From 6c835d33830f00083981293c84d9863e7dd2a8fe Mon Sep 17 00:00:00 2001 From: "jose.vazquez" Date: Tue, 1 Oct 2024 16:03:19 +0200 Subject: [PATCH] CLOUDP-237043: Use seggregated secret envs --- .github/workflows/cleanup-all.yml | 100 ++---------------- .github/workflows/cleanup-gov-test.yml | 62 +++++++++++ .github/workflows/cleanup-test.yml | 62 +++++++++++ .github/workflows/openshift-upgrade-test.yaml | 1 + .github/workflows/release-openshift.yaml | 1 + .github/workflows/test-contract.yml | 1 + .github/workflows/test-e2e-gov.yml | 1 + .github/workflows/test-e2e.yml | 6 +- .github/workflows/test-int.yml | 1 + 9 files changed, 140 insertions(+), 95 deletions(-) create mode 100644 .github/workflows/cleanup-gov-test.yml create mode 100644 .github/workflows/cleanup-test.yml diff --git a/.github/workflows/cleanup-all.yml b/.github/workflows/cleanup-all.yml index 2071fcd300..d9cc60b80f 100644 --- a/.github/workflows/cleanup-all.yml +++ b/.github/workflows/cleanup-all.yml @@ -1,8 +1,6 @@ -name: Clean Atlas organization +name: Clean All Atlas organizations on: - schedule: - - cron: "*/30 7-22 * * 1-5" workflow_dispatch: inputs: lifetime: @@ -10,99 +8,17 @@ on: type: number default: 1 required: true - commercial: - description: "Clean commercial Atlas environments" - type: boolean - default: true - required: true - government: - description: "Clean government Atlas environments" - type: boolean - default: true - required: true concurrency: group: cleanup jobs: - calculate-targets: - name: Calculate targets for execution - runs-on: ubuntu-latest - outputs: - targets: ${{ steps.set-targets.outputs.targets }} - steps: - - id: set-targets - name: Set Targets - env: - EVENT: ${{ github.event_name }} - COMMERCIAL: ${{ inputs.commercial }} - GOVERNMENT: ${{ inputs.government }} - run: | - if [ "$EVENT" == "schedule" ]; then - echo 'targets=["CloudQA", "CloudGovQA"]' >> $GITHUB_OUTPUT - exit 0 - fi - - ENVS=() - - if [ "$COMMERCIAL" == true ]; then - ENVS+=("CloudQA") - fi - - if [ "$GOVERNMENT" == true ]; then - ENVS+=("CloudGovQA") - fi - - JSON=$(printf '%s\n' "${ENVS[@]}" | jq -R . | jq -cs .) - - echo "targets=$JSON" >> $GITHUB_OUTPUT - - cleanup: - name: Cleanup Atlas Cloud - runs-on: ubuntu-latest + clean-tests: needs: - - calculate-targets - strategy: - matrix: - target: ${{ fromJSON(needs.calculate-targets.outputs.targets) }} - steps: - - name: Checkout codebase - uses: actions/checkout@v4 + - run-tests + uses: ./.github/workflows/cleanup-test.yml - - name: Install devbox - uses: jetify-com/devbox-install-action@v0.11.0 - with: - enable-cache: 'true' - - - name: Build clean tool - run: | - devbox run -- 'cd tools/clean && go build .' - - - name: Persist GCP credentials - id: gcp-cred - env: - GCP_SA_CRED: ${{ secrets.GCP_SA_CRED_NEW_TEST }} - run: | - echo $GCP_SA_CRED > ~/gcp_sa_cred.json - - echo credentials=$(realpath ~/gcp_sa_cred.json) >> $GITHUB_OUTPUT - - - name: Run cleaner - env: - MCLI_OPS_MANAGER_URL: ${{ matrix.target == 'CloudQA' && 'https://cloud-qa.mongodb.com/' || 'https://cloud-qa.mongodbgov.com/' }} - MCLI_PUBLIC_API_KEY: ${{ matrix.target == 'CloudQA' && secrets.ATLAS_PUBLIC_KEY || secrets.ATLAS_GOV_PUBLIC_KEY}} - MCLI_PRIVATE_API_KEY: ${{ matrix.target == 'CloudQA' && secrets.ATLAS_PRIVATE_KEY || secrets.ATLAS_GOV_PRIVATE_KEY }} - MCLI_ORG_ID: ${{ matrix.target == 'CloudQA' && secrets.ATLAS_ORG_ID || secrets.ATLAS_GOV_ORG_ID }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.gcp-cred.outputs.credentials }} - GOOGLE_PROJECT_ID: atlasoperator - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_NEW_TEST }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET_NEW_TEST }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - AZURE_RESOURCE_GROUP_NAME: svet-test - PROJECT_LIFETIME: ${{ inputs.lifetime || 1 }} - run: | - devbox run -- 'cd tools/clean && ./clean atlas' - + clean-gov-tests: + needs: + - clean-tests + uses: ./.github/workflows/cleanup-gov-test.yml diff --git a/.github/workflows/cleanup-gov-test.yml b/.github/workflows/cleanup-gov-test.yml new file mode 100644 index 0000000000..21563654c9 --- /dev/null +++ b/.github/workflows/cleanup-gov-test.yml @@ -0,0 +1,62 @@ +name: Clean Atlas organization + +on: + schedule: + - cron: "*/87 7-22 * * 1-5" + workflow_dispatch: + inputs: + lifetime: + description: "Lifetime of project in hours" + type: number + default: 1 + required: true + +concurrency: + group: cleanup + +jobs: + environment: gov-test + cleanup: + name: Cleanup Atlas Gov Cloud + runs-on: ubuntu-latest + steps: + - name: Checkout codebase + uses: actions/checkout@v4 + + - name: Install devbox + uses: jetify-com/devbox-install-action@v0.11.0 + with: + enable-cache: 'true' + + - name: Build clean tool + run: | + devbox run -- 'cd tools/clean && go build .' + + - name: Persist GCP credentials + id: gcp-cred + env: + GCP_SA_CRED: ${{ secrets.GCP_SA_CRED }} + run: | + echo $GCP_SA_CRED > ~/gcp_sa_cred.json + + echo credentials=$(realpath ~/gcp_sa_cred.json) >> $GITHUB_OUTPUT + + - name: Run cleaner + env: + MCLI_OPS_MANAGER_URL: 'https://cloud-qa.mongodbgov.com/ + MCLI_PUBLIC_API_KEY: ${{ secrets.ATLAS_GOV_PUBLIC_KEY }} + MCLI_PRIVATE_API_KEY: ${{ secrets.ATLAS_GOV_PRIVATE_KEY }} + MCLI_ORG_ID: ${{ secrets.ATLAS_GOV_ORG_ID }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.gcp-cred.outputs.credentials }} + GOOGLE_PROJECT_ID: atlasoperator + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_NEW_TEST }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET_NEW_TEST }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + AZURE_RESOURCE_GROUP_NAME: svet-test + PROJECT_LIFETIME: ${{ inputs.lifetime || 1 }} + run: | + devbox run -- 'cd tools/clean && ./clean atlas' + diff --git a/.github/workflows/cleanup-test.yml b/.github/workflows/cleanup-test.yml new file mode 100644 index 0000000000..6edb3df6bf --- /dev/null +++ b/.github/workflows/cleanup-test.yml @@ -0,0 +1,62 @@ +name: Clean Atlas organization + +on: + schedule: + - cron: "*/30 7-22 * * 1-5" + workflow_dispatch: + inputs: + lifetime: + description: "Lifetime of project in hours" + type: number + default: 1 + required: true + +concurrency: + group: cleanup + +jobs: + environment: test + cleanup: + name: Cleanup Atlas Cloud + runs-on: ubuntu-latest + steps: + - name: Checkout codebase + uses: actions/checkout@v4 + + - name: Install devbox + uses: jetify-com/devbox-install-action@v0.11.0 + with: + enable-cache: 'true' + + - name: Build clean tool + run: | + devbox run -- 'cd tools/clean && go build .' + + - name: Persist GCP credentials + id: gcp-cred + env: + GCP_SA_CRED: ${{ secrets.GCP_SA_CRED }} + run: | + echo $GCP_SA_CRED > ~/gcp_sa_cred.json + + echo credentials=$(realpath ~/gcp_sa_cred.json) >> $GITHUB_OUTPUT + + - name: Run cleaner + env: + MCLI_OPS_MANAGER_URL: 'https://cloud-qa.mongodb.com/' + MCLI_PUBLIC_API_KEY: ${{ secrets.ATLAS_PUBLIC_KEY }} + MCLI_PRIVATE_API_KEY: ${{ secrets.ATLAS_PRIVATE_KEY }} + MCLI_ORG_ID: ${{ secrets.ATLAS_ORG_ID }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.gcp-cred.outputs.credentials }} + GOOGLE_PROJECT_ID: atlasoperator + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_NEW_TEST }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET_NEW_TEST }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + AZURE_RESOURCE_GROUP_NAME: svet-test + PROJECT_LIFETIME: ${{ inputs.lifetime || 1 }} + run: | + devbox run -- 'cd tools/clean && ./clean atlas' + diff --git a/.github/workflows/openshift-upgrade-test.yaml b/.github/workflows/openshift-upgrade-test.yaml index a3f825ea60..840a263e9e 100644 --- a/.github/workflows/openshift-upgrade-test.yaml +++ b/.github/workflows/openshift-upgrade-test.yaml @@ -29,6 +29,7 @@ concurrency: jobs: e2e-tests: name: Upgrade test on Openshift + environment: openshift-test runs-on: ubuntu-latest if: ${{ vars.SKIP_OPENSHIFT != 'true' }} steps: diff --git a/.github/workflows/release-openshift.yaml b/.github/workflows/release-openshift.yaml index 7dc924f06d..81ff1dd755 100644 --- a/.github/workflows/release-openshift.yaml +++ b/.github/workflows/release-openshift.yaml @@ -8,6 +8,7 @@ on: jobs: release-openshift: name: "Create Pull request for openshift release" + environment: openshift-test runs-on: ubuntu-latest env: GITHUB_TOKEN: ${{ github.token }} diff --git a/.github/workflows/test-contract.yml b/.github/workflows/test-contract.yml index 5951962334..10c33bbbf5 100644 --- a/.github/workflows/test-contract.yml +++ b/.github/workflows/test-contract.yml @@ -7,6 +7,7 @@ on: jobs: contract: name: Contract Tests + environment: test runs-on: ubuntu-latest steps: - name: Check out code diff --git a/.github/workflows/test-e2e-gov.yml b/.github/workflows/test-e2e-gov.yml index 89c98e7a79..21be6738f0 100644 --- a/.github/workflows/test-e2e-gov.yml +++ b/.github/workflows/test-e2e-gov.yml @@ -7,6 +7,7 @@ on: jobs: e2e-gov: name: E2E Gov tests + environment: gov-test runs-on: ubuntu-latest steps: - name: Check out code diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index f264bd6c8c..3de25ef50b 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -10,8 +10,8 @@ on: workflow_dispatch: jobs: + environment: test compute: - environment: test name: "Compute test matrix" runs-on: ubuntu-latest outputs: @@ -29,6 +29,7 @@ jobs: cat "${GITHUB_OUTPUT}" prepare-e2e: name: Prepare E2E configuration and image + environment: release runs-on: ubuntu-latest env: REPOSITORY: ${{ github.repository_owner }}/mongodb-atlas-kubernetes-operator-prerelease @@ -135,6 +136,7 @@ jobs: forked: ${{ inputs.forked }} e2e: name: E2E tests + environment: test needs: [compute, prepare-e2e, prepare-e2e-bundle] runs-on: ubuntu-latest env: @@ -253,8 +255,6 @@ jobs: K8S_PLATFORM: "${{ steps.properties.outputs.k8s_platform }}" K8S_VERSION: "${{ steps.properties.outputs.k8s_version }}" TEST_NAME: "${{ matrix.test }}" - DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_ACCOUNT_ARN_LIST: ${{ secrets.AWS_ACCOUNT_ARN_LIST }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/test-int.yml b/.github/workflows/test-int.yml index 65b48c2340..ba0486a9c1 100644 --- a/.github/workflows/test-int.yml +++ b/.github/workflows/test-int.yml @@ -12,6 +12,7 @@ on: jobs: int-test: name: Integration tests + environment: test runs-on: ubuntu-latest strategy: fail-fast: false