[fix][chore] Do not use S3/CDN in GitHub actions (#2289)

someengineering · Dec 11, 2024 · 8fe3371 · 8fe3371
1 parent 61ae447
commit 8fe3371
Show file tree

Hide file tree

Showing 4 changed files with 87 additions and 116 deletions.
diff --git a/.github/workflows/check_pr_plugin_aws.yml b/.github/workflows/check_pr_plugin_aws.yml
@@ -73,19 +73,3 @@ jobs:
           user: __token__
           password: ${{ secrets.PYPI_FIXINVENTORY_PLUGIN_AWS }}
           packages_dir: ./plugins/aws/dist/
-
-      - name: Upload AWS policies
-        if: github.event_name != 'pull_request'
-        working-directory: ./plugins/aws
-        run: |
-          pip install --upgrade --editable .
-          pip install --upgrade --editable ./tools/awspolicygen
-          export GITHUB_REF="${{ github.ref }}"
-          export GITHUB_REF_TYPE="${{ github.ref_type }}"
-          export GITHUB_EVENT_NAME="${{ github.event_name }}"
-          export API_TOKEN="${{ secrets.API_TOKEN }}"
-          export SPACES_KEY="${{ secrets.SPACES_KEY }}"
-          export SPACES_SECRET="${{ secrets.SPACES_SECRET }}"
-          export AWS_ACCESS_KEY_ID="${{ secrets.S3_FIXINVENTORYPUBLIC_AWS_ACCESS_KEY_ID }}"
-          export AWS_SECRET_ACCESS_KEY="${{ secrets.S3_FIXINVENTORYPUBLIC_AWS_SECRET_ACCESS_KEY }}"
-          awspolicygen --verbose --spaces-name somecdn --spaces-region ams3 --spaces-path fix/aws/ --aws-s3-bucket fixinventorypublic --aws-s3-bucket-path cf/
diff --git a/.github/workflows/check_pr_plugin_gcp.yml b/.github/workflows/check_pr_plugin_gcp.yml
@@ -73,17 +73,3 @@ jobs:
           user: __token__
           password: ${{ secrets.PYPI_FIXINVENTORY_PLUGIN_GCP }}
           packages_dir: ./plugins/gcp/dist/
-
-      - name: Upload GCP policies
-        if: github.event_name != 'pull_request'
-        working-directory: ./plugins/gcp
-        run: |
-          pip install --upgrade --editable .
-          pip install --upgrade --editable ./tools/gcppolicygen
-          export GITHUB_REF="${{ github.ref }}"
-          export GITHUB_REF_TYPE="${{ github.ref_type }}"
-          export GITHUB_EVENT_NAME="${{ github.event_name }}"
-          export API_TOKEN="${{ secrets.API_TOKEN }}"
-          export SPACES_KEY="${{ secrets.SPACES_KEY }}"
-          export SPACES_SECRET="${{ secrets.SPACES_SECRET }}"
-          gcppolicygen --verbose --spaces-name somecdn --spaces-region ams3 --spaces-path fix/gcp/
diff --git a/.github/workflows/create_plugin_workflows.py b/.github/workflows/create_plugin_workflows.py
@@ -138,7 +138,8 @@
                 .replace("@name@", plugin)
                 .replace("@PKGNAME@", f"fixinventory_plugin_{plugin}".upper())
             )
-            if plugin == "aws":
-                yml.write(aws_policygen)
-            elif plugin == "gcp":
-                yml.write(gcp_policygen)
+            # PolicyGen Upload disabled for now. Uncomment when required.
+            # if plugin == "aws":
+            #     yml.write(aws_policygen)
+            # elif plugin == "gcp":
+            #     yml.write(gcp_policygen)
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -34,34 +34,34 @@ jobs:
         run: |
           yarn install --frozen-lockfile
 
-      - name: Wait for AWS policies to be uploaded
-        if: github.event_name != 'workflow_dispatch'
-        uses: lewagon/[email protected]
-        with:
-          ref: ${{ github.ref }}
-          check-name: aws
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Update AWS policy JSON
-        shell: bash
-        working-directory: ./docs.fix.security/iam/aws
-        run: |
-          wget -qO FixOrgList.json https://cdn.some.engineering/fix/aws/edge/FixOrgList.json
-          wget -qO FixCollect.json https://cdn.some.engineering/fix/aws/edge/FixCollect.json
-
-      - name: Wait for GCP policies to be uploaded
-        if: github.event_name != 'workflow_dispatch'
-        uses: lewagon/[email protected]
-        with:
-          ref: ${{ github.ref }}
-          check-name: gcp
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Update GCP policy JSON
-        shell: bash
-        working-directory: ./docs.fix.security/iam/gcp
-        run: |
-          wget -qO fix_access.json https://cdn.some.engineering/fix/gcp/edge/fix_access.json
+#      - name: Wait for AWS policies to be uploaded
+#        if: github.event_name != 'workflow_dispatch'
+#        uses: lewagon/[email protected]
+#        with:
+#          ref: ${{ github.ref }}
+#          check-name: aws
+#          repo-token: ${{ secrets.GITHUB_TOKEN }}
+#
+#      - name: Update AWS policy JSON
+#        shell: bash
+#        working-directory: ./docs.fix.security/iam/aws
+#        run: |
+#          wget -qO FixOrgList.json https://cdn.some.engineering/fix/aws/edge/FixOrgList.json
+#          wget -qO FixCollect.json https://cdn.some.engineering/fix/aws/edge/FixCollect.json
+#
+#      - name: Wait for GCP policies to be uploaded
+#        if: github.event_name != 'workflow_dispatch'
+#        uses: lewagon/[email protected]
+#        with:
+#          ref: ${{ github.ref }}
+#          check-name: gcp
+#          repo-token: ${{ secrets.GITHUB_TOKEN }}
+#
+#      - name: Update GCP policy JSON
+#        shell: bash
+#        working-directory: ./docs.fix.security/iam/gcp
+#        run: |
+#          wget -qO fix_access.json https://cdn.some.engineering/fix/gcp/edge/fix_access.json
 
       - name: Clean existing Kroki images
         shell: bash
@@ -138,28 +138,28 @@ jobs:
         run: |
           yarn gen-api-docs
 
-      - name: Update AWS policy JSON
-        shell: bash
-        working-directory: ./inventory.fix.security/iam/aws/edge
-        run: |
-          wget -qO FixOrgList.json https://cdn.some.engineering/fix/aws/edge/FixOrgList.json
-          wget -qO FixCollect.json https://cdn.some.engineering/fix/aws/edge/FixCollect.json
-          wget -qO FixMutate.json https://cdn.some.engineering/fix/aws/edge/FixMutate.json
-
-      - name: Wait for GCP policies to be uploaded
-        if: github.event_name != 'workflow_dispatch'
-        uses: lewagon/[email protected]
-        with:
-          ref: ${{ github.ref }}
-          check-name: gcp
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Update GCP policy JSON
-        shell: bash
-        working-directory: ./inventory.fix.security/iam/gcp/edge
-        run: |
-          wget -qO fix_access.json https://cdn.some.engineering/fix/gcp/edge/fix_access.json
-          wget -qO fix_mutate.json https://cdn.some.engineering/fix/gcp/edge/fix_mutate.json
+#      - name: Update AWS policy JSON
+#        shell: bash
+#        working-directory: ./inventory.fix.security/iam/aws/edge
+#        run: |
+#          wget -qO FixOrgList.json https://cdn.some.engineering/fix/aws/edge/FixOrgList.json
+#          wget -qO FixCollect.json https://cdn.some.engineering/fix/aws/edge/FixCollect.json
+#          wget -qO FixMutate.json https://cdn.some.engineering/fix/aws/edge/FixMutate.json
+#
+#      - name: Wait for GCP policies to be uploaded
+#        if: github.event_name != 'workflow_dispatch'
+#        uses: lewagon/[email protected]
+#        with:
+#          ref: ${{ github.ref }}
+#          check-name: gcp
+#          repo-token: ${{ secrets.GITHUB_TOKEN }}
+#
+#      - name: Update GCP policy JSON
+#        shell: bash
+#        working-directory: ./inventory.fix.security/iam/gcp/edge
+#        run: |
+#          wget -qO fix_access.json https://cdn.some.engineering/fix/gcp/edge/fix_access.json
+#          wget -qO fix_mutate.json https://cdn.some.engineering/fix/gcp/edge/fix_mutate.json
 
       - name: Clean existing Kroki images
         if: github.event_name == 'workflow_dispatch' # only when triggered manually
@@ -286,38 +286,38 @@ jobs:
         run: |
           yarn gen-api-docs
 
-      - name: Wait for AWS policies to be uploaded
-        if: steps.release.outputs.prerelease == 'false' && github.event_name != 'workflow_dispatch'
-        uses: lewagon/[email protected]
-        with:
-          ref: ${{ github.ref }}
-          check-name: aws
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Update AWS policy JSON
-        if: steps.release.outputs.prerelease == 'false'
-        shell: bash
-        working-directory: ./inventory.fix.security/iam/aws/${{ steps.release.outputs.docsVersion }}
-        run: |
-          wget -qO FixOrgList.json https://cdn.some.engineering/fix/aws/${{ steps.release.outputs.tag }}/FixOrgList.json
-          wget -qO FixCollect.json https://cdn.some.engineering/fix/aws/${{ steps.release.outputs.tag }}/FixCollect.json
-          wget -qO FixMutate.json https://cdn.some.engineering/fix/aws/${{ steps.release.outputs.tag }}/FixMutate.json
-
-      - name: Wait for GCP policies to be uploaded
-        if: steps.release.outputs.prerelease == 'false' && github.event_name != 'workflow_dispatch'
-        uses: lewagon/[email protected]
-        with:
-          ref: ${{ github.ref }}
-          check-name: gcp
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Update GCP policy JSON
-        if: steps.release.outputs.prerelease == 'false'
-        shell: bash
-        working-directory: ./inventory.fix.security/iam/gcp/${{ steps.release.outputs.docsVersion }}
-        run: |
-          wget -qO fix_access.json https://cdn.some.engineering/fix/gcp/${{ steps.release.outputs.tag }}/fix_access.json
-          wget -qO fix_mutate.json https://cdn.some.engineering/fix/gcp/${{ steps.release.outputs.tag }}/fix_mutate.json
+#      - name: Wait for AWS policies to be uploaded
+#        if: steps.release.outputs.prerelease == 'false' && github.event_name != 'workflow_dispatch'
+#        uses: lewagon/[email protected]
+#        with:
+#          ref: ${{ github.ref }}
+#          check-name: aws
+#          repo-token: ${{ secrets.GITHUB_TOKEN }}
+#
+#      - name: Update AWS policy JSON
+#        if: steps.release.outputs.prerelease == 'false'
+#        shell: bash
+#        working-directory: ./inventory.fix.security/iam/aws/${{ steps.release.outputs.docsVersion }}
+#        run: |
+#          wget -qO FixOrgList.json https://cdn.some.engineering/fix/aws/${{ steps.release.outputs.tag }}/FixOrgList.json
+#          wget -qO FixCollect.json https://cdn.some.engineering/fix/aws/${{ steps.release.outputs.tag }}/FixCollect.json
+#          wget -qO FixMutate.json https://cdn.some.engineering/fix/aws/${{ steps.release.outputs.tag }}/FixMutate.json
+#
+#      - name: Wait for GCP policies to be uploaded
+#        if: steps.release.outputs.prerelease == 'false' && github.event_name != 'workflow_dispatch'
+#        uses: lewagon/[email protected]
+#        with:
+#          ref: ${{ github.ref }}
+#          check-name: gcp
+#          repo-token: ${{ secrets.GITHUB_TOKEN }}
+#
+#      - name: Update GCP policy JSON
+#        if: steps.release.outputs.prerelease == 'false'
+#        shell: bash
+#        working-directory: ./inventory.fix.security/iam/gcp/${{ steps.release.outputs.docsVersion }}
+#        run: |
+#          wget -qO fix_access.json https://cdn.some.engineering/fix/gcp/${{ steps.release.outputs.tag }}/fix_access.json
+#          wget -qO fix_mutate.json https://cdn.some.engineering/fix/gcp/${{ steps.release.outputs.tag }}/fix_mutate.json
 
       - name: Modify Docker Compose YAML
         if: steps.release.outputs.prerelease == 'false'