ci: enable STACKIT e2e tests

edgelesssys · Dec 5, 2024 · a3af726 · a3af726
1 parent ab2782a
commit a3af726
Show file tree

Hide file tree

Showing 7 changed files with 3,590 additions and 3,388 deletions.
diff --git a/.bazelversion b/.bazelversion
@@ -1 +1 @@
-7.3.2
+7.1.2
diff --git a/.github/actions/constellation_create/action.yml b/.github/actions/constellation_create/action.yml
@@ -170,6 +170,7 @@ runs:
     - name: Constellation create (CLI)
       shell: bash
       run: |
+        stat ~/.stackit/credentials.json
         constellation apply --skip-phases=init,attestationconfig,certsans,helm,image,k8s -y --debug --tf-log=DEBUG
 
     - name: Cdbg deploy
@@ -257,9 +258,9 @@ runs:
       continue-on-error: true
       uses: ./.github/actions/artifact_upload
       with:
-        name: serial-logs-${{ inputs.artifactNameSuffix }}
-        path: >
-          !(terraform).log
+        name: debug-logs-${{ inputs.artifactNameSuffix }}
+        path: |
+          *.log
         encryptionSecret: ${{ inputs.encryptionSecret }}
 
     - name: Prepare terraform state folders

diff --git a/.github/actions/constellation_iam_create/action.yml b/.github/actions/constellation_iam_create/action.yml
@@ -42,6 +42,12 @@ inputs:
   gcpZone:
     description: "The GCP zone to deploy Constellation in."
     required: false
+  #
+  # STACKIT specific inputs
+  #
+  stackitZone:
+    description: "The STACKIT zone to deploy Constellation in."
+    required: false
 
 runs:
   using: "composite"
@@ -104,3 +110,10 @@ runs:
           --update-config \
           --tf-log=DEBUG \
           --yes
+
+    - name: Set STACKIT-specific configuration
+      shell: bash
+      run: |
+        yq eval -i "(.provider.openstack.stackitProjectID) = \"4353b88f06554808bc53e4ad70f530df\"" constellation-conf.yaml
+        yq eval -i "(.provider.openstack.availabilityZone) = \"${{ inputs.stackitZone }}\"" constellation-conf.yaml
+        yq eval -i "(.nodeGroups.[].zone) = \"${{ inputs.stackitZone }}\"" constellation-conf.yaml
diff --git a/.github/actions/e2e_test/action.yml b/.github/actions/e2e_test/action.yml
@@ -93,6 +93,12 @@ inputs:
   encryptionSecret:
     description: "The secret to use for decrypting the artifact."
     required: true
+  openStackCloudsYaml:
+    description: "The contents of ~/.config/openstack/clouds.yaml"
+    required: true
+  stackitUat:
+    description: "The UAT for STACKIT"
+    required: true
 
 outputs:
   kubeconfig:
@@ -229,6 +235,18 @@ runs:
       with:
         azure_credentials: ${{ inputs.azureIAMCreateCredentials }}
 
+    - name: Login to OpenStack
+      if: inputs.cloudProvider == 'stackit'
+      uses: ./.github/actions/login_openstack
+      with:
+        clouds_yaml: ${{inputs.openStackCloudsYaml }}
+
+    - name: Login to STACKIT
+      if: inputs.cloudProvider == 'stackit'
+      uses: ./.github/actions/login_stackit
+      with:
+        serviceAccountToken: ${{ inputs.stackitUat }}
+
     - name: Create prefix
       id: create-prefix
       shell: bash
@@ -244,7 +262,7 @@ runs:
       with:
         attestationVariant: ${{ inputs.attestationVariant }}
 
-    - name: Create IAM configuration
+    - name: Create Constellation config and IAM
       id: constellation-iam-create
       uses: ./.github/actions/constellation_iam_create
       with:
@@ -256,6 +274,7 @@ runs:
         azureRegion: ${{ inputs.regionZone || steps.pick-az-region.outputs.region  }}
         gcpProjectID: ${{ inputs.gcpProject }}
         gcpZone: ${{ inputs.regionZone || 'europe-west3-b' }}
+        stackitZone: ${{ inputs.regionZone || 'eu01-2' }}
         kubernetesVersion: ${{ inputs.kubernetesVersion }}
         additionalTags: "workflow=${{ github.run_id }}"
 

diff --git a/.github/actions/login_stackit/action.yml b/.github/actions/login_stackit/action.yml
@@ -0,0 +1,23 @@
+name: STACKIT login
+description: "Login to STACKIT"
+inputs:
+  serviceAccountToken:
+    description: "Credentials authorized to create Constellation on STACKIT."
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: Login to STACKIT
+      env:
+        UAT: ${{ inputs.serviceAccountToken }}
+      shell: bash
+      run: |
+          mkdir -p ~/.stackit
+          echo "${UAT}" > ~/.stackit/credentials.json
+    - name: Verify Login
+      shell: bash
+      run: |
+        sudo snap install stackit --beta --classic
+        stackit auth activate-service-account
+        stackit config set --project-id '8a694a67-be5a-4d2f-b109-b2128a7c991c'
+        stackit load-balancer list --output-format json
diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml
@@ -16,6 +16,7 @@ on:
           - "azure-sev-snp"
           - "azure-tdx"
           - "aws-sev-snp"
+          - "stackit-qemu-vtpm"
         default: "azure-sev-snp"
         required: true
       runner:
@@ -137,6 +138,7 @@ jobs:
       workerNodes: ${{ steps.split-nodeCount.outputs.workerNodes }}
       controlPlaneNodes: ${{ steps.split-nodeCount.outputs.controlPlaneNodes }}
       cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
+      attestationVariant: ${{ steps.split-attestationVariant.outputs.attestationVariant }}
     steps:
       - name: Split nodeCount
         id: split-nodeCount
@@ -161,6 +163,12 @@ jobs:
           attestationVariant="${{ inputs.attestationVariant }}"
           cloudProvider="${attestationVariant%%-*}"
 
+          # special case for STACKIT, as there's no special attestation variant for it
+          if [[ "${cloudProvider}" == "stackit" ]]; then
+            attestationVariant="qemu-vtpm"
+          fi
+
+          echo "attestationVariant=${attestationVariant}" | tee -a "$GITHUB_OUTPUT"
           echo "cloudProvider=${cloudProvider}" | tee -a "$GITHUB_OUTPUT"
 
   find-latest-image:
@@ -233,7 +241,7 @@ jobs:
           workerNodesCount: ${{ needs.generate-input-parameters.outputs.workerNodes }}
           controlNodesCount: ${{ needs.generate-input-parameters.outputs.controlPlaneNodes }}
           cloudProvider: ${{ needs.generate-input-parameters.outputs.cloudProvider }}
-          attestationVariant: ${{ inputs.attestationVariant }}
+          attestationVariant: ${{ needs.generate-input-parameters.outputs.attestationVariant }}
           machineType: ${{ inputs.machineType }}
           regionZone: ${{ inputs.regionZone }}
           gcpProject: constellation-e2e
@@ -262,6 +270,8 @@ jobs:
           marketplaceImageVersion: ${{ inputs.marketplaceImageVersion }}
           force: ${{ inputs.force }}
           encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
+          openStackCloudsYaml: ${{ secrets.STACKIT_CI_CLOUDS_YAML }}
+          stackitUat: ${{ secrets.STACKIT_CI_UAT }}
 
       - name: Always terminate cluster
         if: always()