diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml index f6835b703..29b23146f 100644 --- a/.github/workflows/reusable-build-test-release.yml +++ b/.github/workflows/reusable-build-test-release.yml @@ -54,6 +54,11 @@ permissions: concurrency: group: ${{ github.head_ref || github.run_id }} cancel-in-progress: true +env: + S3_BUCKET: ta-production-artifacts + ARGO_SERVER_DOMAIN: argo.wfe.splgdi.com + K8S_MANIFESTS_BRANCH: main + ARGO_TOKEN_SECRET_ID: ta-github-workflow-automation-token jobs: setup-workflow: runs-on: ubuntu-latest @@ -678,7 +683,7 @@ jobs: run: | echo "name=$(basename "${{ steps.slim.outputs.OUTPUT }}")" >> "$GITHUB_OUTPUT" basename "${{ steps.slim.outputs.OUTPUT }}" - aws s3 cp "${{ steps.slim.outputs.OUTPUT }}" s3://ta-production-artifacts/ta-apps/ + aws s3 cp "${{ steps.slim.outputs.OUTPUT }}" s3://$S3_BUCKET/ta-apps/ build-3_9: runs-on: ubuntu-latest @@ -938,9 +943,9 @@ jobs: JOB_NAME=$(echo "$ADDON_NAME" | tail -c 16)-$(echo "${GITHUB_SHA}" | tail -c 8)-TEST-TYPE-${GITHUB_RUN_ID} JOB_NAME=${JOB_NAME//[_.]/-} LABELS="addon-name=${ADDON_NAME}" - ADDON_UPLOAD_PATH="s3://ta-production-artifacts/ta-apps/${{ needs.build.outputs.buildname }}" + ADDON_UPLOAD_PATH="s3://$S3_BUCKET/ta-apps/${{ needs.build.outputs.buildname }}" { - echo "argo-server=argo.wfe.splgdi.com:443" + echo "argo-server=$S3_BUCKET:443" echo "argo-http1=true" echo "argo-secure=true" echo "argo-base-href=\'\'" @@ -948,13 +953,13 @@ jobs: echo "argo-workflow-tmpl-name=ta-workflow" echo "argo-cancel-workflow-tmpl-name=cancel-workflow" echo "directory-path=/tmp" - echo "s3-bucket=ta-production-artifacts" + echo "s3-bucket=$S3_BUCKET" echo "addon-name=\"$ADDON_NAME\"" echo "job-name=wf-$JOB_NAME" echo "labels=$LABELS" echo "addon-upload-path=$ADDON_UPLOAD_PATH" echo "spl-host-suffix=wfe.splgdi.com" - echo "k8s-manifests-branch=main" + echo "k8s-manifests-branch=$K8S_MANIFESTS_BRANCH" } >> "$GITHUB_OUTPUT" - uses: actions/download-artifact@v3 if: ${{ needs.test-inventory.outputs.ucc_modinput_functional == 'true' && needs.test-inventory.outputs.modinput_functional == 'true'}} @@ -988,7 +993,7 @@ jobs: AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} run: | swagger_name=swagger_$(basename "$BUILD_NAME" .spl) - aws s3 sync "${{ steps.download-openapi.outputs.download-path }}/tmp/restapi_client/" "s3://ta-production-artifacts/ta-apps/$swagger_name/" --exclude "*" --include "README.md" --include "*swagger_client*" --only-show-errors + aws s3 sync "${{ steps.download-openapi.outputs.download-path }}/tmp/restapi_client/" "s3://$S3_BUCKET/ta-apps/$swagger_name/" --exclude "*" --include "README.md" --include "*swagger_client*" --only-show-errors run-knowledge-tests: if: ${{ !cancelled() && needs.build.result == 'success' && needs.test-inventory.outputs.knowledge == 'true' && (needs.setup-workflow.outputs.execute-ko == 'Yes' || needs.setup-workflow.outputs.execute-knowledge-labeled == 'true') }} @@ -1045,7 +1050,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -1092,7 +1097,7 @@ jobs: id: update-argo-token if: ${{ !cancelled() }} run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: calculate timeout id: calculate-timeout @@ -1286,7 +1291,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -1508,7 +1513,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -1555,7 +1560,7 @@ jobs: id: update-argo-token if: ${{ !cancelled() }} run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: calculate timeout id: calculate-timeout @@ -1737,7 +1742,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -1796,7 +1801,7 @@ jobs: id: update-argo-token if: ${{ !cancelled() }} run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: calculate timeout id: calculate-timeout @@ -1975,7 +1980,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -2204,7 +2209,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -2440,7 +2445,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name