CLOUDP-237043: Use seggregated secret envs

mongodb · Oct 1, 2024 · 6c835d3 · 6c835d3
1 parent e89ede5
commit 6c835d3
Show file tree

Hide file tree

Showing 9 changed files with 140 additions and 95 deletions.
diff --git a/.github/workflows/cleanup-all.yml b/.github/workflows/cleanup-all.yml
@@ -1,108 +1,24 @@
-name: Clean Atlas organization
+name: Clean All Atlas organizations
 
 on:
-  schedule:
-    - cron: "*/30 7-22 * * 1-5"
   workflow_dispatch:
     inputs:
       lifetime:
         description: "Lifetime of project in hours"
         type: number
         default: 1
         required: true
-      commercial:
-        description: "Clean commercial Atlas environments"
-        type: boolean
-        default: true
-        required: true
-      government:
-        description: "Clean government Atlas environments"
-        type: boolean
-        default: true
-        required: true
 
 concurrency:
   group: cleanup
 
 jobs:
-  calculate-targets:
-    name: Calculate targets for execution
-    runs-on: ubuntu-latest
-    outputs:
-      targets: ${{ steps.set-targets.outputs.targets }}
-    steps:
-      - id: set-targets
-        name: Set Targets
-        env:
-          EVENT: ${{ github.event_name }}
-          COMMERCIAL: ${{ inputs.commercial }}
-          GOVERNMENT: ${{ inputs.government }}
-        run: |
-          if [ "$EVENT" == "schedule" ]; then
-            echo 'targets=["CloudQA", "CloudGovQA"]' >> $GITHUB_OUTPUT
-            exit 0
-          fi
-          
-          ENVS=()
-          
-          if [ "$COMMERCIAL" == true ]; then
-            ENVS+=("CloudQA")
-          fi
-          
-          if [ "$GOVERNMENT" == true ]; then
-            ENVS+=("CloudGovQA")
-          fi
-
-          JSON=$(printf '%s\n' "${ENVS[@]}" | jq -R . | jq -cs .)
-          
-          echo "targets=$JSON" >> $GITHUB_OUTPUT
-
-  cleanup:
-    name: Cleanup Atlas Cloud
-    runs-on: ubuntu-latest
+  clean-tests:
     needs:
-      - calculate-targets
-    strategy:
-      matrix:
-        target: ${{ fromJSON(needs.calculate-targets.outputs.targets) }}
-    steps:
-      - name: Checkout codebase
-        uses: actions/checkout@v4
+      - run-tests
+    uses: ./.github/workflows/cleanup-test.yml
 
-      - name: Install devbox
-        uses: jetify-com/devbox-install-action@v0.11.0
-        with:
-          enable-cache: 'true'
-
-      - name: Build clean tool
-        run: |
-         devbox run -- 'cd tools/clean && go build .'
-
-      - name: Persist GCP credentials
-        id: gcp-cred
-        env:
-          GCP_SA_CRED: ${{ secrets.GCP_SA_CRED_NEW_TEST }}
-        run: |
-          echo $GCP_SA_CRED > ~/gcp_sa_cred.json
-          
-          echo credentials=$(realpath ~/gcp_sa_cred.json) >> $GITHUB_OUTPUT
-
-      - name: Run cleaner
-        env:
-          MCLI_OPS_MANAGER_URL: ${{ matrix.target == 'CloudQA' && 'https://cloud-qa.mongodb.com/' || 'https://cloud-qa.mongodbgov.com/' }}
-          MCLI_PUBLIC_API_KEY: ${{ matrix.target == 'CloudQA' && secrets.ATLAS_PUBLIC_KEY || secrets.ATLAS_GOV_PUBLIC_KEY}}
-          MCLI_PRIVATE_API_KEY: ${{ matrix.target == 'CloudQA' && secrets.ATLAS_PRIVATE_KEY || secrets.ATLAS_GOV_PRIVATE_KEY }}
-          MCLI_ORG_ID: ${{ matrix.target == 'CloudQA' && secrets.ATLAS_ORG_ID || secrets.ATLAS_GOV_ORG_ID }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.gcp-cred.outputs.credentials }}
-          GOOGLE_PROJECT_ID: atlasoperator
-          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_NEW_TEST }}
-          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-          AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET_NEW_TEST }}
-          AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-          AZURE_RESOURCE_GROUP_NAME: svet-test
-          PROJECT_LIFETIME: ${{ inputs.lifetime || 1 }}
-        run: |
-         devbox run -- 'cd tools/clean && ./clean atlas'
-         
+  clean-gov-tests:
+    needs:
+      - clean-tests
+    uses: ./.github/workflows/cleanup-gov-test.yml
diff --git a/.github/workflows/cleanup-gov-test.yml b/.github/workflows/cleanup-gov-test.yml
@@ -0,0 +1,62 @@
+name: Clean Atlas organization
+
+on:
+  schedule:
+    - cron: "*/87 7-22 * * 1-5"
+  workflow_dispatch:
+    inputs:
+      lifetime:
+        description: "Lifetime of project in hours"
+        type: number
+        default: 1
+        required: true
+
+concurrency:
+  group: cleanup
+
+jobs:
+  environment: gov-test
+  cleanup:
+    name: Cleanup Atlas Gov Cloud
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout codebase
+        uses: actions/checkout@v4
+
+      - name: Install devbox
+        uses: jetify-com/devbox-install-action@v0.11.0
+        with:
+          enable-cache: 'true'
+
+      - name: Build clean tool
+        run: |
+         devbox run -- 'cd tools/clean && go build .'
+
+      - name: Persist GCP credentials
+        id: gcp-cred
+        env:
+          GCP_SA_CRED: ${{ secrets.GCP_SA_CRED }}
+        run: |
+          echo $GCP_SA_CRED > ~/gcp_sa_cred.json
+          
+          echo credentials=$(realpath ~/gcp_sa_cred.json) >> $GITHUB_OUTPUT
+
+      - name: Run cleaner
+        env:
+          MCLI_OPS_MANAGER_URL: 'https://cloud-qa.mongodbgov.com/
+          MCLI_PUBLIC_API_KEY: ${{ secrets.ATLAS_GOV_PUBLIC_KEY }}
+          MCLI_PRIVATE_API_KEY: ${{ secrets.ATLAS_GOV_PRIVATE_KEY }}
+          MCLI_ORG_ID: ${{ secrets.ATLAS_GOV_ORG_ID }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.gcp-cred.outputs.credentials }}
+          GOOGLE_PROJECT_ID: atlasoperator
+          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_NEW_TEST }}
+          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+          AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET_NEW_TEST }}
+          AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          AZURE_RESOURCE_GROUP_NAME: svet-test
+          PROJECT_LIFETIME: ${{ inputs.lifetime || 1 }}
+        run: |
+         devbox run -- 'cd tools/clean && ./clean atlas'
+
diff --git a/.github/workflows/cleanup-test.yml b/.github/workflows/cleanup-test.yml
@@ -0,0 +1,62 @@
+name: Clean Atlas organization
+
+on:
+  schedule:
+    - cron: "*/30 7-22 * * 1-5"
+  workflow_dispatch:
+    inputs:
+      lifetime:
+        description: "Lifetime of project in hours"
+        type: number
+        default: 1
+        required: true
+
+concurrency:
+  group: cleanup
+
+jobs:
+  environment: test
+  cleanup:
+    name: Cleanup Atlas Cloud
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout codebase
+        uses: actions/checkout@v4
+
+      - name: Install devbox
+        uses: jetify-com/devbox-install-action@v0.11.0
+        with:
+          enable-cache: 'true'
+
+      - name: Build clean tool
+        run: |
+         devbox run -- 'cd tools/clean && go build .'
+
+      - name: Persist GCP credentials
+        id: gcp-cred
+        env:
+          GCP_SA_CRED: ${{ secrets.GCP_SA_CRED }}
+        run: |
+          echo $GCP_SA_CRED > ~/gcp_sa_cred.json
+          
+          echo credentials=$(realpath ~/gcp_sa_cred.json) >> $GITHUB_OUTPUT
+
+      - name: Run cleaner
+        env:
+          MCLI_OPS_MANAGER_URL: 'https://cloud-qa.mongodb.com/'
+          MCLI_PUBLIC_API_KEY: ${{ secrets.ATLAS_PUBLIC_KEY }}
+          MCLI_PRIVATE_API_KEY: ${{ secrets.ATLAS_PRIVATE_KEY }}
+          MCLI_ORG_ID: ${{ secrets.ATLAS_ORG_ID }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.gcp-cred.outputs.credentials }}
+          GOOGLE_PROJECT_ID: atlasoperator
+          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_NEW_TEST }}
+          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+          AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET_NEW_TEST }}
+          AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          AZURE_RESOURCE_GROUP_NAME: svet-test
+          PROJECT_LIFETIME: ${{ inputs.lifetime || 1 }}
+        run: |
+         devbox run -- 'cd tools/clean && ./clean atlas'
+         
diff --git a/.github/workflows/openshift-upgrade-test.yaml b/.github/workflows/openshift-upgrade-test.yaml
@@ -29,6 +29,7 @@ concurrency:
 jobs:
   e2e-tests:
     name: Upgrade test on Openshift
+    environment: openshift-test
     runs-on: ubuntu-latest
     if: ${{ vars.SKIP_OPENSHIFT != 'true' }}
     steps:

diff --git a/.github/workflows/release-openshift.yaml b/.github/workflows/release-openshift.yaml
@@ -8,6 +8,7 @@ on:
 jobs:
   release-openshift:
     name: "Create Pull request for openshift release"
+    environment: openshift-test
     runs-on: ubuntu-latest
     env:
       GITHUB_TOKEN: ${{ github.token }}

diff --git a/.github/workflows/test-contract.yml b/.github/workflows/test-contract.yml
@@ -7,6 +7,7 @@ on:
 jobs:
   contract:
     name: Contract Tests
+    environment: test
     runs-on: ubuntu-latest
     steps:
       - name: Check out code

diff --git a/.github/workflows/test-e2e-gov.yml b/.github/workflows/test-e2e-gov.yml
@@ -7,6 +7,7 @@ on:
 jobs:
   e2e-gov:
     name: E2E Gov tests
+    environment: gov-test
     runs-on: ubuntu-latest
     steps:
       - name: Check out code

diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml
@@ -10,8 +10,8 @@ on:
   workflow_dispatch:
 
 jobs:
+  environment: test
   compute:
-    environment: test
     name: "Compute test matrix"
     runs-on: ubuntu-latest
     outputs:
@@ -29,6 +29,7 @@ jobs:
           cat "${GITHUB_OUTPUT}"
   prepare-e2e:
     name: Prepare E2E configuration and image
+    environment: release
     runs-on: ubuntu-latest
     env:
       REPOSITORY: ${{ github.repository_owner }}/mongodb-atlas-kubernetes-operator-prerelease
@@ -135,6 +136,7 @@ jobs:
           forked: ${{ inputs.forked }}
   e2e:
     name: E2E tests
+    environment: test
     needs: [compute, prepare-e2e, prepare-e2e-bundle]
     runs-on: ubuntu-latest
     env:
@@ -253,8 +255,6 @@ jobs:
           K8S_PLATFORM: "${{ steps.properties.outputs.k8s_platform }}"
           K8S_VERSION: "${{ steps.properties.outputs.k8s_version }}"
           TEST_NAME: "${{ matrix.test }}"
-          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_ACCOUNT_ARN_LIST: ${{ secrets.AWS_ACCOUNT_ARN_LIST }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

diff --git a/.github/workflows/test-int.yml b/.github/workflows/test-int.yml
@@ -12,6 +12,7 @@ on:
 jobs:
   int-test:
     name: Integration tests
+    environment: test
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false