if: ${{ (failure() && (steps.terminate-cluster.conclusion == 'failure' || steps.delete-iam.conclusion == 'failure') || cancelled() }} # run on a cleanup failure or if cancelled + if: ${{ (failure() && (steps.terminate-cluster.conclusion == 'failure' || steps.delete-iam.conclusion == 'failure')) || cancelled() }} # run on a cleanup failure or if cancelled shell: pwsh run: | az rg delete --name ${{ steps.iam-create.outputs.rgName }}-rg --yes From 22ab69504cfa3c02623ad5a4005e777b3bbcd60e Mon Sep 17 00:00:00 2001 From: miampf Date: Thu, 2 May 2024 14:13:26 +0200 Subject: [PATCH 04/10] correct command --- .github/workflows/e2e-windows.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e-windows.yml b/.github/workflows/e2e-windows.yml index 2b8427cb8b..fa61355e34 100644 --- a/.github/workflows/e2e-windows.yml +++ b/.github/workflows/e2e-windows.yml @@ -176,8 +176,8 @@ jobs: if: ${{ (failure() && (steps.terminate-cluster.conclusion == 'failure' || steps.delete-iam.conclusion == 'failure')) || cancelled() }} # run on a cleanup failure or if cancelled shell: pwsh run: | - az rg delete --name ${{ steps.iam-create.outputs.rgName }}-rg --yes - az rg delete --name ${{ steps.iam-create.outputs.rgName }}-sp --yes + az group delete --name ${{ steps.iam-create.outputs.rgName }}-rg --yes + az group delete --name ${{ steps.iam-create.outputs.rgName }}-sp --yes notify-failure: name: Notify about failure From 2405dd4cba479efda2b8495618ad9b1086584426 Mon Sep 17 00:00:00 2001 From: miampf Date: Thu, 2 May 2024 14:46:03 +0200 Subject: [PATCH 05/10] also delete identity --- .github/workflows/e2e-windows.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/e2e-windows.yml b/.github/workflows/e2e-windows.yml index fa61355e34..67adb2963e 100644 --- a/.github/workflows/e2e-windows.yml +++ b/.github/workflows/e2e-windows.yml @@ -177,6 +177,7 @@ jobs: shell: pwsh run: | az group delete --name ${{ steps.iam-create.outputs.rgName }}-rg --yes + az group delete --name ${{ steps.iam-create.outputs.rgName }}-rg-identity --yes az group delete --name ${{ steps.iam-create.outputs.rgName }}-sp --yes notify-failure: From 4d4b5ba16caeff6cc997e8465da9ba7264cf3ef8 Mon Sep 17 00:00:00 2001 From: miampf Date: Thu, 2 May 2024 14:51:05 +0200 Subject: [PATCH 06/10] set output using method in gh docs --- .github/workflows/e2e-windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e-windows.yml b/.github/workflows/e2e-windows.yml index 67adb2963e..2e291fd7db 100644 --- a/.github/workflows/e2e-windows.yml +++ b/.github/workflows/e2e-windows.yml @@ -85,7 +85,7 @@ jobs: run: | $uid = Get-Random -Minimum 1000 -Maximum 9999 $rgName = "e2e-win-${{ github.run_id }}-${{ github.run_attempt }}-$uid" - Write-Output "rgName=$($rgName)" >> $Env::GITHUB_OUTPUT + "rgName=$($rgName)" | Out-File -FilePath $env:GITHUB_OUTPUT -Append .\constellation.exe config generate azure -t "workflow=${{ github.run_id }}" .\constellation.exe iam create azure --region=westus --resourceGroup=$rgName-rg --servicePrincipal=$rgName-sp --update-config --debug -y From 3477a6ee82776095a0be18ef7e67e7b44135c831 Mon Sep 17 00:00:00 2001 From: miampf Date: Thu, 2 May 2024 15:24:10 +0200 Subject: [PATCH 07/10] sp deleted with rg-identity --- .github/workflows/e2e-windows.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/e2e-windows.yml b/.github/workflows/e2e-windows.yml index 2e291fd7db..f3e4058f5f 100644 --- a/.github/workflows/e2e-windows.yml +++ b/.github/workflows/e2e-windows.yml @@ -178,7 +178,6 @@ jobs: run: | az group delete --name ${{ steps.iam-create.outputs.rgName }}-rg --yes az group delete --name ${{ steps.iam-create.outputs.rgName }}-rg-identity --yes - az group delete --name ${{ steps.iam-create.outputs.rgName }}-sp --yes notify-failure: name: Notify about failure From 63207e3ce413d2a1eebf828bbaca755154bf7c1f Mon Sep 17 00:00:00 2001 From: miampf Date: Thu, 2 May 2024 15:59:37 +0200 Subject: [PATCH 08/10] TEST: fail iam deletion --- .github/workflows/e2e-windows.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/e2e-windows.yml b/.github/workflows/e2e-windows.yml index f3e4058f5f..5cb1630575 100644 --- a/.github/workflows/e2e-windows.yml +++ b/.github/workflows/e2e-windows.yml @@ -156,8 +156,7 @@ jobs: if: always() shell: pwsh run: | - # .\constellation.exe terminate --debug -y - exit 1 + .\constellation.exe terminate --debug -y - name: Login to Azure (IAM service principal) if: always() @@ -170,7 +169,8 @@ jobs: if: always() shell: pwsh run: | - .\constellation.exe iam destroy --debug -y + # .\constellation.exe iam destroy --debug -y + exit 1 - name: Clean up after failure if: ${{ (failure() && (steps.terminate-cluster.conclusion == 'failure' || steps.delete-iam.conclusion == 'failure')) || cancelled() }} # run on a cleanup failure or if cancelled From 86b639dff76c07e61ae320074b410717efcd360b Mon Sep 17 00:00:00 2001 From: miampf Date: Thu, 2 May 2024 16:30:54 +0200 Subject: [PATCH 09/10] removed exits --- .github/workflows/e2e-windows.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/e2e-windows.yml b/.github/workflows/e2e-windows.yml index 5cb1630575..acf73d9fd1 100644 --- a/.github/workflows/e2e-windows.yml +++ b/.github/workflows/e2e-windows.yml @@ -169,8 +169,7 @@ jobs: if: always() shell: pwsh run: | - # .\constellation.exe iam destroy --debug -y - exit 1 + .\constellation.exe iam destroy --debug -y - name: Clean up after failure if: ${{ (failure() && (steps.terminate-cluster.conclusion == 'failure' || steps.delete-iam.conclusion == 'failure')) || cancelled() }} # run on a cleanup failure or if cancelled From e80e9975ea3ece4da57bb4c51d3cf4e4f2c993a2 Mon Sep 17 00:00:00 2001 From: miampf Date: Fri, 3 May 2024 12:22:03 +0200 Subject: [PATCH 10/10] removed unneeded brackets --- .github/workflows/e2e-windows.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e-windows.yml b/.github/workflows/e2e-windows.yml index acf73d9fd1..87456c3dce 100644 --- a/.github/workflows/e2e-windows.yml +++ b/.github/workflows/e2e-windows.yml @@ -172,7 +172,8 @@ jobs: .\constellation.exe iam destroy --debug -y - name: Clean up after failure - if: ${{ (failure() && (steps.terminate-cluster.conclusion == 'failure' || steps.delete-iam.conclusion == 'failure')) || cancelled() }} # run on a cleanup failure or if cancelled + # run on a cleanup failure or if cancelled + if: (failure() && (steps.terminate-cluster.conclusion == 'failure' || steps.delete-iam.conclusion == 'failure')) || cancelled() shell: pwsh run: | az group delete --name ${{ steps.iam-create.outputs.rgName }}-rg --yes