Add examplary e2e workflow

Signed-off-by: Magnus Kulke <[email protected]>
kinvolk · Apr 25, 2023 · f16d96c · f16d96c
1 parent 0692aa9
commit f16d96c
Show file tree

Hide file tree

Showing 3 changed files with 119 additions and 11 deletions.
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
@@ -0,0 +1,88 @@
+name: e2e
+
+on:
+  push:
+    branches:
+    - mkulke/restricted-environment
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  build-and-run-example:
+    runs-on: ubuntu-latest
+    environment: restricted
+    steps:
+    - name: Create resource suffix
+      run: >
+        echo "SUFFIX=$(echo $RANDOM | md5sum | head -c6)"
+        >> "$GITHUB_ENV"
+
+    - uses: actions/checkout@v3
+
+    - name: Az CLI login
+      uses: azure/login@v1
+      with:
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+    - uses: actions-rs/toolchain@v1
+      with:
+        profile: minimal
+        toolchain: stable
+
+    - name: Build example project
+      working-directory: ./az-snp-vtpm
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y libtss2-dev
+        cargo build --release -p example
+
+    - name: Create SSH key pair
+      run: ssh-keygen -t rsa -b 4096 -N "" -f ~/.ssh/id_rsa
+
+    - name: Create VM resources
+      working-directory: ./az-snp-vtpm
+      env:
+        LOCATION: eastus
+        ASSIGN_PUBLIC_IP: 'true'
+        CVM_RESOURCE_GROUP: ${{ vars.RESOURCE_GROUP }}
+      run: |
+        make deploy
+        public_ip=$(az network public-ip show \
+          -g "$CVM_RESOURCE_GROUP" \
+          -n "cvm-${SUFFIX}-ip" \
+          --query ipAddress \
+          -o tsv)
+        echo "PUBLIC_IP=$public_ip" >> "$GITHUB_ENV"
+
+    - name: Copy bin to cvm
+      working-directory: ./az-snp-vtpm
+      run: > 
+        scp 
+        -o StrictHostKeyChecking=no
+        target/release/example
+        "azureuser@${PUBLIC_IP}:"
+
+    - name: Install dependency on CVM
+      run: >
+        ssh 
+        -o StrictHostKeyChecking=no
+        "azureuser@${PUBLIC_IP}"
+        -C "sudo apt-get update && sudo apt-get install -y libtss2-tctildr0"
+
+    - name: Execute example on CVM
+      run: > 
+        ssh
+        -o StrictHostKeyChecking=no
+        "azureuser@${PUBLIC_IP}"
+        -C "sudo ./example"
+
+    - name: Delete VM resources
+      if: always()
+      working-directory: ./az-snp-vtpm
+      env:
+        CVM_RESOURCE_GROUP: ${{ vars.RESOURCE_GROUP }}
+      run: make delete
diff --git a/az-snp-vtpm/Makefile b/az-snp-vtpm/Makefile
@@ -1,8 +1,6 @@
-CVM_RESOURCE_GROUP ?= <cvm rg>
+CVM_RESOURCE_GROUP ?= azure-cvm-tooling-ci
 LOCATION ?= eastus
-VNET_ID ?= /subscriptions/<sub id>/resourceGroups/<vnet rg>/providers/Microsoft.Network/virtualNetworks/<vnet name>
 IMAGE_ID ?= -
-SUBNET_NAME ?= default
 SSH_PUB_KEY_PATH ?= ~/.ssh/id_rsa.pub
 ADMIN_PUBLIC_KEY = $(shell cat $(SSH_PUB_KEY_PATH))
 ifeq ($(SUFFIX),)
@@ -19,8 +17,6 @@ deploy:
 		--name $(VM_NAME) \
 		--parameters virtualMachineName=$(VM_NAME) \
 		--parameters location=$(LOCATION) \
-		--parameters subnetName=$(SUBNET_NAME) \
-		--parameters vnetId=$(VNET_ID) \
 		$(if $(IMAGE_ID:-=),--parameters imageId=$(IMAGE_ID)) \
 		--parameters adminPublicKey='$(ADMIN_PUBLIC_KEY)' \
 		--parameters assignPublicIP=$(ASSIGN_PUBLIC_IP) && \
@@ -39,4 +35,7 @@ delete:
 		--yes && \
 	az network public-ip delete \
 		--resource-group $(CVM_RESOURCE_GROUP) \
-		--name $(VM_NAME)-ip
+		--name $(VM_NAME)-ip && \
+	az network vnet delete \
+		--resource-group azure-cvm-tooling-ci \
+		--name $(VM_NAME)-vnet
diff --git a/az-snp-vtpm/arm/cvm.bicep b/az-snp-vtpm/arm/cvm.bicep
@@ -1,6 +1,5 @@
 param location string
-param subnetName string
-param vnetId string
+param subnetId string = ''
 param virtualMachineName string
 param imageId string = ''
 param osDiskType string = 'Premium_LRS'
@@ -9,16 +8,18 @@ param virtualMachineSize string = 'Standard_DC2as_v5'
 param nicDeleteOption string = 'Delete'
 param adminUsername string = 'azureuser'
 param assignPublicIP bool = false
-
 @secure()
 param adminPublicKey string
 param securityType string = 'ConfidentialVM'
 param secureBoot bool = true
 param vTPM bool = true
 
-var subnetRef = '${vnetId}/subnets/${subnetName}'
 var networkInterfaceName = '${virtualMachineName}-nic'
 var publicIPName = '${virtualMachineName}-ip'
+var virtualNetworkName = '${virtualMachineName}-vnet'
+var subnetName = '${virtualMachineName}-subnet'
+var subnetAddressPrefix = '10.1.0.0/24'
+var addressPrefix = '10.1.0.0/16'
 
 resource publicIP_resource 'Microsoft.Network/publicIPAddresses@2022-07-01' = if (assignPublicIP == true) {
   name: publicIPName
@@ -28,6 +29,26 @@ resource publicIP_resource 'Microsoft.Network/publicIPAddresses@2022-07-01' = if
   }
 }
 
+resource virtualNetwork_resource 'Microsoft.Network/virtualNetworks@2021-05-01' = if (subnetId == '') {
+  name: virtualNetworkName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        addressPrefix
+      ]
+    }
+  }
+}
+
+resource subnet_resource 'Microsoft.Network/virtualNetworks/subnets@2021-05-01' = if (subnetId == '') {
+  parent: virtualNetwork_resource
+  name: subnetName
+  properties: {
+    addressPrefix: subnetAddressPrefix
+  }
+}
+
 resource networkInterfaceName_resource 'Microsoft.Network/networkInterfaces@2021-08-01' = {
   name: networkInterfaceName
   location: location
@@ -38,7 +59,7 @@ resource networkInterfaceName_resource 'Microsoft.Network/networkInterfaces@2021
         properties: {
           subnet: {
             #disable-next-line use-resource-id-functions
-            id: subnetRef
+            id: (subnetId == '') ? subnet_resource.id : subnetId
           }
           privateIPAllocationMethod: 'Dynamic'
           publicIPAddress: assignPublicIP ? {