From 9cc99842f83f7de6655658f342299fe3304f0bd0 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Wed, 19 Jun 2024 12:50:31 +0200 Subject: [PATCH] github-actions: use ec github secret (#13441) * github-actions: use ec github secret * vault free * typo --- .github/workflows/benchmarks.yml | 18 +++-------- .../generate-smoke-tests-list/action.yml | 20 +++++------- .../workflows/setup-cluster-env/action.yml | 32 ++++--------------- .github/workflows/smoke-tests-ess.yml | 14 ++++---- .github/workflows/smoke-tests-os.yml | 12 +++---- 5 files changed, 31 insertions(+), 65 deletions(-) diff --git a/.github/workflows/benchmarks.yml b/.github/workflows/benchmarks.yml index 4d4ef892f15..25bf341ef9d 100644 --- a/.github/workflows/benchmarks.yml +++ b/.github/workflows/benchmarks.yml @@ -49,6 +49,10 @@ jobs: GOBENCH_PASSWORD: ${{ secrets.GOBENCH_PASSWORD }} GOBENCH_USERNAME: ${{ secrets.GOBENCH_USERNAME }} GOBENCH_HOST: ${{ secrets.GOBENCH_HOST }} + # TODO: use keyless + EC_API_KEY: ${{ secrets.OBSERVABILITY_EC_API_KEY }} + AWS_ACCESS_KEY_ID: ${{ secrets.OBSERVABILITY_AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.OBSERVABILITY_AWS_SECRET_ACCESS_KEY }} steps: - uses: actions/checkout@v4 @@ -73,20 +77,6 @@ jobs: echo "BENCHMARK_RUN=${{ inputs.benchmarkRun }}" >> "$GITHUB_ENV" fi - - uses: hashicorp/vault-action@v3.0.0 - env: - AWS_CREDENTIALS_PATH: secret/observability-team/ci/elastic-observability-aws-account-auth - EC_CREDENTIALS_PATH: secret/observability-team/ci/elastic-cloud/observability-team-pro - with: - url: ${{ secrets.VAULT_ADDR }} - roleId: ${{ secrets.VAULT_ROLE_ID }} - secretId: ${{ secrets.VAULT_SECRET_ID }} - method: approle - secrets: | - ${{ env.AWS_CREDENTIALS_PATH }} access_key | AWS_ACCESS_KEY_ID ; - ${{ env.AWS_CREDENTIALS_PATH }} secret_key | AWS_SECRET_ACCESS_KEY ; - ${{ env.EC_CREDENTIALS_PATH }} apiKey | EC_API_KEY ; - - name: Log in to the Elastic Container registry uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: diff --git a/.github/workflows/generate-smoke-tests-list/action.yml b/.github/workflows/generate-smoke-tests-list/action.yml index 12984edeaa3..5eb9c79bde9 100644 --- a/.github/workflows/generate-smoke-tests-list/action.yml +++ b/.github/workflows/generate-smoke-tests-list/action.yml @@ -4,15 +4,12 @@ name: generate-smoke-tests-list description: Generate smoke tests list inputs: - vault-url: - description: 'Vault URL' - required: false - vault-role-id: - description: 'Vault role ID' - required: false - vault-secret-id: - description: 'Vault secret ID' - required: false + aws-csv-file: + description: 'Content with the AWS csv file' + required: true + aws-profile: + description: 'aws profile' + required: true outputs: tests: description: "List of smoke tests" @@ -27,9 +24,8 @@ runs: - name: Setup cluster env uses: ./.github/workflows/setup-cluster-env with: - vault-url: ${{ inputs.vault-url }} - vault-role-id: ${{ inputs.vault-role-id }} - vault-secret-id: ${{ inputs.vault-secret-id }} + aws-csv-file: ${{ inputs.aws-csv-file }} + aws-profile: ${{ inputs.aws-profile }} - id: generate name: Generate matrix and date run: | diff --git a/.github/workflows/setup-cluster-env/action.yml b/.github/workflows/setup-cluster-env/action.yml index 55412575dc1..5d6df03d143 100644 --- a/.github/workflows/setup-cluster-env/action.yml +++ b/.github/workflows/setup-cluster-env/action.yml @@ -4,23 +4,12 @@ name: setup-cluster-env description: Setup cluster env inputs: - vault-url: - description: 'Vault URL' + aws-csv-file: + description: 'Content with the AWS csv file' required: true - vault-role-id: - description: 'Vault role ID' + aws-profile: + description: 'aws profile' required: true - vault-secret-id: - description: 'Vault secret ID' - required: true - ec-key-secret: - default: 'secret/observability-team/ci/elastic-cloud/observability-team-pro' - description: 'EC Key secret' - required: false - aws-account-secret: - default: 'secret/observability-team/ci/elastic-observability-aws-account-auth' - description: 'AWS account secret' - required: false runs: using: "composite" @@ -31,16 +20,6 @@ runs: cache-dependency-path: | go.sum tools/go.sum - - uses: hashicorp/vault-action@v3.0.0 - with: - url: ${{ inputs.vault-url }} - roleId: ${{ inputs.vault-role-id }} - secretId: ${{ inputs.vault-secret-id }} - method: approle - secrets: | - ${{ inputs.ec-key-secret }} apiKey | EC_API_KEY ; - ${{ inputs.aws-account-secret }} user | AWS_PROFILE ; - ${{ inputs.aws-account-secret }} csv | AWS_ACCOUNT_IMPORT - name: Configure AWS account run: | echo "${AWS_ACCOUNT_IMPORT}" > ${{ runner.temp }}/account.csv; @@ -49,3 +28,6 @@ runs: echo 'AWS_ACCOUNT_IMPORT=' >> ${GITHUB_ENV}; rm -f ${{ runner.temp }}/account.csv; shell: 'bash' + env: + AWS_ACCOUNT_IMPORT: ${{ inputs.aws-csv-file }} + AWS_PROFILE: ${{ inputs.aws-profile }} diff --git a/.github/workflows/smoke-tests-ess.yml b/.github/workflows/smoke-tests-ess.yml index 1ef6296b1d8..2293bcd16a9 100644 --- a/.github/workflows/smoke-tests-ess.yml +++ b/.github/workflows/smoke-tests-ess.yml @@ -28,9 +28,8 @@ jobs: name: Generate matrix and date uses: ./.github/workflows/generate-smoke-tests-list with: - vault-url: ${{ secrets.VAULT_ADDR }} - vault-role-id: ${{ secrets.VAULT_ROLE_ID }} - vault-secret-id: ${{ secrets.VAULT_SECRET_ID }} + aws-csv-file: ${{ secrets.OBSERVABILITY_AWS_CSV_FILE }} + aws-profile: ${{ secrets.OBSERVABILITY_AWS_PROFILE }} smoke-tests-ess: name: Run smoke tests ${{ matrix.test }} for ${{ matrix.version }} @@ -42,6 +41,8 @@ jobs: TF_VAR_BRANCH: ${{ github.ref_name }} TF_VAR_REPO: ${{ github.repository }} TF_VAR_CREATED_DATE: ${{ needs.prepare.outputs.date }} + # TODO: use keyless + EC_API_KEY: ${{ secrets.OBSERVABILITY_EC_API_KEY }} strategy: fail-fast: false matrix: @@ -56,11 +57,8 @@ jobs: - name: Setup cluster env uses: ./.github/workflows/setup-cluster-env with: - vault-url: ${{ secrets.VAULT_ADDR }} - vault-role-id: ${{ secrets.VAULT_ROLE_ID }} - vault-secret-id: ${{ secrets.VAULT_SECRET_ID }} - ec-key-secret: 'secret/observability-team/ci/elastic-cloud/observability-team-pro' - aws-account-secret: 'secret/observability-team/ci/elastic-observability-aws-account-auth' + aws-csv-file: ${{ secrets.OBSERVABILITY_AWS_CSV_FILE }} + aws-profile: ${{ secrets.OBSERVABILITY_AWS_PROFILE }} - name: Run smoke tests ${{ matrix.test }} for ${{ matrix.version }} run: make smoketest/run-version TEST_DIR=${{ matrix.test }} SMOKETEST_VERSION=${{ matrix.version }} - if: always() diff --git a/.github/workflows/smoke-tests-os.yml b/.github/workflows/smoke-tests-os.yml index d71a7f7a7e6..5c6556b57e1 100644 --- a/.github/workflows/smoke-tests-os.yml +++ b/.github/workflows/smoke-tests-os.yml @@ -27,9 +27,8 @@ jobs: name: Generate matrix and date uses: ./.github/workflows/generate-smoke-tests-list with: - vault-url: ${{ secrets.VAULT_ADDR }} - vault-role-id: ${{ secrets.VAULT_ROLE_ID }} - vault-secret-id: ${{ secrets.VAULT_SECRET_ID }} + aws-csv-file: ${{ secrets.OBSERVABILITY_AWS_CSV_FILE }} + aws-profile: ${{ secrets.OBSERVABILITY_AWS_PROFILE }} smoke-tests-os: name: Run smoke tests OS @@ -41,6 +40,8 @@ jobs: TF_VAR_BRANCH: ${{ github.ref_name }} TF_VAR_REPO: ${{ github.repository }} TF_VAR_CREATED_DATE: ${{ needs.prepare.outputs.date }} + # TODO: use keyless + EC_API_KEY: ${{ secrets.OBSERVABILITY_EC_API_KEY }} steps: - uses: actions/checkout@v4 with: @@ -50,9 +51,8 @@ jobs: - name: Setup cluster env uses: ./.github/workflows/setup-cluster-env with: - vault-url: ${{ secrets.VAULT_ADDR }} - vault-role-id: ${{ secrets.VAULT_ROLE_ID }} - vault-secret-id: ${{ secrets.VAULT_SECRET_ID }} + aws-csv-file: ${{ secrets.OBSERVABILITY_AWS_CSV_FILE }} + aws-profile: ${{ secrets.OBSERVABILITY_AWS_PROFILE }} - name: Run smoke tests OS working-directory: ${{ github.workspace }}/testing/smoke/supported-os run: ./test.sh ${VERSION}-SNAPSHOT