From 56c5deca9dd245414a8538008f6537c2d806682d Mon Sep 17 00:00:00 2001 From: Ganeshrockz Date: Thu, 28 Sep 2023 16:33:42 +0530 Subject: [PATCH] Inherit secrets --- .github/workflows/reusable-ecs-acceptance.yml | 35 +++++------------- .github/workflows/terraform-ci.yml | 36 ++++++------------- 2 files changed, 19 insertions(+), 52 deletions(-) diff --git a/.github/workflows/reusable-ecs-acceptance.yml b/.github/workflows/reusable-ecs-acceptance.yml index 7d27e371..e30be5c9 100644 --- a/.github/workflows/reusable-ecs-acceptance.yml +++ b/.github/workflows/reusable-ecs-acceptance.yml @@ -24,31 +24,14 @@ on: description: "Whether to create a HCP cluster for running acceptance tests" required: true type: boolean - secrets: - aws-ecs-region: - required: true - aws-ecs-role-arn: - required: true - aws-ecs-access-key-id: - required: true - aws-ecs-secret-access-key: - required: true - hcp-project-id: - required: true - consul-license: - required: true - hcp-client-id: - required: true - hcp-client-secret: - required: true env: TEST_RESULTS: /tmp/test-results GOTESTSUM_VERSION: 1.8.0 - CONSUL_LICENSE: ${{ secrets.consul-license }} - HCP_CLIENT_ID: ${{ secrets.hcp-client-id }} - HCP_CLIENT_SECRET: ${{ secrets.hcp-client-secret }} + CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }} + HCP_CLIENT_ID: ${{ secrets.HCP_CLIENT_ID }} + HCP_CLIENT_SECRET: ${{ secrets.HCP_CLIENT_SECRET }} jobs: acceptance-tests: @@ -86,10 +69,10 @@ jobs: - name: Assume AWS IAM Role uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 # v4.0.0 with: - role-to-assume: ${{ secrets.aws-ecs-role-arn }} - aws-region: ${{ secrets.aws-ecs-region }} - aws-access-key-id: ${{ secrets.aws-ecs-access-key-id }} - aws-secret-access-key: ${{ secrets.aws-ecs-secret-access-key }} + role-to-assume: ${{ secrets.AWS_ECS_ROLE_ARN }} + aws-region: ${{ secrets.AWS_ECS_REGION }} + aws-access-key-id: ${{ secrets.AWS_ECS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_ECS_SECRET_ACCESS_KEY }} role-duration-seconds: 7200 - name: terraform init & apply run: | @@ -97,7 +80,7 @@ jobs: VARS="-var tags={\"build_url\":\"$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID\"}" VARS+=' -var launch_type=${{ inputs.launch-type }}' VARS+=' -var consul_version=${{ inputs.consul-version }}' - VARS+=' -var hcp_project_id=${{ secrets.hcp-project-id }}' + VARS+=' -var hcp_project_id=${{ secrets.HCP_PROJECT_ID }}' case $GITHUB_REF_NAME in main | release/*) VARS+=" -var enable_hcp=${{ inputs.enable-hcp }}";; *) VARS+=" -var enable_hcp=false";; @@ -121,7 +104,7 @@ jobs: VARS="-var tags={\"build_url\":\"$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID\"}" VARS+=' -var launch_type=${{ inputs.launch-type }}' VARS+=' -var consul_version=${{ inputs.consul-version }}' - VARS+=' -var hcp_project_id=${{ secrets.hcp-project-id }}' + VARS+=' -var hcp_project_id=${{ secrets.HCP_PROJECT_ID }}' case $GITHUB_REF_NAME in main | release/*) VARS+=" -var enable_hcp=${{ inputs.enable-hcp }}";; *) VARS+=" -var enable_hcp=false";; diff --git a/.github/workflows/terraform-ci.yml b/.github/workflows/terraform-ci.yml index 3c5aa682..f000fc07 100644 --- a/.github/workflows/terraform-ci.yml +++ b/.github/workflows/terraform-ci.yml @@ -94,12 +94,12 @@ jobs: # HCP is always disabled for tests on PRs. matrix: name: - #- acceptance-1.16-FARGATE-HCP + - acceptance-1.16-FARGATE-HCP - acceptance-1.16-FARGATE include: - # - name: acceptance-1.16-FARGATE-HCP - # enable-hcp: true - # launch-type: FARGATE + - name: acceptance-1.16-FARGATE-HCP + enable-hcp: true + launch-type: FARGATE - name: acceptance-1.16-FARGATE enable-hcp: false @@ -110,15 +110,7 @@ jobs: name: ${{ matrix.name }} launch-type: ${{ matrix.launch-type }} enable-hcp: ${{ matrix.enable-hcp }} - secrets: - aws-ecs-region: ${{ secrets.AWS_ECS_REGION }} - aws-ecs-role-arn: ${{ secrets.AWS_ECS_ROLE_ARN }} - aws-ecs-access-key-id: ${{ secrets.AWS_ECS_ACCESS_KEY_ID }} - aws-ecs-secret-access-key: ${{ secrets.AWS_ECS_SECRET_ACCESS_KEY }} - hcp-project-id: ${{ secrets.HCP_PROJECT_ID }} - consul-license: ${{ secrets.CONSUL_LICENSE }} - hcp-client-id: ${{ secrets.HCP_CLIENT_ID }} - hcp-client-secret: ${{ secrets.HCP_CLIENT_SECRET }} + secrets: inherit acceptance-ec2: needs: - get-go-version @@ -129,12 +121,12 @@ jobs: # HCP is always disabled for tests on PRs. matrix: name: - #- acceptance-1.16-EC2-HCP + - acceptance-1.16-EC2-HCP - acceptance-1.16-EC2 include: - # - name: acceptance-1.16-EC2-HCP - # enable-hcp: true - # launch-type: EC2 + - name: acceptance-1.16-EC2-HCP + enable-hcp: true + launch-type: EC2 - name: acceptance-1.16-EC2 enable-hcp: false @@ -145,12 +137,4 @@ jobs: name: ${{ matrix.name }} launch-type: ${{ matrix.launch-type }} enable-hcp: ${{ matrix.enable-hcp }} - secrets: - aws-ecs-region: ${{ secrets.AWS_ECS_REGION }} - aws-ecs-role-arn: ${{ secrets.AWS_ECS_ROLE_ARN }} - aws-ecs-access-key-id: ${{ secrets.AWS_ECS_ACCESS_KEY_ID }} - aws-ecs-secret-access-key: ${{ secrets.AWS_ECS_SECRET_ACCESS_KEY }} - hcp-project-id: ${{ secrets.HCP_PROJECT_ID }} - consul-license: ${{ secrets.CONSUL_LICENSE }} - hcp-client-id: ${{ secrets.HCP_CLIENT_ID }} - hcp-client-secret: ${{ secrets.HCP_CLIENT_SECRET }} \ No newline at end of file + secrets: inherit \ No newline at end of file