Skip to content

Commit

Permalink
Inherit secrets
Browse files Browse the repository at this point in the history
  • Loading branch information
Ganeshrockz committed Sep 28, 2023
1 parent 87c827c commit 56c5dec
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 52 deletions.
35 changes: 9 additions & 26 deletions .github/workflows/reusable-ecs-acceptance.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,31 +24,14 @@ on:
description: "Whether to create a HCP cluster for running acceptance tests"
required: true
type: boolean
secrets:
aws-ecs-region:
required: true
aws-ecs-role-arn:
required: true
aws-ecs-access-key-id:
required: true
aws-ecs-secret-access-key:
required: true
hcp-project-id:
required: true
consul-license:
required: true
hcp-client-id:
required: true
hcp-client-secret:
required: true


env:
TEST_RESULTS: /tmp/test-results
GOTESTSUM_VERSION: 1.8.0
CONSUL_LICENSE: ${{ secrets.consul-license }}
HCP_CLIENT_ID: ${{ secrets.hcp-client-id }}
HCP_CLIENT_SECRET: ${{ secrets.hcp-client-secret }}
CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }}
HCP_CLIENT_ID: ${{ secrets.HCP_CLIENT_ID }}
HCP_CLIENT_SECRET: ${{ secrets.HCP_CLIENT_SECRET }}

jobs:
acceptance-tests:
Expand Down Expand Up @@ -86,18 +69,18 @@ jobs:
- name: Assume AWS IAM Role
uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 # v4.0.0
with:
role-to-assume: ${{ secrets.aws-ecs-role-arn }}
aws-region: ${{ secrets.aws-ecs-region }}
aws-access-key-id: ${{ secrets.aws-ecs-access-key-id }}
aws-secret-access-key: ${{ secrets.aws-ecs-secret-access-key }}
role-to-assume: ${{ secrets.AWS_ECS_ROLE_ARN }}
aws-region: ${{ secrets.AWS_ECS_REGION }}
aws-access-key-id: ${{ secrets.AWS_ECS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_ECS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
- name: terraform init & apply
run: |
cd setup-terraform/
VARS="-var tags={\"build_url\":\"$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID\"}"
VARS+=' -var launch_type=${{ inputs.launch-type }}'
VARS+=' -var consul_version=${{ inputs.consul-version }}'
VARS+=' -var hcp_project_id=${{ secrets.hcp-project-id }}'
VARS+=' -var hcp_project_id=${{ secrets.HCP_PROJECT_ID }}'
case $GITHUB_REF_NAME in
main | release/*) VARS+=" -var enable_hcp=${{ inputs.enable-hcp }}";;
*) VARS+=" -var enable_hcp=false";;
Expand All @@ -121,7 +104,7 @@ jobs:
VARS="-var tags={\"build_url\":\"$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID\"}"
VARS+=' -var launch_type=${{ inputs.launch-type }}'
VARS+=' -var consul_version=${{ inputs.consul-version }}'
VARS+=' -var hcp_project_id=${{ secrets.hcp-project-id }}'
VARS+=' -var hcp_project_id=${{ secrets.HCP_PROJECT_ID }}'
case $GITHUB_REF_NAME in
main | release/*) VARS+=" -var enable_hcp=${{ inputs.enable-hcp }}";;
*) VARS+=" -var enable_hcp=false";;
Expand Down
36 changes: 10 additions & 26 deletions .github/workflows/terraform-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -94,12 +94,12 @@ jobs:
# HCP is always disabled for tests on PRs.
matrix:
name:
#- acceptance-1.16-FARGATE-HCP
- acceptance-1.16-FARGATE-HCP
- acceptance-1.16-FARGATE
include:
# - name: acceptance-1.16-FARGATE-HCP
# enable-hcp: true
# launch-type: FARGATE
- name: acceptance-1.16-FARGATE-HCP
enable-hcp: true
launch-type: FARGATE

- name: acceptance-1.16-FARGATE
enable-hcp: false
Expand All @@ -110,15 +110,7 @@ jobs:
name: ${{ matrix.name }}
launch-type: ${{ matrix.launch-type }}
enable-hcp: ${{ matrix.enable-hcp }}
secrets:
aws-ecs-region: ${{ secrets.AWS_ECS_REGION }}
aws-ecs-role-arn: ${{ secrets.AWS_ECS_ROLE_ARN }}
aws-ecs-access-key-id: ${{ secrets.AWS_ECS_ACCESS_KEY_ID }}
aws-ecs-secret-access-key: ${{ secrets.AWS_ECS_SECRET_ACCESS_KEY }}
hcp-project-id: ${{ secrets.HCP_PROJECT_ID }}
consul-license: ${{ secrets.CONSUL_LICENSE }}
hcp-client-id: ${{ secrets.HCP_CLIENT_ID }}
hcp-client-secret: ${{ secrets.HCP_CLIENT_SECRET }}
secrets: inherit
acceptance-ec2:
needs:
- get-go-version
Expand All @@ -129,12 +121,12 @@ jobs:
# HCP is always disabled for tests on PRs.
matrix:
name:
#- acceptance-1.16-EC2-HCP
- acceptance-1.16-EC2-HCP
- acceptance-1.16-EC2
include:
# - name: acceptance-1.16-EC2-HCP
# enable-hcp: true
# launch-type: EC2
- name: acceptance-1.16-EC2-HCP
enable-hcp: true
launch-type: EC2

- name: acceptance-1.16-EC2
enable-hcp: false
Expand All @@ -145,12 +137,4 @@ jobs:
name: ${{ matrix.name }}
launch-type: ${{ matrix.launch-type }}
enable-hcp: ${{ matrix.enable-hcp }}
secrets:
aws-ecs-region: ${{ secrets.AWS_ECS_REGION }}
aws-ecs-role-arn: ${{ secrets.AWS_ECS_ROLE_ARN }}
aws-ecs-access-key-id: ${{ secrets.AWS_ECS_ACCESS_KEY_ID }}
aws-ecs-secret-access-key: ${{ secrets.AWS_ECS_SECRET_ACCESS_KEY }}
hcp-project-id: ${{ secrets.HCP_PROJECT_ID }}
consul-license: ${{ secrets.CONSUL_LICENSE }}
hcp-client-id: ${{ secrets.HCP_CLIENT_ID }}
hcp-client-secret: ${{ secrets.HCP_CLIENT_SECRET }}
secrets: inherit

0 comments on commit 56c5dec

Please sign in to comment.