Handle sidecar-digest overrides when releasing from an ACR #8
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "PR Validation: CCF Provider" | |
on: | |
workflow_dispatch: | |
pull_request: | |
branches: | |
- main | |
- release | |
permissions: | |
id-token: write | |
contents: read # This is required for actions/checkout | |
checks: write # This is required to generate the test report | |
# When a new revision is pushed to a PR, cancel all in-progress CI runs for that | |
# PR. See https://docs.github.com/en/actions/using-jobs/using-concurrency | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build-containers: | |
runs-on: ["self-hosted", "1ES.Pool=azure-cleanroom-public"] | |
environment: pr | |
env: | |
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
RUN_ID: ${{ github.run_id }} | |
JOB_ID: ${{ github.job }} | |
steps: | |
- name: Delete huge unnecessary tools folder # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 | |
run: rm -rf /opt/hostedtoolcache | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Add docker user | |
shell: bash | |
run: sudo usermod -aG docker $USER | |
- shell: pwsh | |
run: Install-Module -Name powershell-yaml -Force | |
# build-ccf-network-security-policy.ps1 uses confcom. | |
- name: Install confcom extension | |
shell: pwsh | |
run: | | |
az extension add --name confcom -y --allow-preview true | |
az version | |
- name: Login to Azure and refresh token | |
uses: ./.github/actions/login-to-azure | |
env: | |
CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
- name: Log in to Azure Container Registry | |
shell: pwsh | |
run: az acr login -n ${{ vars.ACR_URL }} | |
- name: Build CCF containers | |
run: pwsh ./build/ccf/build-ccf-infra-containers.ps1 -tag ${{ github.run_id }} -repo ${{ vars.ACR_URL }} -push -pushPolicy | |
docker-operator-recovery: | |
runs-on: ["self-hosted", "1ES.Pool=azure-cleanroom-public"] | |
environment: pr | |
needs: [build-containers] | |
env: | |
RUN_ID: ${{ github.run_id }} | |
JOB_ID: ${{ github.job }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Login to Azure and refresh token | |
uses: ./.github/actions/login-to-azure | |
env: | |
CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
- name: Deploy local virtual CCF network via CCF provider | |
run: pwsh ./samples/ccf/ccf-provider/azcli/deploy-ccf.ps1 -infraType virtual -nodeCount 3 -registryUrl ${{ vars.ACR_URL }} -tag ${{ github.run_id }} | |
- name: Dump cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs ccf-provider-governance-cgs-client-1 | |
- name: Dump ccf-provider-client logs | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
- name: Test CGS sample on a local virtual CCF network deployed via CCF provider | |
run: pwsh ./samples/ccf/ccf-provider/azcli/deploy-cgs.ps1 | |
- name: Dump member0 cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs member0-governance-cgs-client-1 | |
- name: Recover local virtual CCF network via operator recovery | |
run: pwsh ./samples/ccf/ccf-provider/azcli/recover-ccf.ps1 -nodeCount 3 | |
- name: Validate CGS state after recovery | |
run: pwsh ./samples/ccf/ccf-provider/azcli/validate-cgs-recovery.ps1 | |
- name: Dump ccf-provider-client logs after recovery | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
# docker-operator-recovery-new-name: | |
# runs-on: ["self-hosted", "1ES.Pool=azure-cleanroom-public"] | |
# environment: pr | |
# needs: [build-containers] | |
# env: | |
# RUN_ID: ${{ github.run_id }} | |
# JOB_ID: ${{ github.job }} | |
# steps: | |
# - uses: actions/checkout@v4 | |
# with: | |
# submodules: recursive | |
# - name: Login to Azure and refresh token | |
# uses: ./.github/actions/login-to-azure | |
# env: | |
# CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
# TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
# SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
# | |
# - name: Deploy local virtual CCF network via CCF provider | |
# run: pwsh ./samples/ccf/ccf-provider/azcli/deploy-ccf.ps1 -infraType virtual -nodeCount 3 -registryUrl ${{ vars.ACR_URL }} -tag ${{ github.run_id }} | |
# - name: Dump cgs-client logs | |
# if: ${{ !cancelled() }} | |
# shell: pwsh | |
# run: docker logs ccf-provider-governance-cgs-client-1 | |
# - name: Dump ccf-provider-client logs | |
# shell: pwsh | |
# if: ${{ !cancelled() }} | |
# run: docker logs ccf-provider-client-1 | |
# - name: Test CGS sample on a local virtual CCF network deployed via CCF provider | |
# # Trigger snapshot post completion as this recovery is only off a snapshot | |
# # (and no committed ledger files or the latest RW ledger file) so that recovery has | |
# # the latest data available. | |
# run: pwsh ./samples/ccf/ccf-provider/azcli/deploy-cgs.ps1 -triggerSnapshotOnCompletion | |
# - name: Dump member0 cgs-client logs | |
# if: ${{ !cancelled() }} | |
# shell: pwsh | |
# run: docker logs member0-governance-cgs-client-1 | |
# - name: Recover local virtual CCF network via operator recovery | |
# run: pwsh ./samples/ccf/ccf-provider/azcli/recover-ccf.ps1 -nodeCount 3 -targetNetworkName testnet-virtual-r | |
# - name: Validate CGS state after recovery | |
# run: pwsh ./samples/ccf/ccf-provider/azcli/validate-cgs-recovery.ps1 -targetNetworkName testnet-virtual-r | |
# - name: Dump ccf-provider-client logs after recovery | |
# shell: pwsh | |
# if: ${{ !cancelled() }} | |
# run: docker logs ccf-provider-client-1 | |
docker-confidential-recovery: | |
runs-on: ["self-hosted", "1ES.Pool=azure-cleanroom-public"] | |
environment: pr | |
needs: [build-containers] | |
env: | |
RUN_ID: ${{ github.run_id }} | |
JOB_ID: ${{ github.job }} | |
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Login to Azure and refresh token | |
uses: ./.github/actions/login-to-azure | |
env: | |
CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
- name: Deploy local virtual CCF network via CCF provider | |
run: pwsh ./samples/ccf/ccf-provider/azcli/deploy-ccf.ps1 -infraType virtual -nodeCount 3 -confidentialRecovery -registryUrl ${{ vars.ACR_URL }} -tag ${{ github.run_id }} | |
- name: Dump cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs ccf-provider-governance-cgs-client-1 | |
- name: Dump ccf-provider-client logs | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
- name: Dump ccf-recovery-agent logs | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: pwsh ./samples/ccf/ccf-provider/azcli/show-docker-logs.ps1 -label "ccf-network/type=recovery-agent" | |
- name: Dump ccf-recovery-service logs | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: pwsh ./samples/ccf/ccf-provider/azcli/show-docker-logs.ps1 -label "ccf-recovery-service/type=recovery-service" | |
- name: Test CGS sample on a local virtual CCF network deployed via CCF provider | |
run: pwsh ./samples/ccf/ccf-provider/azcli/deploy-cgs.ps1 | |
- name: Dump member0 cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs member0-governance-cgs-client-1 | |
- name: Recover local virtual CCF network via confidential recovery | |
run: pwsh ./samples/ccf/ccf-provider/azcli/recover-ccf.ps1 -nodeCount 3 -confidentialRecovery | |
- name: Validate CGS state after recovery | |
run: pwsh ./samples/ccf/ccf-provider/azcli/validate-cgs-recovery.ps1 | |
- name: Dump ccf-provider-client logs after recovery | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
- name: Dump ccf-recovery-agent logs after recovery | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: pwsh ./samples/ccf/ccf-provider/azcli/show-docker-logs.ps1 -label "ccf-network/type=recovery-agent" | |
- name: Dump ccf-recovery-service logs after recovery | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: pwsh ./samples/ccf/ccf-provider/azcli/show-docker-logs.ps1 -label "ccf-recovery-service/type=recovery-service" | |
docker-confidential-recovery-onestep: | |
runs-on: ["self-hosted", "1ES.Pool=azure-cleanroom-public"] | |
environment: pr | |
needs: [build-containers] | |
env: | |
RUN_ID: ${{ github.run_id }} | |
JOB_ID: ${{ github.job }} | |
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Login to Azure and refresh token | |
uses: ./.github/actions/login-to-azure | |
env: | |
CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
- name: Deploy local virtual CCF network via CCF provider | |
run: pwsh ./samples/ccf/ccf-provider/azcli/deploy-ccf.ps1 -infraType virtual -nodeCount 3 -confidentialRecovery -oneStepConfigureConfidentialRecovery -registryUrl ${{ vars.ACR_URL }} -tag ${{ github.run_id }} | |
- name: Dump cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs ccf-provider-governance-cgs-client-1 | |
- name: Dump ccf-provider-client logs | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
- name: Dump ccf-recovery-agent logs | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: pwsh ./samples/ccf/ccf-provider/azcli/show-docker-logs.ps1 -label "ccf-network/type=recovery-agent" | |
- name: Dump ccf-recovery-service logs | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: pwsh ./samples/ccf/ccf-provider/azcli/show-docker-logs.ps1 -label "ccf-recovery-service/type=recovery-service" | |
- name: Test CGS sample on a local virtual CCF network deployed via CCF provider | |
run: pwsh ./samples/ccf/ccf-provider/azcli/deploy-cgs.ps1 | |
- name: Dump member0 cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs member0-governance-cgs-client-1 | |
- name: Recover local virtual CCF network via confidential recovery | |
run: pwsh ./samples/ccf/ccf-provider/azcli/recover-ccf.ps1 -nodeCount 3 -confidentialRecovery -oneStepRecovery | |
- name: Validate CGS state after recovery | |
run: pwsh ./samples/ccf/ccf-provider/azcli/validate-cgs-recovery.ps1 | |
- name: Dump ccf-provider-client logs after recovery | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
- name: Dump ccf-recovery-agent logs after recovery | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: pwsh ./samples/ccf/ccf-provider/azcli/show-docker-logs.ps1 -label "ccf-network/type=recovery-agent" | |
- name: Dump ccf-recovery-service logs after recovery | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: pwsh ./samples/ccf/ccf-provider/azcli/show-docker-logs.ps1 -label "ccf-recovery-service/type=recovery-service" | |
aci: | |
runs-on: ["self-hosted", "1ES.Pool=azure-cleanroom-public"] | |
environment: pr | |
needs: [build-containers] | |
env: | |
RUN_ID: ${{ github.run_id }} | |
JOB_ID: ${{ github.job }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Login to Azure and refresh token | |
uses: ./.github/actions/login-to-azure | |
env: | |
CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
- name: Deploy a virtual ACI CCF network via CCF provider | |
# TODO (gsinha): Passing nodeCount as 1 and -NoTest (which does scale up) as an N node cluster is at times failing to join the start node with an SSL error. | |
run: pwsh ./samples/ccf/ccf-provider/azcli/deploy-ccf.ps1 -infraType virtualaci -nodeCount 1 -NoTest -registryUrl ${{ vars.ACR_URL }} -tag ${{ github.run_id }} | |
- name: Dump cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs ccf-provider-governance-cgs-client-1 | |
- name: Dump ccf-provider-client logs | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
- name: Test CGS sample on a virtual ACI CCF network deployed via CCF provider | |
run: pwsh ./samples/ccf/ccf-provider/azcli/deploy-cgs.ps1 | |
- name: Dump member0 cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs member0-governance-cgs-client-1 | |
- name: Delete resource groups | |
if: success() | |
shell: pwsh | |
run: ./samples/ccf/ccf-provider/azcli/remove-resources.ps1 -tag "github_actions=ccf-network-${{ github.job }}-${{ github.run_id }}" | |
caci-local-storage: | |
runs-on: ["self-hosted", "1ES.Pool=azure-cleanroom-public"] | |
environment: pr | |
needs: [build-containers] | |
env: | |
RUN_ID: ${{ github.run_id }} | |
JOB_ID: ${{ github.job }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Login to Azure and refresh token | |
uses: ./.github/actions/login-to-azure | |
env: | |
CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
- name: Deploy a CACI CCF network via CCF provider | |
# TODO (gsinha): Passing nodeCount as 1 and as an N node cluster is at times failing to join the start node with an SSL error. | |
run: > | |
pwsh ./samples/ccf/ccf-provider/azcli/deploy-ccf.ps1 | |
-infraType caci | |
-nodeCount 1 | |
-securityPolicyCreationOption cached-debug | |
-nodeStorageType localfs | |
-registryUrl ${{ vars.ACR_URL }} | |
-tag ${{ github.run_id }} | |
- name: Dump cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs ccf-provider-governance-cgs-client-1 | |
- name: Dump ccf-provider-client logs | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
- name: Test CGS sample on a CACI CCF network deployed via CCF provider | |
run: pwsh ./samples/ccf/ccf-provider/azcli/deploy-cgs.ps1 | |
- name: Dump member0 cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs member0-governance-cgs-client-1 | |
- name: Delete resource groups | |
if: success() | |
shell: pwsh | |
run: ./samples/ccf/ccf-provider/azcli/remove-resources.ps1 -tag "github_actions=ccf-network-${{ github.job }}-${{ github.run_id }}" | |
caci-operator-recovery: | |
runs-on: ["self-hosted", "1ES.Pool=azure-cleanroom-public"] | |
environment: pr | |
needs: [build-containers] | |
env: | |
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
RUN_ID: ${{ github.run_id }} | |
JOB_ID: ${{ github.job }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Login to Azure and refresh token | |
uses: ./.github/actions/login-to-azure | |
env: | |
CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
- name: Deploy a CACI CCF network via CCF provider | |
# TODO (gsinha): Passing nodeCount as 1 as creating an N node cluster is at times failing to join the start node with an SSL error. | |
# Scaling up to N nodes after creating a 1 node network does not hit the issue. | |
run: > | |
pwsh ./samples/ccf/ccf-provider/azcli/deploy-ccf.ps1 | |
-infraType caci | |
-nodeCount 1 | |
-securityPolicyCreationOption cached-debug | |
-registryUrl ${{ vars.ACR_URL }} | |
-tag ${{ github.run_id }} | |
- name: Dump cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs ccf-provider-governance-cgs-client-1 | |
- name: Dump ccf-provider-client logs | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
- name: Test CGS sample on a CACI CCF network deployed via CCF provider | |
run: pwsh ./samples/ccf/ccf-provider/azcli/deploy-cgs.ps1 | |
- name: Dump member0 cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs member0-governance-cgs-client-1 | |
- name: Recover single node CACI CCF network via operator recovery in one step | |
run: > | |
pwsh ./samples/ccf/ccf-provider/azcli/recover-ccf.ps1 | |
-oneStepRecovery | |
-nodeCount 1 | |
-securityPolicyCreationOption cached-debug | |
- name: Validate CGS state after recovery | |
run: pwsh ./samples/ccf/ccf-provider/azcli/validate-cgs-recovery.ps1 | |
- name: Upgrade single node CACI CCF network via scale up | |
run: > | |
pwsh ./samples/ccf/ccf-provider/azcli/test-ccf-upgrade-via-scale-up.ps1 | |
- name: Validate CGS state after upgrade (scale up) | |
run: pwsh ./samples/ccf/ccf-provider/azcli/validate-cgs-recovery.ps1 | |
- name: Dump ccf-provider-client logs after recovery | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
- name: Delete resource groups | |
if: success() | |
shell: pwsh | |
run: ./samples/ccf/ccf-provider/azcli/remove-resources.ps1 -tag "github_actions=ccf-network-${{ github.job }}-${{ github.run_id }}" | |
caci-confidential-recovery: | |
runs-on: ["self-hosted", "1ES.Pool=azure-cleanroom-public"] | |
environment: pr | |
needs: [build-containers] | |
env: | |
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
RUN_ID: ${{ github.run_id }} | |
JOB_ID: ${{ github.job }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Login to Azure and refresh token | |
uses: ./.github/actions/login-to-azure | |
env: | |
CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
- name: Deploy a CACI CCF network via CCF provider | |
# TODO (gsinha): Passing nodeCount as 1 as creating an N node cluster is at times failing to join the start node with an SSL error. | |
# Scaling up to N nodes after creating a 1 node network does not hit the issue. | |
run: > | |
pwsh ./samples/ccf/ccf-provider/azcli/deploy-ccf.ps1 | |
-infraType caci | |
-nodeCount 1 | |
-securityPolicyCreationOption cached-debug | |
-confidentialRecovery | |
-oneStepConfigureConfidentialRecovery | |
-registryUrl ${{ vars.ACR_URL }} | |
-tag ${{ github.run_id }} | |
- name: Dump cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs ccf-provider-governance-cgs-client-1 | |
- name: Dump ccf-provider-client logs | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
- name: Test CGS sample on a CACI CCF network deployed via CCF provider | |
run: pwsh ./samples/ccf/ccf-provider/azcli/deploy-cgs.ps1 | |
- name: Dump member0 cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs member0-governance-cgs-client-1 | |
- name: Recover single node CACI CCF network via confidential recovery | |
run: > | |
pwsh ./samples/ccf/ccf-provider/azcli/recover-ccf.ps1 | |
-nodeCount 1 | |
-confidentialRecovery | |
-securityPolicyCreationOption cached-debug | |
- name: Validate CGS state after recovery | |
run: pwsh ./samples/ccf/ccf-provider/azcli/validate-cgs-recovery.ps1 | |
- name: Dump ccf-provider-client logs after recovery | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
- name: Delete resource groups | |
if: success() | |
shell: pwsh | |
run: ./samples/ccf/ccf-provider/azcli/remove-resources.ps1 -tag "github_actions=ccf-network-${{ github.job }}-${{ github.run_id }}" | |
caci-confidential-recovery-ccf-upgrade: | |
runs-on: ["self-hosted", "1ES.Pool=azure-cleanroom-public"] | |
environment: pr | |
needs: [build-containers] | |
env: | |
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
RUN_ID: ${{ github.run_id }} | |
JOB_ID: ${{ github.job }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Login to Azure and refresh token | |
uses: ./.github/actions/login-to-azure | |
env: | |
CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
- name: Deploy a CACI CCF network via CCF provider | |
# TODO (gsinha): Passing nodeCount as 1 as creating an N node cluster is at times failing to join the start node with an SSL error. | |
# Scaling up to N nodes after creating a 1 node network does not hit the issue. | |
# Passing -NoTest to avoid scale up testing to save time. Other tests cover it. | |
run: > | |
pwsh ./samples/ccf/ccf-provider/azcli/deploy-ccf.ps1 | |
-infraType caci | |
-nodeCount 1 | |
-NoTest | |
-securityPolicyCreationOption cached-debug | |
-confidentialRecovery | |
-oneStepConfigureConfidentialRecovery | |
-registryUrl ${{ vars.ACR_URL }} | |
-tag ${{ github.run_id }} | |
- name: Dump cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs ccf-provider-governance-cgs-client-1 | |
- name: Dump ccf-provider-client logs | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
- name: Test CGS sample on a CACI CCF network deployed via CCF provider | |
run: pwsh ./samples/ccf/ccf-provider/azcli/deploy-cgs.ps1 | |
- name: Dump member0 cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs member0-governance-cgs-client-1 | |
- name: Upgrade single node CACI CCF network via confidential recovery | |
run: > | |
pwsh ./samples/ccf/ccf-provider/azcli/test-ccf-upgrade-via-confidential-recovery.ps1 | |
- name: Validate CGS state after upgrade (recovery) | |
run: pwsh ./samples/ccf/ccf-provider/azcli/validate-cgs-recovery.ps1 | |
- name: Dump ccf-provider-client logs after recovery | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
- name: Upgrade single node CACI CCF network via scale up | |
run: > | |
pwsh ./samples/ccf/ccf-provider/azcli/test-ccf-upgrade-via-scale-up.ps1 | |
- name: Validate CGS state after upgrade (scale up) | |
run: pwsh ./samples/ccf/ccf-provider/azcli/validate-cgs-recovery.ps1 | |
- name: Dump ccf-provider-client logs after scale up | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
- name: Delete resource groups | |
if: success() | |
shell: pwsh | |
run: ./samples/ccf/ccf-provider/azcli/remove-resources.ps1 -tag "github_actions=ccf-network-${{ github.job }}-${{ github.run_id }}" | |
caci-confidential-recovery-recsvc-upgrade: | |
runs-on: ["self-hosted", "1ES.Pool=azure-cleanroom-public"] | |
environment: pr | |
needs: [build-containers] | |
env: | |
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
RUN_ID: ${{ github.run_id }} | |
JOB_ID: ${{ github.job }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Login to Azure and refresh token | |
uses: ./.github/actions/login-to-azure | |
env: | |
CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
- name: Deploy a CACI CCF network via CCF provider | |
# TODO (gsinha): Passing nodeCount as 1 as creating an N node cluster is at times failing to join the start node with an SSL error. | |
# Scaling up to N nodes after creating a 1 node network does not hit the issue. | |
# Passing -NoTest to avoid scale up testing to save time. Other tests cover it. | |
run: > | |
pwsh ./samples/ccf/ccf-provider/azcli/deploy-ccf.ps1 | |
-infraType caci | |
-nodeCount 1 | |
-NoTest | |
-securityPolicyCreationOption cached-debug | |
-confidentialRecovery | |
-oneStepConfigureConfidentialRecovery | |
-registryUrl ${{ vars.ACR_URL }} | |
-tag ${{ github.run_id }} | |
- name: Dump cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs ccf-provider-governance-cgs-client-1 | |
- name: Dump ccf-provider-client logs | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
- name: Test CGS sample on a CACI CCF network deployed via CCF provider | |
run: pwsh ./samples/ccf/ccf-provider/azcli/deploy-cgs.ps1 | |
- name: Dump member0 cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs member0-governance-cgs-client-1 | |
- name: Upgrade recovery service and recover single node CACI CCF network | |
run: > | |
pwsh ./samples/ccf/ccf-provider/azcli/test-recovery-service-upgrade.ps1 | |
-nodeCount 1 | |
-OneStepRecovery | |
-securityPolicyCreationOption cached-debug | |
- name: Validate CGS state after upgrade (recovery) | |
run: pwsh ./samples/ccf/ccf-provider/azcli/validate-cgs-recovery.ps1 | |
- name: Dump ccf-provider-client logs after recovery service upgrade | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
- name: Delete resource groups | |
if: success() | |
shell: pwsh | |
run: ./samples/ccf/ccf-provider/azcli/remove-resources.ps1 -tag "github_actions=ccf-network-${{ github.job }}-${{ github.run_id }}" | |
caci-allow-all-confidential-recovery: | |
runs-on: ["self-hosted", "1ES.Pool=azure-cleanroom-public"] | |
environment: pr | |
needs: [build-containers] | |
env: | |
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
RUN_ID: ${{ github.run_id }} | |
JOB_ID: ${{ github.job }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Login to Azure and refresh token | |
uses: ./.github/actions/login-to-azure | |
env: | |
CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
- name: Deploy a CACI CCF network via CCF provider | |
# TODO (gsinha): Passing nodeCount as 1 as creating an N node cluster is at times failing to join the start node with an SSL error. | |
# Scaling up to N nodes after creating a 1 node network does not hit the issue. | |
run: > | |
pwsh ./samples/ccf/ccf-provider/azcli/deploy-ccf.ps1 | |
-infraType caci | |
-nodeCount 1 | |
-securityPolicyCreationOption allow-all | |
-confidentialRecovery | |
-oneStepConfigureConfidentialRecovery | |
-registryUrl ${{ vars.ACR_URL }} | |
-tag ${{ github.run_id }} | |
- name: Dump cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs ccf-provider-governance-cgs-client-1 | |
- name: Dump ccf-provider-client logs | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
- name: Test CGS sample on a CACI CCF network deployed via CCF provider | |
run: pwsh ./samples/ccf/ccf-provider/azcli/deploy-cgs.ps1 | |
- name: Dump member0 cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs member0-governance-cgs-client-1 | |
- name: Recover single node CACI CCF network via confidential recovery | |
run: > | |
pwsh ./samples/ccf/ccf-provider/azcli/recover-ccf.ps1 | |
-nodeCount 1 | |
-confidentialRecovery | |
-securityPolicyCreationOption allow-all | |
- name: Validate CGS state after recovery | |
run: pwsh ./samples/ccf/ccf-provider/azcli/validate-cgs-recovery.ps1 | |
- name: Dump ccf-provider-client logs after recovery | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
- name: Delete resource groups | |
if: success() | |
shell: pwsh | |
run: ./samples/ccf/ccf-provider/azcli/remove-resources.ps1 -tag "github_actions=ccf-network-${{ github.job }}-${{ github.run_id }}" | |
caci-confidential-recovery-onestep: | |
runs-on: ["self-hosted", "1ES.Pool=azure-cleanroom-public"] | |
environment: pr | |
needs: [build-containers] | |
env: | |
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
RUN_ID: ${{ github.run_id }} | |
JOB_ID: ${{ github.job }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Login to Azure and refresh token | |
uses: ./.github/actions/login-to-azure | |
env: | |
CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
- name: Deploy a CACI CCF network via CCF provider | |
# TODO (gsinha): Passing nodeCount as 1 as creating an N node cluster is at times failing to join the start node with an SSL error. | |
# Scaling up to N nodes after creating a 1 node network does not hit the issue. | |
run: > | |
pwsh ./samples/ccf/ccf-provider/azcli/deploy-ccf.ps1 | |
-infraType caci | |
-nodeCount 1 | |
-securityPolicyCreationOption cached-debug | |
-confidentialRecovery | |
-oneStepConfigureConfidentialRecovery | |
-registryUrl ${{ vars.ACR_URL }} | |
-tag ${{ github.run_id }} | |
-location westus | |
- name: Dump cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs ccf-provider-governance-cgs-client-1 | |
- name: Dump ccf-provider-client logs | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
- name: Test CGS sample on a CACI CCF network deployed via CCF provider | |
run: pwsh ./samples/ccf/ccf-provider/azcli/deploy-cgs.ps1 | |
- name: Dump member0 cgs-client logs | |
if: ${{ !cancelled() }} | |
shell: pwsh | |
run: docker logs member0-governance-cgs-client-1 | |
- name: Recover single node CACI CCF network via confidential recovery in one step | |
run: > | |
pwsh ./samples/ccf/ccf-provider/azcli/recover-ccf.ps1 | |
-nodeCount 1 | |
-oneStepRecovery | |
-confidentialRecovery | |
-securityPolicyCreationOption cached-debug | |
- name: Validate CGS state after recovery | |
run: pwsh ./samples/ccf/ccf-provider/azcli/validate-cgs-recovery.ps1 | |
- name: Dump ccf-provider-client logs after recovery | |
shell: pwsh | |
if: ${{ !cancelled() }} | |
run: docker logs ccf-provider-client-1 | |
- name: Delete resource groups | |
if: success() | |
shell: pwsh | |
run: ./samples/ccf/ccf-provider/azcli/remove-resources.ps1 -tag "github_actions=ccf-network-${{ github.job }}-${{ github.run_id }}" |