From bd17f455c6cc3984b91cc4d50ca88859cdb260a7 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 22 Oct 2024 11:42:08 +0200 Subject: [PATCH 1/8] ci: add action for STACKIT login --- .github/actions/login_stackit/action.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .github/actions/login_stackit/action.yml diff --git a/.github/actions/login_stackit/action.yml b/.github/actions/login_stackit/action.yml new file mode 100644 index 0000000000..de668ea4da --- /dev/null +++ b/.github/actions/login_stackit/action.yml @@ -0,0 +1,16 @@ +name: STACKIT login +description: "Login to STACKIT" +inputs: + serviceAccountToken: + description: "Credentials authorized to create Constellation on STACKIT." + required: true +runs: + using: "composite" + steps: + - name: Login to STACKIT + env: + UAT: ${{ inputs.serviceAccountToken }} + shell: bash + run: | + mkdir -p ~/.stackit + echo "${UAT}" > ~/.stackit/credentials.json From cf14e722aec36274aa561ba80128cd8bfe9f938c Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 22 Oct 2024 11:42:29 +0200 Subject: [PATCH 2/8] ci: handle STACKIT attestation --- .github/workflows/e2e-test.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index 11fc818494..5021c5cd26 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -16,6 +16,7 @@ on: - "azure-sev-snp" - "azure-tdx" - "aws-sev-snp" + - "stackit-qemu-vtpm" default: "azure-sev-snp" required: true runner: @@ -161,6 +162,11 @@ jobs: attestationVariant="${{ inputs.attestationVariant }}" cloudProvider="${attestationVariant%%-*}" + # special case for STACKIT, as there's no special attestation variant for it + if [[ "${cloudProvider}" == "stackit" ]]; then + echo "attestationVariant=qemu-vtpm" | tee -a "$GITHUB_OUTPUT" + fi + echo "cloudProvider=${cloudProvider}" | tee -a "$GITHUB_OUTPUT" find-latest-image: From d7967f3085fcf2d2902ead891337f3bd90dfca8a Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 22 Oct 2024 11:42:36 +0200 Subject: [PATCH 3/8] ci: login to STACKIT --- .github/actions/e2e_test/action.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/actions/e2e_test/action.yml b/.github/actions/e2e_test/action.yml index c2cca982d9..d246bc8f61 100644 --- a/.github/actions/e2e_test/action.yml +++ b/.github/actions/e2e_test/action.yml @@ -229,6 +229,18 @@ runs: with: azure_credentials: ${{ inputs.azureIAMCreateCredentials }} + - name: Login to OpenStack + if: inputs.cloudProvider == 'stackit' + uses: ./.github/actions/login_openstack + with: + clouds_yaml: ${{ secrets.STACKIT_IMAGE_UPLOAD_CLOUDS_YAML }} + + - name: Login to STACKIT + if: inputs.cloudProvider == 'stackit' + uses: ./.github/actions/login_stackit + with: + serviceAccountToken: ${{ secrets.STACKIT_SERVICE_ACCOUNT_TOKEN }} + - name: Create prefix id: create-prefix shell: bash @@ -244,7 +256,7 @@ runs: with: attestationVariant: ${{ inputs.attestationVariant }} - - name: Create IAM configuration + - name: Create Constellation config and IAM id: constellation-iam-create uses: ./.github/actions/constellation_iam_create with: From 2ddcacd7ebde7c1fc4456555be6de1000e725998 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 22 Oct 2024 11:44:49 +0200 Subject: [PATCH 4/8] ci: set OpenStack project ID for STACKIT --- .github/actions/constellation_iam_create/action.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/actions/constellation_iam_create/action.yml b/.github/actions/constellation_iam_create/action.yml index a6607d9826..c7161f3435 100644 --- a/.github/actions/constellation_iam_create/action.yml +++ b/.github/actions/constellation_iam_create/action.yml @@ -104,3 +104,8 @@ runs: --update-config \ --tf-log=DEBUG \ --yes + + - name: Set OpenStack ID for STACKIT + shell: bash + run: | + yq eval -i "(.provider.openstack.stackitProjectID) = \"4353b88f06554808bc53e4ad70f530df\"" constellation-conf.yaml From 413b40dd227b794636f0c8db725296f87476ad21 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 22 Oct 2024 12:02:57 +0200 Subject: [PATCH 5/8] Revert "ci: set OpenStack project ID for STACKIT" This reverts commit 2ddcacd7ebde7c1fc4456555be6de1000e725998. --- .github/actions/constellation_iam_create/action.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/actions/constellation_iam_create/action.yml b/.github/actions/constellation_iam_create/action.yml index c7161f3435..a6607d9826 100644 --- a/.github/actions/constellation_iam_create/action.yml +++ b/.github/actions/constellation_iam_create/action.yml @@ -104,8 +104,3 @@ runs: --update-config \ --tf-log=DEBUG \ --yes - - - name: Set OpenStack ID for STACKIT - shell: bash - run: | - yq eval -i "(.provider.openstack.stackitProjectID) = \"4353b88f06554808bc53e4ad70f530df\"" constellation-conf.yaml From e0468d28fbc0080b99f32b1f195a3f94ae22d866 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 22 Oct 2024 12:03:01 +0200 Subject: [PATCH 6/8] Revert "ci: login to STACKIT" This reverts commit d7967f3085fcf2d2902ead891337f3bd90dfca8a. --- .github/actions/e2e_test/action.yml | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/.github/actions/e2e_test/action.yml b/.github/actions/e2e_test/action.yml index d246bc8f61..c2cca982d9 100644 --- a/.github/actions/e2e_test/action.yml +++ b/.github/actions/e2e_test/action.yml @@ -229,18 +229,6 @@ runs: with: azure_credentials: ${{ inputs.azureIAMCreateCredentials }} - - name: Login to OpenStack - if: inputs.cloudProvider == 'stackit' - uses: ./.github/actions/login_openstack - with: - clouds_yaml: ${{ secrets.STACKIT_IMAGE_UPLOAD_CLOUDS_YAML }} - - - name: Login to STACKIT - if: inputs.cloudProvider == 'stackit' - uses: ./.github/actions/login_stackit - with: - serviceAccountToken: ${{ secrets.STACKIT_SERVICE_ACCOUNT_TOKEN }} - - name: Create prefix id: create-prefix shell: bash @@ -256,7 +244,7 @@ runs: with: attestationVariant: ${{ inputs.attestationVariant }} - - name: Create Constellation config and IAM + - name: Create IAM configuration id: constellation-iam-create uses: ./.github/actions/constellation_iam_create with: From b7d8479495112fed8064c4c9f4e95c49efdfec4a Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 22 Oct 2024 12:03:12 +0200 Subject: [PATCH 7/8] Revert "ci: handle STACKIT attestation" This reverts commit cf14e722aec36274aa561ba80128cd8bfe9f938c. --- .github/workflows/e2e-test.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index 5021c5cd26..11fc818494 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -16,7 +16,6 @@ on: - "azure-sev-snp" - "azure-tdx" - "aws-sev-snp" - - "stackit-qemu-vtpm" default: "azure-sev-snp" required: true runner: @@ -162,11 +161,6 @@ jobs: attestationVariant="${{ inputs.attestationVariant }}" cloudProvider="${attestationVariant%%-*}" - # special case for STACKIT, as there's no special attestation variant for it - if [[ "${cloudProvider}" == "stackit" ]]; then - echo "attestationVariant=qemu-vtpm" | tee -a "$GITHUB_OUTPUT" - fi - echo "cloudProvider=${cloudProvider}" | tee -a "$GITHUB_OUTPUT" find-latest-image: From 4c955f8bb2dfd3a2c52f5d2fa8a938e1ee49da77 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 22 Oct 2024 12:03:15 +0200 Subject: [PATCH 8/8] Revert "ci: add action for STACKIT login" This reverts commit bd17f455c6cc3984b91cc4d50ca88859cdb260a7. --- .github/actions/login_stackit/action.yml | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100644 .github/actions/login_stackit/action.yml diff --git a/.github/actions/login_stackit/action.yml b/.github/actions/login_stackit/action.yml deleted file mode 100644 index de668ea4da..0000000000 --- a/.github/actions/login_stackit/action.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: STACKIT login -description: "Login to STACKIT" -inputs: - serviceAccountToken: - description: "Credentials authorized to create Constellation on STACKIT." - required: true -runs: - using: "composite" - steps: - - name: Login to STACKIT - env: - UAT: ${{ inputs.serviceAccountToken }} - shell: bash - run: | - mkdir -p ~/.stackit - echo "${UAT}" > ~/.stackit/credentials.json