Skip to content

azure-e2e-test

azure-e2e-test #111

name: azure-e2e-test
permissions:
id-token: write
contents: read
env:
CLUSTER_NAME: "e2e-test-${{ github.run_id }}-${{ github.run_attempt }}"
on:
workflow_dispatch:
inputs:
podvm-image-id:
type: string
description: prebuilt podvm image
jobs:
generate-podvm-image-version:
if: github.event.inputs.podvm-image-id == ''
runs-on: ubuntu-latest
outputs:
image-version: "${{ steps.generate-image-version.outputs.image-version }}"
steps:
- name: Generate PodVM image version
id: generate-image-version
run: |
unique_version="$(date '+%m.%d.%H%M%S')${{ github.run_attempt }}"
echo "Generated unique version for the image as: ${unique_version}"
echo "image-version=${unique_version}" >> "$GITHUB_OUTPUT"
build-podvm-image:
uses: confidential-containers/cloud-api-adaptor/.github/workflows/azure-podvm-image-build.yml@main
needs:
- generate-podvm-image-version
if: github.event.inputs.podvm-image-id == ''
secrets: inherit
with:
image-version: ${{ needs.generate-podvm-image-version.outputs.image-version }}
build-caa-container-image:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Go environment
uses: actions/setup-go@v4
with:
go-version: '1.20'
cache-dependency-path: go.sum
- uses: azure/login@v1
name: 'Az CLI login'
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Install build dependencies
run: |
sudo apt-get update -y
sudo apt-get install -y libvirt-dev
- name: Build container image
env:
ARCHES: "linux/amd64"
RELEASE_BUILD: "false"
registry: "${{ secrets.ACR_URL }}"
COMMIT: "${GITHUB_SHA}"
run: |
az acr login --name ${{ secrets.ACR_URL }}
# This builds image in the following format:
# ACR_URL/cloud-api-adaptor:dev-COMMIT
make image
run-e2e-test:
runs-on: ubuntu-latest
needs:
- build-podvm-image
- build-caa-container-image
if: always() && !cancelled() && needs.build-podvm-image.result != 'failure'
steps:
- uses: actions/checkout@v3
- name: Set up Go environment
uses: actions/setup-go@v4
with:
go-version: '1.20'
- name: Create provisioner file
env:
TEST_E2E_CREATE_RG: "no"
AZURE_IMAGE_ID: "${{ github.event.inputs.podvm-image-id || needs.build-podvm-image.outputs.image-id }}"
run: |
cat << EOF > /tmp/provision_azure.properties
AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}"
AZURE_CLIENT_ID="${{ secrets.AZURE_CLIENT_ID }}"
RESOURCE_GROUP_NAME="${{ secrets.AZURE_RESOURCE_GROUP }}"
CLUSTER_NAME="$CLUSTER_NAME"
LOCATION="${{ secrets.AZURE_REGION }}"
SSH_KEY_ID="id_rsa.pub"
AZURE_IMAGE_ID="$AZURE_IMAGE_ID"
IS_CI_MANAGED_CLUSTER="true"
AZURE_CLI_AUTH="true"
MANAGED_IDENTITY_NAME="${{ secrets.AZURE_MANAGED_IDENTITY_NAME}}"
CAA_IMAGE="${{ secrets.ACR_URL }}/cloud-api-adaptor:dev-${GITHUB_SHA}"
EOF
cat /tmp/provision_azure.properties
- name: Create public ssh key and secrets
run: |
# TODO: This is a temporary fix to create an empty file for env.
touch install/overlays/azure/service-principal.env
ssh-keygen -t rsa -b 4096 -f install/overlays/azure/id_rsa -N "" -C dev@coco.io
- uses: azure/login@v1
name: 'Az CLI login'
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- name: Run e2e test
env:
TEST_PROVISION_FILE: "/tmp/provision_azure.properties"
TEST_PROVISION: "yes"
CLOUD_PROVIDER: "azure"
BUILTIN_CLOUD_PROVIDERS: "azure"
run: make test-e2e
# Clean up step, run regardless of the failure state.
- name: Run deprovisioner
if: ${{ always() }}
env:
TEST_PROVISION_FILE: "/tmp/provision_azure.properties"
CLOUD_PROVIDER: "azure"
BUILTIN_CLOUD_PROVIDERS: "azure"
run: |
cd test/tools
make caa-provisioner-cli
# Ignore the error if the deprovision fails.
./caa-provisioner-cli -action=deprovision || true
cleanup-resources:
runs-on: ubuntu-latest
needs:
- generate-podvm-image-version
- build-podvm-image
- build-caa-container-image
- run-e2e-test
if: always()
steps:
- uses: actions/checkout@v3
- uses: azure/login@v1
name: 'Az CLI login'
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- name: Remove podvm image
if: github.event.inputs.podvm-image-id == ''
run: |
# Delete the Pod VM image from the gallery.
az sig image-version delete \
--resource-group ${{ secrets.AZURE_RESOURCE_GROUP }} \
--gallery-name ${{ secrets.AZURE_PODVM_GALLERY_NAME }} \
--gallery-image-definition ${{ secrets.AZURE_PODVM_IMAGE_DEF_NAME }} \
--gallery-image-version "${{ needs.generate-podvm-image-version.outputs.image-version }}"
- name: Remove container image
run: |
# Delete the CAA container image built for this run.
suffix=".azurecr.io"
acr_url=${{ secrets.ACR_URL }}
registry_name="${acr_url%$suffix}"
az acr repository delete \
--name "${registry_name}" \
--image "${{ secrets.ACR_URL }}/cloud-api-adaptor:dev-${GITHUB_SHA}" \
--yes || true
- name: Remove AKS cluster
run: |
# Delete the cluster even if it has been deleted already or does not exists.
az aks delete \
--name "${CLUSTER_NAME}" \
--resource-group ${{ secrets.AZURE_RESOURCE_GROUP }} \
--no-wait \
--yes || true