azure-e2e-test #111
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: azure-e2e-test | |
permissions: | |
id-token: write | |
contents: read | |
env: | |
CLUSTER_NAME: "e2e-test-${{ github.run_id }}-${{ github.run_attempt }}" | |
on: | |
workflow_dispatch: | |
inputs: | |
podvm-image-id: | |
type: string | |
description: prebuilt podvm image | |
jobs: | |
generate-podvm-image-version: | |
if: github.event.inputs.podvm-image-id == '' | |
runs-on: ubuntu-latest | |
outputs: | |
image-version: "${{ steps.generate-image-version.outputs.image-version }}" | |
steps: | |
- name: Generate PodVM image version | |
id: generate-image-version | |
run: | | |
unique_version="$(date '+%m.%d.%H%M%S')${{ github.run_attempt }}" | |
echo "Generated unique version for the image as: ${unique_version}" | |
echo "image-version=${unique_version}" >> "$GITHUB_OUTPUT" | |
build-podvm-image: | |
uses: confidential-containers/cloud-api-adaptor/.github/workflows/azure-podvm-image-build.yml@main | |
needs: | |
- generate-podvm-image-version | |
if: github.event.inputs.podvm-image-id == '' | |
secrets: inherit | |
with: | |
image-version: ${{ needs.generate-podvm-image-version.outputs.image-version }} | |
build-caa-container-image: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Go environment | |
uses: actions/setup-go@v4 | |
with: | |
go-version: '1.20' | |
cache-dependency-path: go.sum | |
- uses: azure/login@v1 | |
name: 'Az CLI login' | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Install build dependencies | |
run: | | |
sudo apt-get update -y | |
sudo apt-get install -y libvirt-dev | |
- name: Build container image | |
env: | |
ARCHES: "linux/amd64" | |
RELEASE_BUILD: "false" | |
registry: "${{ secrets.ACR_URL }}" | |
COMMIT: "${GITHUB_SHA}" | |
run: | | |
az acr login --name ${{ secrets.ACR_URL }} | |
# This builds image in the following format: | |
# ACR_URL/cloud-api-adaptor:dev-COMMIT | |
make image | |
run-e2e-test: | |
runs-on: ubuntu-latest | |
needs: | |
- build-podvm-image | |
- build-caa-container-image | |
if: always() && !cancelled() && needs.build-podvm-image.result != 'failure' | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Go environment | |
uses: actions/setup-go@v4 | |
with: | |
go-version: '1.20' | |
- name: Create provisioner file | |
env: | |
TEST_E2E_CREATE_RG: "no" | |
AZURE_IMAGE_ID: "${{ github.event.inputs.podvm-image-id || needs.build-podvm-image.outputs.image-id }}" | |
run: | | |
cat << EOF > /tmp/provision_azure.properties | |
AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}" | |
AZURE_CLIENT_ID="${{ secrets.AZURE_CLIENT_ID }}" | |
RESOURCE_GROUP_NAME="${{ secrets.AZURE_RESOURCE_GROUP }}" | |
CLUSTER_NAME="$CLUSTER_NAME" | |
LOCATION="${{ secrets.AZURE_REGION }}" | |
SSH_KEY_ID="id_rsa.pub" | |
AZURE_IMAGE_ID="$AZURE_IMAGE_ID" | |
IS_CI_MANAGED_CLUSTER="true" | |
AZURE_CLI_AUTH="true" | |
MANAGED_IDENTITY_NAME="${{ secrets.AZURE_MANAGED_IDENTITY_NAME}}" | |
CAA_IMAGE="${{ secrets.ACR_URL }}/cloud-api-adaptor:dev-${GITHUB_SHA}" | |
EOF | |
cat /tmp/provision_azure.properties | |
- name: Create public ssh key and secrets | |
run: | | |
# TODO: This is a temporary fix to create an empty file for env. | |
touch install/overlays/azure/service-principal.env | |
ssh-keygen -t rsa -b 4096 -f install/overlays/azure/id_rsa -N "" -C dev@coco.io | |
- uses: azure/login@v1 | |
name: 'Az CLI login' | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
- name: Run e2e test | |
env: | |
TEST_PROVISION_FILE: "/tmp/provision_azure.properties" | |
TEST_PROVISION: "yes" | |
CLOUD_PROVIDER: "azure" | |
BUILTIN_CLOUD_PROVIDERS: "azure" | |
run: make test-e2e | |
# Clean up step, run regardless of the failure state. | |
- name: Run deprovisioner | |
if: ${{ always() }} | |
env: | |
TEST_PROVISION_FILE: "/tmp/provision_azure.properties" | |
CLOUD_PROVIDER: "azure" | |
BUILTIN_CLOUD_PROVIDERS: "azure" | |
run: | | |
cd test/tools | |
make caa-provisioner-cli | |
# Ignore the error if the deprovision fails. | |
./caa-provisioner-cli -action=deprovision || true | |
cleanup-resources: | |
runs-on: ubuntu-latest | |
needs: | |
- generate-podvm-image-version | |
- build-podvm-image | |
- build-caa-container-image | |
- run-e2e-test | |
if: always() | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: azure/login@v1 | |
name: 'Az CLI login' | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
- name: Remove podvm image | |
if: github.event.inputs.podvm-image-id == '' | |
run: | | |
# Delete the Pod VM image from the gallery. | |
az sig image-version delete \ | |
--resource-group ${{ secrets.AZURE_RESOURCE_GROUP }} \ | |
--gallery-name ${{ secrets.AZURE_PODVM_GALLERY_NAME }} \ | |
--gallery-image-definition ${{ secrets.AZURE_PODVM_IMAGE_DEF_NAME }} \ | |
--gallery-image-version "${{ needs.generate-podvm-image-version.outputs.image-version }}" | |
- name: Remove container image | |
run: | | |
# Delete the CAA container image built for this run. | |
suffix=".azurecr.io" | |
acr_url=${{ secrets.ACR_URL }} | |
registry_name="${acr_url%$suffix}" | |
az acr repository delete \ | |
--name "${registry_name}" \ | |
--image "${{ secrets.ACR_URL }}/cloud-api-adaptor:dev-${GITHUB_SHA}" \ | |
--yes || true | |
- name: Remove AKS cluster | |
run: | | |
# Delete the cluster even if it has been deleted already or does not exists. | |
az aks delete \ | |
--name "${CLUSTER_NAME}" \ | |
--resource-group ${{ secrets.AZURE_RESOURCE_GROUP }} \ | |
--no-wait \ | |
--yes || true |