From 969733b3b36a8b2b0835ac9f485f79fb8ab43e87 Mon Sep 17 00:00:00 2001
From: Kartik Joshi <kartikjoshi@microsoft.com>
Date: Thu, 1 Feb 2024 13:54:25 +0530
Subject: [PATCH] Provisioner: Add kbs provisioning steps in CI

Fixes: #1676
Signed-off-by: Kartik Joshi <kartikjoshi@microsoft.com>
---
 .github/workflows/azure-e2e-test.yml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/.github/workflows/azure-e2e-test.yml b/.github/workflows/azure-e2e-test.yml
index 4cba6f5af2..cf29b7f364 100644
--- a/.github/workflows/azure-e2e-test.yml
+++ b/.github/workflows/azure-e2e-test.yml
@@ -25,6 +25,12 @@ on:
       caa-image:
         type: string
         description: prebuilt caa image
+      kbs-image-id:
+        type: string
+        description: prebuild kbs image
+      kbs-image-tag:
+        type: string
+        description: prebuild kbs image tag
 
 jobs:
   generate-podvm-image-version:
@@ -116,10 +122,17 @@ jobs:
       with:
         go-version: ${{ env.GO_VERSION }}
 
+    - name: Extract provisioner environment
+      run: |
+        echo "KBS_IMAGE=$(yq -e '.oci.kbs.registry' versions.yaml)" >> "$GITHUB_ENV"
+        echo "KBS_IMAGE_TAG=$(yq -e '.oci.kbs.tag' versions.yaml)" >> "$GITHUB_ENV"
+
     - name: Create provisioner file
       env:
         AZURE_IMAGE_ID: ${{ github.event.inputs.podvm-image-id || format('/CommunityGalleries/{0}/images/{1}/Versions/{2}', vars.AZURE_COMMUNITY_GALLERY_NAME, vars.AZURE_PODVM_IMAGE_DEF_NAME, needs.generate-podvm-image-version.outputs.image-version) }}
         CAA_IMAGE: "${{ github.event.inputs.caa-image || needs.build-caa-container-image.outputs.caa-image }}"
+        KBS_IMAGE: ${{ github.event.inputs.kbs-image-id || env.KBS_IMAGE }}
+        KBS_IMAGE_TAG: ${{  github.event.inputs.kbs-image-tag || env.KBS_IMAGE_TAG}}
       run: |
         cat << EOF > "$TEST_PROVISION_FILE"
           AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}"
@@ -132,6 +145,8 @@ jobs:
           IS_CI_MANAGED_CLUSTER="true"
           MANAGED_IDENTITY_NAME="${{ secrets.AZURE_MANAGED_IDENTITY_NAME}}"
           CAA_IMAGE="${CAA_IMAGE}"
+          KBS_IMAGE="${KBS_IMAGE}"
+          KBS_IMAGE_TAG="${KBS_IMAGE_TAG}"
         EOF
         cat "$TEST_PROVISION_FILE"
         # assert that no variable is unset
@@ -206,9 +221,20 @@ jobs:
         test -n "$SUBNET_ID"
         echo "AZURE_SUBNET_ID=\"${SUBNET_ID}\"" >> "$TEST_PROVISION_FILE"
 
+    - name: Extract kbs reference
+      run: echo "KBS_VERSION=$(yq -e '.oci.kbs.tag' versions.yaml)" >> "$GITHUB_ENV"
+
+    - name: Checkout kbs Repository
+      uses: actions/checkout@v2
+      with:
+        repository: confidential-containers/kbs
+        ref: "${KBS_VERSION}"
+        path: test/e2e/kbs
+
     - name: Run e2e test
       env:
         TEST_PROVISION: "no"
+        DEPLOY_KBS: "yes"
       run: |
         # Since we install the cluster in parallel, we need to get the credentials here.
         az aks get-credentials \