Skip to content

Commit

Permalink
Ddo 3749 v2 update canary tests (#1635)
Browse files Browse the repository at this point in the history 
* Revert "Revert "[DDO-3749] use gsm instead of vault" (#1633)"

This reverts commit 2648a79.

* try copy before mount

* copy r

* copy r complex
  • Loading branch information
@jyang-broad
jyang-broad authored Jul 9, 2024
1 parent 2648a79 commit f2c254a
Show file tree
Hide file tree
Showing 4 changed files with 45 additions and 10 deletions.
18 changes: 15 additions & 3 deletions automation/canary-prod-test.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ set -e
set -x

ENV=$1
VAULT_TOKEN=${2:-$(cat $HOME/.vault-token)}
WORKING_DIR=${3:-$PWD}
NEED_TOKEN=false

Expand All @@ -17,7 +16,20 @@ else
echo "Starting canary test in Production"
fi

JSON_CREDS=`docker run --rm -e VAULT_TOKEN=$VAULT_TOKEN -e VAULT_ADDR=https://clotho.broadinstitute.org:8200 broadinstitute/dsde-toolbox vault read -format=json secret/dsde/firecloud/prod/common/canary/firecloud-account.json | jq '.data'`
# the Jenkins config runs gcloud auth outside this script
# we want to copy the global configs into the workspace so we don't affect other jobs that might be running on the node
cp -r ${HOME}/.config/gcloud ${WORKSPACE}/gcloud_config

DOCKER_ARGS=(
"run"
"--rm"
"-v ${WORKSPACE}/gcloud_config:/root/.config/gcloud"
"google/cloud-sdk"
)

SECRET_ACCESS_ACCOUNT=jenkins-firecloud@broad-dsp-techops.iam.gserviceaccount.com
# Expand the array of args and pass them to `docker`
JSON_CREDS=$(docker ${DOCKER_ARGS[*]} /bin/bash -c "gcloud config set account ${SECRET_ACCESS_ACCOUNT} && gcloud secrets versions access latest --project broad-dsde-dev --secret firecloud-sa")

users=(
[email protected]
Expand Down Expand Up @@ -58,7 +70,7 @@ if [ $ENV = "prod" ]; then

do
echo $i
sleep 1m
sleep 60
monitorSubmission [email protected] broad-firecloud-dsde CanaryTest $submissionId
((i++))
done
Expand Down
1 change: 1 addition & 0 deletions automation/canary_events.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
[{"eventType":"CanaryTestProd","type":"Workflow","status": "Succeeded","timeToComplete (sec)":"253"}]
18 changes: 15 additions & 3 deletions automation/complex-prod-workflow-test.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ set -e
set -x

ENV=$1
VAULT_TOKEN=${2:-$(cat $HOME/.vault-token)}
WORKING_DIR=${3:-$PWD}
NEED_TOKEN=false

Expand All @@ -18,7 +17,20 @@ else
echo "Starting complex workflow test in Production"
fi

JSON_CREDS=`docker run --rm -e VAULT_TOKEN=$VAULT_TOKEN -e VAULT_ADDR=https://clotho.broadinstitute.org:8200 broadinstitute/dsde-toolbox vault read -format=json secret/dsde/firecloud/prod/common/canary/firecloud-account.json | jq '.data'`
# the Jenkins config runs gcloud auth outside this script
# we want to copy the global configs into the workspace so we don't affect other jobs that might be running on the node
cp -r ${HOME}/.config/gcloud ${WORKSPACE}/gcloud_config

DOCKER_ARGS=(
"run"
"--rm"
"-v ${WORKSPACE}/gcloud_config:/root/.config/gcloud"
"google/cloud-sdk"
)

SECRET_ACCESS_ACCOUNT=jenkins-firecloud@broad-dsp-techops.iam.gserviceaccount.com
# Expand the array of args and pass them to `docker`
JSON_CREDS=$(docker ${DOCKER_ARGS[*]} /bin/bash -c "gcloud config set account ${SECRET_ACCESS_ACCOUNT} && gcloud secrets versions access latest --project broad-dsde-dev --secret firecloud-sa")

users=(
[email protected]
Expand Down Expand Up @@ -59,7 +71,7 @@ if [ $ENV = "prod" ]; then

do
echo $i
sleep 5m
sleep 300
monitorSubmission [email protected] broad-firecloud-dsde complex-featured-workflow $submissionId
((i++))
done
Expand Down
18 changes: 14 additions & 4 deletions jenkins/jenkins_build.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,21 @@ set -eux

GCR_SVCACCT_VAULT="secret/dsde/dsp-techops/common/dspci-wb-gcr-service-account.json"
GCR_REPO_PROJ="broad-dsp-gcr-public"
VAULT_TOKEN=${VAULT_TOKEN:-$(cat /etc/vault-token-dsde)}

docker run --rm -e VAULT_TOKEN=$VAULT_TOKEN \
broadinstitute/dsde-toolbox:latest vault read --format=json ${GCR_SVCACCT_VAULT} \
| jq .data > dspci-wb-gcr-service-account.json
gcloud auth activate-service-account --key-file=${DSP_TECHOPS_SVC_ACCT}

DOCKER_ARGS=(
"run"
"--rm"
"-v ${HOME}/.config/gcloud:/root/.config/gcloud"
"google/cloud-sdk"
)

SECRET_ACCESS_ACCOUNT=jenkins-firecloud@broad-dsp-techops.iam.gserviceaccount.com
# Expand the array of args and pass them to `docker`
JSON_CREDS=$(docker ${DOCKER_ARGS[*]} /bin/bash -c "gcloud config set account ${SECRET_ACCESS_ACCOUNT} && gcloud secrets versions access latest --project broad-dsp-techops --secret dspci-wb-gcr-service-account")

echo ${JSON_CREDS} | jq . > dspci-wb-gcr-service-account.json

./scripts/build.sh compile -d push -g gcr.io/broad-dsp-gcr-public/${PROJECT} -k "dspci-wb-gcr-service-account.json"

Expand Down

0 comments on commit f2c254a

Please sign in to comment.