From 169e934ee8f356ff3530a9f91449730189e830b5 Mon Sep 17 00:00:00 2001 From: mbruzda Date: Fri, 16 Feb 2024 15:48:10 +0100 Subject: [PATCH 01/10] refactor: introduce parameters to control argo environment --- .../workflows/reusable-build-test-release.yml | 37 +++++++++++-------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml index f6835b703..29b23146f 100644 --- a/.github/workflows/reusable-build-test-release.yml +++ b/.github/workflows/reusable-build-test-release.yml @@ -54,6 +54,11 @@ permissions: concurrency: group: ${{ github.head_ref || github.run_id }} cancel-in-progress: true +env: + S3_BUCKET: ta-production-artifacts + ARGO_SERVER_DOMAIN: argo.wfe.splgdi.com + K8S_MANIFESTS_BRANCH: main + ARGO_TOKEN_SECRET_ID: ta-github-workflow-automation-token jobs: setup-workflow: runs-on: ubuntu-latest @@ -678,7 +683,7 @@ jobs: run: | echo "name=$(basename "${{ steps.slim.outputs.OUTPUT }}")" >> "$GITHUB_OUTPUT" basename "${{ steps.slim.outputs.OUTPUT }}" - aws s3 cp "${{ steps.slim.outputs.OUTPUT }}" s3://ta-production-artifacts/ta-apps/ + aws s3 cp "${{ steps.slim.outputs.OUTPUT }}" s3://$S3_BUCKET/ta-apps/ build-3_9: runs-on: ubuntu-latest @@ -938,9 +943,9 @@ jobs: JOB_NAME=$(echo "$ADDON_NAME" | tail -c 16)-$(echo "${GITHUB_SHA}" | tail -c 8)-TEST-TYPE-${GITHUB_RUN_ID} JOB_NAME=${JOB_NAME//[_.]/-} LABELS="addon-name=${ADDON_NAME}" - ADDON_UPLOAD_PATH="s3://ta-production-artifacts/ta-apps/${{ needs.build.outputs.buildname }}" + ADDON_UPLOAD_PATH="s3://$S3_BUCKET/ta-apps/${{ needs.build.outputs.buildname }}" { - echo "argo-server=argo.wfe.splgdi.com:443" + echo "argo-server=$S3_BUCKET:443" echo "argo-http1=true" echo "argo-secure=true" echo "argo-base-href=\'\'" @@ -948,13 +953,13 @@ jobs: echo "argo-workflow-tmpl-name=ta-workflow" echo "argo-cancel-workflow-tmpl-name=cancel-workflow" echo "directory-path=/tmp" - echo "s3-bucket=ta-production-artifacts" + echo "s3-bucket=$S3_BUCKET" echo "addon-name=\"$ADDON_NAME\"" echo "job-name=wf-$JOB_NAME" echo "labels=$LABELS" echo "addon-upload-path=$ADDON_UPLOAD_PATH" echo "spl-host-suffix=wfe.splgdi.com" - echo "k8s-manifests-branch=main" + echo "k8s-manifests-branch=$K8S_MANIFESTS_BRANCH" } >> "$GITHUB_OUTPUT" - uses: actions/download-artifact@v3 if: ${{ needs.test-inventory.outputs.ucc_modinput_functional == 'true' && needs.test-inventory.outputs.modinput_functional == 'true'}} @@ -988,7 +993,7 @@ jobs: AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} run: | swagger_name=swagger_$(basename "$BUILD_NAME" .spl) - aws s3 sync "${{ steps.download-openapi.outputs.download-path }}/tmp/restapi_client/" "s3://ta-production-artifacts/ta-apps/$swagger_name/" --exclude "*" --include "README.md" --include "*swagger_client*" --only-show-errors + aws s3 sync "${{ steps.download-openapi.outputs.download-path }}/tmp/restapi_client/" "s3://$S3_BUCKET/ta-apps/$swagger_name/" --exclude "*" --include "README.md" --include "*swagger_client*" --only-show-errors run-knowledge-tests: if: ${{ !cancelled() && needs.build.result == 'success' && needs.test-inventory.outputs.knowledge == 'true' && (needs.setup-workflow.outputs.execute-ko == 'Yes' || needs.setup-workflow.outputs.execute-knowledge-labeled == 'true') }} @@ -1045,7 +1050,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -1092,7 +1097,7 @@ jobs: id: update-argo-token if: ${{ !cancelled() }} run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: calculate timeout id: calculate-timeout @@ -1286,7 +1291,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -1508,7 +1513,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -1555,7 +1560,7 @@ jobs: id: update-argo-token if: ${{ !cancelled() }} run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: calculate timeout id: calculate-timeout @@ -1737,7 +1742,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -1796,7 +1801,7 @@ jobs: id: update-argo-token if: ${{ !cancelled() }} run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: calculate timeout id: calculate-timeout @@ -1975,7 +1980,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -2204,7 +2209,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -2440,7 +2445,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name From ad973cbf7794393ace1ae62c22d5ce25cd69f799 Mon Sep 17 00:00:00 2001 From: mbruzda Date: Mon, 19 Feb 2024 15:34:39 +0100 Subject: [PATCH 02/10] chore: typo in env var --- .../workflows/reusable-build-test-release.yml | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml index 29b23146f..f5ad2d61e 100644 --- a/.github/workflows/reusable-build-test-release.yml +++ b/.github/workflows/reusable-build-test-release.yml @@ -1050,7 +1050,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id $ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -1097,7 +1097,7 @@ jobs: id: update-argo-token if: ${{ !cancelled() }} run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id $ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: calculate timeout id: calculate-timeout @@ -1291,7 +1291,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id $ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -1513,7 +1513,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id $ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -1560,7 +1560,7 @@ jobs: id: update-argo-token if: ${{ !cancelled() }} run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id $ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: calculate timeout id: calculate-timeout @@ -1742,7 +1742,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id $ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -1801,7 +1801,7 @@ jobs: id: update-argo-token if: ${{ !cancelled() }} run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id $ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: calculate timeout id: calculate-timeout @@ -1980,7 +1980,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id $ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -2209,7 +2209,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id $ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -2445,7 +2445,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id $ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name From ba088f8febd7c5aa0a652a17b8fb24c795a1f406 Mon Sep 17 00:00:00 2001 From: mbruzda Date: Mon, 19 Feb 2024 15:54:18 +0100 Subject: [PATCH 03/10] chore: typo --- .github/workflows/reusable-build-test-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml index f5ad2d61e..361432386 100644 --- a/.github/workflows/reusable-build-test-release.yml +++ b/.github/workflows/reusable-build-test-release.yml @@ -945,7 +945,7 @@ jobs: LABELS="addon-name=${ADDON_NAME}" ADDON_UPLOAD_PATH="s3://$S3_BUCKET/ta-apps/${{ needs.build.outputs.buildname }}" { - echo "argo-server=$S3_BUCKET:443" + echo "argo-server=$ARGO_SERVER_DOMAIN:443" echo "argo-http1=true" echo "argo-secure=true" echo "argo-base-href=\'\'" From 2f3ce1780467c1994ea668c3514b122b55034857 Mon Sep 17 00:00:00 2001 From: mbruzda Date: Mon, 19 Feb 2024 16:21:06 +0100 Subject: [PATCH 04/10] chore: added comments with staging values --- .github/workflows/reusable-build-test-release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml index 361432386..8e09f0543 100644 --- a/.github/workflows/reusable-build-test-release.yml +++ b/.github/workflows/reusable-build-test-release.yml @@ -55,10 +55,10 @@ concurrency: group: ${{ github.head_ref || github.run_id }} cancel-in-progress: true env: - S3_BUCKET: ta-production-artifacts - ARGO_SERVER_DOMAIN: argo.wfe.splgdi.com + S3_BUCKET: ta-production-artifacts #staging: ta-staging-artifacts + ARGO_SERVER_DOMAIN: argo.wfe.splgdi.com #staging: argo.staging.wfe.splgdi.com + ARGO_TOKEN_SECRET_ID: ta-github-workflow-automation-token #staging: ta-staging-github-workflow-automation-token K8S_MANIFESTS_BRANCH: main - ARGO_TOKEN_SECRET_ID: ta-github-workflow-automation-token jobs: setup-workflow: runs-on: ubuntu-latest From d2b4e7fc2c949272707a6133d12600437d27b990 Mon Sep 17 00:00:00 2001 From: mbruzda Date: Mon, 19 Feb 2024 16:56:29 +0100 Subject: [PATCH 05/10] chore: fix lint --- .../workflows/reusable-build-test-release.yml | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml index 8e09f0543..01466c233 100644 --- a/.github/workflows/reusable-build-test-release.yml +++ b/.github/workflows/reusable-build-test-release.yml @@ -683,7 +683,7 @@ jobs: run: | echo "name=$(basename "${{ steps.slim.outputs.OUTPUT }}")" >> "$GITHUB_OUTPUT" basename "${{ steps.slim.outputs.OUTPUT }}" - aws s3 cp "${{ steps.slim.outputs.OUTPUT }}" s3://$S3_BUCKET/ta-apps/ + aws s3 cp "${{ steps.slim.outputs.OUTPUT }}" "s3://$S3_BUCKET/ta-apps/" build-3_9: runs-on: ubuntu-latest @@ -1050,7 +1050,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id $ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "$ARGO_TOKEN_SECRET_ID" | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -1097,7 +1097,7 @@ jobs: id: update-argo-token if: ${{ !cancelled() }} run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id $ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "$ARGO_TOKEN_SECRET_ID" | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: calculate timeout id: calculate-timeout @@ -1291,7 +1291,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id $ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "$ARGO_TOKEN_SECRET_ID" | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -1513,7 +1513,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id $ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "$ARGO_TOKEN_SECRET_ID" | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -1560,7 +1560,7 @@ jobs: id: update-argo-token if: ${{ !cancelled() }} run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id $ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "$ARGO_TOKEN_SECRET_ID" | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: calculate timeout id: calculate-timeout @@ -1742,7 +1742,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id $ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "$ARGO_TOKEN_SECRET_ID" | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -1801,7 +1801,7 @@ jobs: id: update-argo-token if: ${{ !cancelled() }} run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id $ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "$ARGO_TOKEN_SECRET_ID" | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: calculate timeout id: calculate-timeout @@ -1980,7 +1980,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id $ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "$ARGO_TOKEN_SECRET_ID" | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -2209,7 +2209,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id $ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "$ARGO_TOKEN_SECRET_ID" | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -2445,7 +2445,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id $ARGO_TOKEN_SECRET_ID | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "$ARGO_TOKEN_SECRET_ID" | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name From 70286c9473715b63f8b3b58081c577f18af8c900 Mon Sep 17 00:00:00 2001 From: mbruzda Date: Tue, 20 Feb 2024 16:24:03 +0100 Subject: [PATCH 06/10] refactor: add parameter configuration as inputs --- .../workflows/reusable-build-test-release.yml | 63 ++++++++++++------- 1 file changed, 42 insertions(+), 21 deletions(-) diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml index 01466c233..7e09e637d 100644 --- a/.github/workflows/reusable-build-test-release.yml +++ b/.github/workflows/reusable-build-test-release.yml @@ -8,6 +8,16 @@ on: type: string default: >- [""] + k8s-environment: + required: false + description: Specifies which environmet to use for k8s testing. ["production", "staging"] + type: string + default: "production" + k8s-manifests-branch: + required: false + description: "branch for k8s manifests to run the tests on" + type: string + default: "main" secrets: GH_TOKEN_ADMIN: description: Github admin token @@ -54,11 +64,6 @@ permissions: concurrency: group: ${{ github.head_ref || github.run_id }} cancel-in-progress: true -env: - S3_BUCKET: ta-production-artifacts #staging: ta-staging-artifacts - ARGO_SERVER_DOMAIN: argo.wfe.splgdi.com #staging: argo.staging.wfe.splgdi.com - ARGO_TOKEN_SECRET_ID: ta-github-workflow-automation-token #staging: ta-staging-github-workflow-automation-token - K8S_MANIFESTS_BRANCH: main jobs: setup-workflow: runs-on: ubuntu-latest @@ -82,7 +87,23 @@ jobs: execute-modinput-labeled: ${{ steps.configure-tests-on-labels.outputs.execute_modinput_functional_labeled }} execute-scripted_inputs-labeled: ${{ steps.configure-tests-on-labels.outputs.execute_scripted_inputs_labeled }} execute-requirement-labeled: ${{ steps.configure-tests-on-labels.outputs.execute_requirement_test_labeled }} + s3_bucket_k8s: ${{ steps.k8s-environment.outputs.s3_bucket }} + argo_server_domain_k8s: ${{ steps.k8s-environment.outputs.argo_server_domain }} + argo_token_secret_id_k8s: ${{ steps.k8s-environment.outputs.argo_server_domain }} steps: + - name: set k8s environment + id: k8s-environment + run: | + if [[ ${{ inputs.k8s-environment }} == 'staging' ]]; then + echo "setting up variables for staging" + echo "s3_bucket=ta-staging-artifacts" >> "$GITHUB_OUTPUT" + echo "argo_server_domain=argo.staging.wfe.splgdi.com" >> "$GITHUB_OUTPUT" + echo "argo_token_secret_id=ta-staging-github-workflow-automation-token" >> "$GITHUB_OUTPUT" + else + echo "s3_bucket=ta-production-artifacts" >> "$GITHUB_OUTPUT" + echo "argo_server_domain=argo.wfe.splgdi.com" >> "$GITHUB_OUTPUT" + echo "argo_token_secret_id=ta-github-workflow-automation-token" >> "$GITHUB_OUTPUT" + fi - name: skip workflow if description is empty for labeled pr id: skip-workflow env: @@ -683,7 +704,7 @@ jobs: run: | echo "name=$(basename "${{ steps.slim.outputs.OUTPUT }}")" >> "$GITHUB_OUTPUT" basename "${{ steps.slim.outputs.OUTPUT }}" - aws s3 cp "${{ steps.slim.outputs.OUTPUT }}" "s3://$S3_BUCKET/ta-apps/" + aws s3 cp "${{ steps.slim.outputs.OUTPUT }}" "s3://${{ needs.setup-workflow.outputs.s3_bucket_k8s }}/ta-apps/" build-3_9: runs-on: ubuntu-latest @@ -943,9 +964,9 @@ jobs: JOB_NAME=$(echo "$ADDON_NAME" | tail -c 16)-$(echo "${GITHUB_SHA}" | tail -c 8)-TEST-TYPE-${GITHUB_RUN_ID} JOB_NAME=${JOB_NAME//[_.]/-} LABELS="addon-name=${ADDON_NAME}" - ADDON_UPLOAD_PATH="s3://$S3_BUCKET/ta-apps/${{ needs.build.outputs.buildname }}" + ADDON_UPLOAD_PATH="s3://${{ needs.setup-workflow.outputs.s3_bucket_k8s }}/ta-apps/${{ needs.build.outputs.buildname }}" { - echo "argo-server=$ARGO_SERVER_DOMAIN:443" + echo "argo-server=${{ needs.setup-workflow.outputs.argo_server_domain_k8s }}:443" echo "argo-http1=true" echo "argo-secure=true" echo "argo-base-href=\'\'" @@ -953,13 +974,13 @@ jobs: echo "argo-workflow-tmpl-name=ta-workflow" echo "argo-cancel-workflow-tmpl-name=cancel-workflow" echo "directory-path=/tmp" - echo "s3-bucket=$S3_BUCKET" + echo "s3-bucket=${{ needs.setup-workflow.outputs.s3_bucket_k8s }}" echo "addon-name=\"$ADDON_NAME\"" echo "job-name=wf-$JOB_NAME" echo "labels=$LABELS" echo "addon-upload-path=$ADDON_UPLOAD_PATH" echo "spl-host-suffix=wfe.splgdi.com" - echo "k8s-manifests-branch=$K8S_MANIFESTS_BRANCH" + echo "k8s-manifests-branch=${{ inputs.k8s-manifests-branch }}" } >> "$GITHUB_OUTPUT" - uses: actions/download-artifact@v3 if: ${{ needs.test-inventory.outputs.ucc_modinput_functional == 'true' && needs.test-inventory.outputs.modinput_functional == 'true'}} @@ -993,7 +1014,7 @@ jobs: AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} run: | swagger_name=swagger_$(basename "$BUILD_NAME" .spl) - aws s3 sync "${{ steps.download-openapi.outputs.download-path }}/tmp/restapi_client/" "s3://$S3_BUCKET/ta-apps/$swagger_name/" --exclude "*" --include "README.md" --include "*swagger_client*" --only-show-errors + aws s3 sync "${{ steps.download-openapi.outputs.download-path }}/tmp/restapi_client/" "s3://${{ needs.setup-workflow.outputs.s3_bucket_k8s }}/ta-apps/$swagger_name/" --exclude "*" --include "README.md" --include "*swagger_client*" --only-show-errors run-knowledge-tests: if: ${{ !cancelled() && needs.build.result == 'success' && needs.test-inventory.outputs.knowledge == 'true' && (needs.setup-workflow.outputs.execute-ko == 'Yes' || needs.setup-workflow.outputs.execute-knowledge-labeled == 'true') }} @@ -1050,7 +1071,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "$ARGO_TOKEN_SECRET_ID" | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "${{ needs.setup-workflow.outputs.argo_token_secret_id_k8s }}" | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -1097,7 +1118,7 @@ jobs: id: update-argo-token if: ${{ !cancelled() }} run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "$ARGO_TOKEN_SECRET_ID" | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "${{ needs.setup-workflow.outputs.argo_token_secret_id_k8s }}" | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: calculate timeout id: calculate-timeout @@ -1291,7 +1312,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "$ARGO_TOKEN_SECRET_ID" | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "${{ needs.setup-workflow.outputs.argo_token_secret_id_k8s }}" | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -1513,7 +1534,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "$ARGO_TOKEN_SECRET_ID" | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "${{ needs.setup-workflow.outputs.argo_token_secret_id_k8s }}" | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -1560,7 +1581,7 @@ jobs: id: update-argo-token if: ${{ !cancelled() }} run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "$ARGO_TOKEN_SECRET_ID" | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "${{ needs.setup-workflow.outputs.argo_token_secret_id_k8s }}" | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: calculate timeout id: calculate-timeout @@ -1742,7 +1763,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "$ARGO_TOKEN_SECRET_ID" | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "${{ needs.setup-workflow.outputs.argo_token_secret_id_k8s }}" | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -1801,7 +1822,7 @@ jobs: id: update-argo-token if: ${{ !cancelled() }} run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "$ARGO_TOKEN_SECRET_ID" | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "${{ needs.setup-workflow.outputs.argo_token_secret_id_k8s }}" | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: calculate timeout id: calculate-timeout @@ -1980,7 +2001,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "$ARGO_TOKEN_SECRET_ID" | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "${{ needs.setup-workflow.outputs.argo_token_secret_id_k8s }}" | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -2209,7 +2230,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "$ARGO_TOKEN_SECRET_ID" | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "${{ needs.setup-workflow.outputs.argo_token_secret_id_k8s }}" | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name @@ -2445,7 +2466,7 @@ jobs: - name: Read secrets from AWS Secrets Manager into environment variables id: get-argo-token run: | - ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "$ARGO_TOKEN_SECRET_ID" | jq -r '.SecretString') + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "${{ needs.setup-workflow.outputs.argo_token_secret_id_k8s }}" | jq -r '.SecretString') echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name From 9b7a181202eb59121f9535172d78969dd9707e18 Mon Sep 17 00:00:00 2001 From: mbruzda Date: Tue, 20 Feb 2024 16:27:00 +0100 Subject: [PATCH 07/10] chore: fix pre-commit --- .../workflows/reusable-build-test-release.yml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml index 7e09e637d..5207228f6 100644 --- a/.github/workflows/reusable-build-test-release.yml +++ b/.github/workflows/reusable-build-test-release.yml @@ -96,13 +96,17 @@ jobs: run: | if [[ ${{ inputs.k8s-environment }} == 'staging' ]]; then echo "setting up variables for staging" - echo "s3_bucket=ta-staging-artifacts" >> "$GITHUB_OUTPUT" - echo "argo_server_domain=argo.staging.wfe.splgdi.com" >> "$GITHUB_OUTPUT" - echo "argo_token_secret_id=ta-staging-github-workflow-automation-token" >> "$GITHUB_OUTPUT" + { + echo "s3_bucket=ta-staging-artifacts" + echo "argo_server_domain=argo.staging.wfe.splgdi.com" + echo "argo_token_secret_id=ta-staging-github-workflow-automation-token" + } >> "$GITHUB_OUTPUT" else - echo "s3_bucket=ta-production-artifacts" >> "$GITHUB_OUTPUT" - echo "argo_server_domain=argo.wfe.splgdi.com" >> "$GITHUB_OUTPUT" - echo "argo_token_secret_id=ta-github-workflow-automation-token" >> "$GITHUB_OUTPUT" + { + echo "s3_bucket=ta-production-artifacts" + echo "argo_server_domain=argo.wfe.splgdi.com" + echo "argo_token_secret_id=ta-github-workflow-automation-token" + } >> "$GITHUB_OUTPUT" fi - name: skip workflow if description is empty for labeled pr id: skip-workflow From b305cc324796e4699fdeb856273807e674a33a8a Mon Sep 17 00:00:00 2001 From: mbruzda Date: Tue, 20 Feb 2024 20:54:39 +0100 Subject: [PATCH 08/10] chore: typo fix --- .github/workflows/reusable-build-test-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml index 5207228f6..92e9e61b0 100644 --- a/.github/workflows/reusable-build-test-release.yml +++ b/.github/workflows/reusable-build-test-release.yml @@ -89,7 +89,7 @@ jobs: execute-requirement-labeled: ${{ steps.configure-tests-on-labels.outputs.execute_requirement_test_labeled }} s3_bucket_k8s: ${{ steps.k8s-environment.outputs.s3_bucket }} argo_server_domain_k8s: ${{ steps.k8s-environment.outputs.argo_server_domain }} - argo_token_secret_id_k8s: ${{ steps.k8s-environment.outputs.argo_server_domain }} + argo_token_secret_id_k8s: ${{ steps.k8s-environment.outputs.argo_token_secret_id }} steps: - name: set k8s environment id: k8s-environment From 9661188d3f98050315aa4d192bf858d216bae500 Mon Sep 17 00:00:00 2001 From: mbruzda Date: Tue, 20 Feb 2024 21:15:18 +0100 Subject: [PATCH 09/10] chore: setup now needs setup-workflow --- .github/workflows/reusable-build-test-release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml index 92e9e61b0..1cd6c0f8a 100644 --- a/.github/workflows/reusable-build-test-release.yml +++ b/.github/workflows/reusable-build-test-release.yml @@ -924,6 +924,7 @@ jobs: setup: needs: + - setup-workflow - build - test-inventory if: ${{ !cancelled() && needs.build.result == 'success' }} From 746814e6da1d0a93a9383988a9cf850aeb02537d Mon Sep 17 00:00:00 2001 From: mbruzda Date: Tue, 20 Feb 2024 21:29:09 +0100 Subject: [PATCH 10/10] chore: additional echo for logging --- .github/workflows/reusable-build-test-release.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml index 1cd6c0f8a..fbd3c0c04 100644 --- a/.github/workflows/reusable-build-test-release.yml +++ b/.github/workflows/reusable-build-test-release.yml @@ -95,13 +95,14 @@ jobs: id: k8s-environment run: | if [[ ${{ inputs.k8s-environment }} == 'staging' ]]; then - echo "setting up variables for staging" + echo "setting up argo variables for staging" { echo "s3_bucket=ta-staging-artifacts" echo "argo_server_domain=argo.staging.wfe.splgdi.com" echo "argo_token_secret_id=ta-staging-github-workflow-automation-token" } >> "$GITHUB_OUTPUT" else + echo "setting up argo variables for production" { echo "s3_bucket=ta-production-artifacts" echo "argo_server_domain=argo.wfe.splgdi.com"