Skip to content

Commit

Permalink
Revert "CI tests for OIDC authentication (#3074)" (#3175)
Browse files Browse the repository at this point in the history 
This reverts commit 385a96a.

Looks like the github action doesn't quite work and this prevents us
from releasing the provider.
  • Loading branch information
@VenelinMartinov
VenelinMartinov authored Dec 22, 2023
1 parent 3207575 commit 31412fb
Show file tree
Hide file tree
Showing 19 changed files with 18 additions and 576 deletions.
97 changes: 0 additions & 97 deletions .ci-mgmt.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ providerVersion: github.com/hashicorp/terraform-provider-aws/version.ProviderVer
env:
PULUMI_MISSING_DOCS_ERROR: true
AWS_REGION: "us-west-2"
OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }}
makeTemplate: bridged
checkoutSubmodules: true
# TODO: remove XrunUpstreamTools flag after work to add docs replacement strategies to resources.go is completed
Expand Down Expand Up @@ -95,99 +94,3 @@ extraTests:
uses: codecov/codecov-action@v3
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

test_oidc:
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
name: test_oidc
needs: build_sdk
permissions:
contents: read
id-token: write
runs-on: pulumi-ubuntu-8core
steps:
- name: Checkout Repo
uses: actions/checkout@v3
with:
ref: ${{ env.PR_COMMIT_SHA }}
submodules: true
- name: Checkout Scripts Repo
uses: actions/checkout@v3
with:
path: ci-scripts
repository: pulumi/scripts
- name: Unshallow clone for tags
run: git fetch --prune --unshallow --tags
- name: Install Go
uses: actions/setup-go@v4
with:
cache-dependency-path: |
sdk/go.sum
go-version: 1.21.x
- name: Install pulumictl
uses: jaxxstorm/[email protected]
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@v4
with:
pulumi-version: v3.77.1
- name: Setup Node
uses: actions/setup-node@v2
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Download provider + tfgen binaries
uses: actions/download-artifact@v2
with:
name: ${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin
- name: Untar provider binaries
run: >-
tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
github.workspace}}/bin
find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print -exec chmod +x {} \;
- name: Download SDK
uses: actions/download-artifact@v2
with:
name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress SDK folder
run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{
github.workspace }}/sdk/${{ matrix.language }}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
version: v2.4.0
- name: Make upstream
run: make upstream
- name: Run selected tests with manual web identity/OIDC auth
run: cd examples && go test -v -json -count=1 -run TestAccCloudWatchOidcManual -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
- name: Configure AWS Credentials for OIDC
uses: aws-actions/configure-aws-credentials@v4
with:
unset-current-credentials: true
aws-region: ${{ env.AWS_REGION }}
role-duration-seconds: 3600
role-session-name: ${{ env.PROVIDER }}@githubActions
role-to-assume: ${{ secrets.OIDC_ROLE_ARN }}
- name: Run selected tests with configure-aws-credentials web identity/OIDC auth
run: cd examples && go test -v -json -count=1 -run TestAccCloudWatch -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@v3
with:
author_name: Failure in running ${{ matrix.language }} tests
fields: repo,commit,author,action
status: ${{ job.status }}
strategy:
fail-fast: false
matrix:
language:
- nodejs
1 change: 0 additions & 1 deletion .github/workflows/command-dispatch.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ env:
NODEVERSION: 20.x
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
Expand Down
1 change: 0 additions & 1 deletion .github/workflows/license.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ env:
NODEVERSION: 20.x
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
Expand Down
1 change: 0 additions & 1 deletion .github/workflows/lint.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ env:
NODEVERSION: 20.x
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
Expand Down
93 changes: 0 additions & 93 deletions .github/workflows/master.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ env:
NODEVERSION: 20.x
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
Expand Down Expand Up @@ -287,7 +286,6 @@ jobs:
- test
- license_check
- go_test_shim
- test_oidc
runs-on: pulumi-ubuntu-8core
steps:
- name: Checkout Repo
Expand Down Expand Up @@ -519,97 +517,6 @@ jobs:
name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v3
timeout-minutes: 60
test_oidc:
if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository
name: test_oidc
needs: build_sdk
permissions:
contents: read
id-token: write
runs-on: pulumi-ubuntu-8core
steps:
- name: Checkout Repo
uses: actions/checkout@v3
with:
ref: ${{ env.PR_COMMIT_SHA }}
submodules: true
- name: Checkout Scripts Repo
uses: actions/checkout@v3
with:
path: ci-scripts
repository: pulumi/scripts
- name: Unshallow clone for tags
run: git fetch --prune --unshallow --tags
- name: Install Go
uses: actions/setup-go@v4
with:
cache-dependency-path: |
sdk/go.sum
go-version: 1.21.x
- name: Install pulumictl
uses: jaxxstorm/[email protected]
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@v4
with:
pulumi-version: v3.77.1
- name: Setup Node
uses: actions/setup-node@v2
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Download provider + tfgen binaries
uses: actions/download-artifact@v2
with:
name: ${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin
- name: Untar provider binaries
run: |-
tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin
find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print -exec chmod +x {} \;
- name: Download SDK
uses: actions/download-artifact@v2
with:
name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress SDK folder
run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{ github.workspace }}/sdk/${{ matrix.language }}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
version: v2.4.0
- name: Make upstream
run: make upstream
- name: Run selected tests with manual web identity/OIDC auth
run: cd examples && go test -v -json -count=1 -run TestAccCloudWatchOidcManual -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
- name: Configure AWS Credentials for OIDC
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-duration-seconds: 3600
role-session-name: ${{ env.PROVIDER }}@githubActions
role-to-assume: ${{ secrets.OIDC_ROLE_ARN }}
unset-current-credentials: true
- name: Run selected tests with configure-aws-credentials web identity/OIDC auth
run: cd examples && go test -v -json -count=1 -run TestAccCloudWatch -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@v3
with:
author_name: Failure in running ${{ matrix.language }} tests
fields: repo,commit,author,action
status: ${{ job.status }}
strategy:
fail-fast: false
matrix:
language:
- nodejs

name: master
on:
Expand Down
1 change: 0 additions & 1 deletion .github/workflows/nightly-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ env:
NODEVERSION: 20.x
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
Expand Down
93 changes: 0 additions & 93 deletions .github/workflows/prerelease.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ env:
NODEVERSION: 20.x
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
Expand Down Expand Up @@ -230,7 +229,6 @@ jobs:
- test
- license_check
- go_test_shim
- test_oidc
runs-on: pulumi-ubuntu-8core
steps:
- name: Checkout Repo
Expand Down Expand Up @@ -444,97 +442,6 @@ jobs:
name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v3
timeout-minutes: 60
test_oidc:
if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository
name: test_oidc
needs: build_sdk
permissions:
contents: read
id-token: write
runs-on: pulumi-ubuntu-8core
steps:
- name: Checkout Repo
uses: actions/checkout@v3
with:
ref: ${{ env.PR_COMMIT_SHA }}
submodules: true
- name: Checkout Scripts Repo
uses: actions/checkout@v3
with:
path: ci-scripts
repository: pulumi/scripts
- name: Unshallow clone for tags
run: git fetch --prune --unshallow --tags
- name: Install Go
uses: actions/setup-go@v4
with:
cache-dependency-path: |
sdk/go.sum
go-version: 1.21.x
- name: Install pulumictl
uses: jaxxstorm/[email protected]
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@v4
with:
pulumi-version: v3.77.1
- name: Setup Node
uses: actions/setup-node@v2
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Download provider + tfgen binaries
uses: actions/download-artifact@v2
with:
name: ${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin
- name: Untar provider binaries
run: |-
tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin
find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print -exec chmod +x {} \;
- name: Download SDK
uses: actions/download-artifact@v2
with:
name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress SDK folder
run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{ github.workspace }}/sdk/${{ matrix.language }}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
version: v2.4.0
- name: Make upstream
run: make upstream
- name: Run selected tests with manual web identity/OIDC auth
run: cd examples && go test -v -json -count=1 -run TestAccCloudWatchOidcManual -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
- name: Configure AWS Credentials for OIDC
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-duration-seconds: 3600
role-session-name: ${{ env.PROVIDER }}@githubActions
role-to-assume: ${{ secrets.OIDC_ROLE_ARN }}
unset-current-credentials: true
- name: Run selected tests with configure-aws-credentials web identity/OIDC auth
run: cd examples && go test -v -json -count=1 -run TestAccCloudWatch -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@v3
with:
author_name: Failure in running ${{ matrix.language }} tests
fields: repo,commit,author,action
status: ${{ job.status }}
strategy:
fail-fast: false
matrix:
language:
- nodejs

name: prerelease
on:
Expand Down
1 change: 0 additions & 1 deletion .github/workflows/pull-request.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ env:
NODEVERSION: 20.x
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
Expand Down
Loading

0 comments on commit 31412fb

Please sign in to comment.