From 1c2ccb880464a469611eb124d7c13094a878589d Mon Sep 17 00:00:00 2001 From: josvaz Date: Thu, 3 Oct 2024 15:01:15 +0200 Subject: [PATCH] CLOUDP-237043: Use separated secret envs (#1844) * CLOUDP-237043: Use seggregated secret envs Signed-off-by: jose.vazquez * Remove _NEW_TEST fallbacks --------- Signed-off-by: jose.vazquez --- .github/workflows/cleanup-all.yml | 107 ++---------------- .github/workflows/cleanup-gov-test.yml | 68 +++++++++++ .github/workflows/cleanup-test.yml | 68 +++++++++++ .github/workflows/openshift-upgrade-test.yaml | 1 + .github/workflows/release-openshift.yaml | 1 + .github/workflows/test-contract.yml | 1 + .github/workflows/test-e2e-gov.yml | 1 + .github/workflows/test-e2e.yml | 11 +- .github/workflows/test-int.yml | 1 + 9 files changed, 156 insertions(+), 103 deletions(-) create mode 100644 .github/workflows/cleanup-gov-test.yml create mode 100644 .github/workflows/cleanup-test.yml diff --git a/.github/workflows/cleanup-all.yml b/.github/workflows/cleanup-all.yml index 2071fcd300..769262f963 100644 --- a/.github/workflows/cleanup-all.yml +++ b/.github/workflows/cleanup-all.yml @@ -1,8 +1,6 @@ -name: Clean Atlas organization +name: Clean All Atlas organizations on: - schedule: - - cron: "*/30 7-22 * * 1-5" workflow_dispatch: inputs: lifetime: @@ -10,99 +8,14 @@ on: type: number default: 1 required: true - commercial: - description: "Clean commercial Atlas environments" - type: boolean - default: true - required: true - government: - description: "Clean government Atlas environments" - type: boolean - default: true - required: true - -concurrency: - group: cleanup jobs: - calculate-targets: - name: Calculate targets for execution - runs-on: ubuntu-latest - outputs: - targets: ${{ steps.set-targets.outputs.targets }} - steps: - - id: set-targets - name: Set Targets - env: - EVENT: ${{ github.event_name }} - COMMERCIAL: ${{ inputs.commercial }} - GOVERNMENT: ${{ inputs.government }} - run: | - if [ "$EVENT" == "schedule" ]; then - echo 'targets=["CloudQA", "CloudGovQA"]' >> $GITHUB_OUTPUT - exit 0 - fi - - ENVS=() - - if [ "$COMMERCIAL" == true ]; then - ENVS+=("CloudQA") - fi - - if [ "$GOVERNMENT" == true ]; then - ENVS+=("CloudGovQA") - fi - - JSON=$(printf '%s\n' "${ENVS[@]}" | jq -R . | jq -cs .) - - echo "targets=$JSON" >> $GITHUB_OUTPUT - - cleanup: - name: Cleanup Atlas Cloud - runs-on: ubuntu-latest - needs: - - calculate-targets - strategy: - matrix: - target: ${{ fromJSON(needs.calculate-targets.outputs.targets) }} - steps: - - name: Checkout codebase - uses: actions/checkout@v4 - - - name: Install devbox - uses: jetify-com/devbox-install-action@v0.11.0 - with: - enable-cache: 'true' - - - name: Build clean tool - run: | - devbox run -- 'cd tools/clean && go build .' - - - name: Persist GCP credentials - id: gcp-cred - env: - GCP_SA_CRED: ${{ secrets.GCP_SA_CRED_NEW_TEST }} - run: | - echo $GCP_SA_CRED > ~/gcp_sa_cred.json - - echo credentials=$(realpath ~/gcp_sa_cred.json) >> $GITHUB_OUTPUT - - - name: Run cleaner - env: - MCLI_OPS_MANAGER_URL: ${{ matrix.target == 'CloudQA' && 'https://cloud-qa.mongodb.com/' || 'https://cloud-qa.mongodbgov.com/' }} - MCLI_PUBLIC_API_KEY: ${{ matrix.target == 'CloudQA' && secrets.ATLAS_PUBLIC_KEY || secrets.ATLAS_GOV_PUBLIC_KEY}} - MCLI_PRIVATE_API_KEY: ${{ matrix.target == 'CloudQA' && secrets.ATLAS_PRIVATE_KEY || secrets.ATLAS_GOV_PRIVATE_KEY }} - MCLI_ORG_ID: ${{ matrix.target == 'CloudQA' && secrets.ATLAS_ORG_ID || secrets.ATLAS_GOV_ORG_ID }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.gcp-cred.outputs.credentials }} - GOOGLE_PROJECT_ID: atlasoperator - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_NEW_TEST }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET_NEW_TEST }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - AZURE_RESOURCE_GROUP_NAME: svet-test - PROJECT_LIFETIME: ${{ inputs.lifetime || 1 }} - run: | - devbox run -- 'cd tools/clean && ./clean atlas' - + clean-tests: + uses: ./.github/workflows/cleanup-test.yml + with: + lifetime: 1 + + clean-gov-tests: + uses: ./.github/workflows/cleanup-gov-test.yml + with: + lifetime: 1 diff --git a/.github/workflows/cleanup-gov-test.yml b/.github/workflows/cleanup-gov-test.yml new file mode 100644 index 0000000000..2f67521cae --- /dev/null +++ b/.github/workflows/cleanup-gov-test.yml @@ -0,0 +1,68 @@ +name: Clean Atlas Gov organization + +on: + schedule: + - cron: "*/87 7-22 * * 1-5" + workflow_dispatch: + inputs: + lifetime: + description: "Lifetime of project in hours" + type: number + default: 1 + required: true + workflow_call: + inputs: + lifetime: + description: "Lifetime of project in hours" + type: number + default: 1 + required: true + +concurrency: + group: cleanup-gov-test + +jobs: + cleanup: + environment: gov-test + name: Cleanup Atlas Gov Cloud + runs-on: ubuntu-latest + steps: + - name: Checkout codebase + uses: actions/checkout@v4 + + - name: Install devbox + uses: jetify-com/devbox-install-action@v0.11.0 + with: + enable-cache: 'true' + + - name: Build clean tool + run: | + devbox run -- 'cd tools/clean && go build .' + + - name: Persist GCP credentials + id: gcp-cred + env: + GCP_SA_CRED: ${{ secrets.GCP_SA_CRED }} + run: | + echo $GCP_SA_CRED > ~/gcp_sa_cred.json + + echo credentials=$(realpath ~/gcp_sa_cred.json) >> $GITHUB_OUTPUT + + - name: Run cleaner + env: + MCLI_OPS_MANAGER_URL: 'https://cloud-qa.mongodbgov.com/' + MCLI_PUBLIC_API_KEY: ${{ secrets.ATLAS_GOV_PUBLIC_KEY }} + MCLI_PRIVATE_API_KEY: ${{ secrets.ATLAS_GOV_PRIVATE_KEY }} + MCLI_ORG_ID: ${{ secrets.ATLAS_GOV_ORG_ID }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.gcp-cred.outputs.credentials }} + GOOGLE_PROJECT_ID: atlasoperator + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + AZURE_RESOURCE_GROUP_NAME: svet-test + PROJECT_LIFETIME: ${{ inputs.lifetime || 1 }} + run: | + devbox run -- 'cd tools/clean && ./clean atlas' diff --git a/.github/workflows/cleanup-test.yml b/.github/workflows/cleanup-test.yml new file mode 100644 index 0000000000..699843be40 --- /dev/null +++ b/.github/workflows/cleanup-test.yml @@ -0,0 +1,68 @@ +name: Clean Atlas organization + +on: + schedule: + - cron: "*/30 7-22 * * 1-5" + workflow_dispatch: + inputs: + lifetime: + description: "Lifetime of project in hours" + type: number + default: 1 + required: true + workflow_call: + inputs: + lifetime: + description: "Lifetime of project in hours" + type: number + default: 1 + required: true + +concurrency: + group: cleanup-test + +jobs: + cleanup: + environment: test + name: Cleanup Atlas Cloud + runs-on: ubuntu-latest + steps: + - name: Checkout codebase + uses: actions/checkout@v4 + + - name: Install devbox + uses: jetify-com/devbox-install-action@v0.11.0 + with: + enable-cache: 'true' + + - name: Build clean tool + run: | + devbox run -- 'cd tools/clean && go build .' + + - name: Persist GCP credentials + id: gcp-cred + env: + GCP_SA_CRED: ${{ secrets.GCP_SA_CRED }} + run: | + echo $GCP_SA_CRED > ~/gcp_sa_cred.json + + echo credentials=$(realpath ~/gcp_sa_cred.json) >> $GITHUB_OUTPUT + + - name: Run cleaner + env: + MCLI_OPS_MANAGER_URL: 'https://cloud-qa.mongodb.com/' + MCLI_PUBLIC_API_KEY: ${{ secrets.ATLAS_PUBLIC_KEY }} + MCLI_PRIVATE_API_KEY: ${{ secrets.ATLAS_PRIVATE_KEY }} + MCLI_ORG_ID: ${{ secrets.ATLAS_ORG_ID }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.gcp-cred.outputs.credentials }} + GOOGLE_PROJECT_ID: atlasoperator + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + AZURE_RESOURCE_GROUP_NAME: svet-test + PROJECT_LIFETIME: ${{ inputs.lifetime || 1 }} + run: | + devbox run -- 'cd tools/clean && ./clean atlas' diff --git a/.github/workflows/openshift-upgrade-test.yaml b/.github/workflows/openshift-upgrade-test.yaml index a3f825ea60..840a263e9e 100644 --- a/.github/workflows/openshift-upgrade-test.yaml +++ b/.github/workflows/openshift-upgrade-test.yaml @@ -29,6 +29,7 @@ concurrency: jobs: e2e-tests: name: Upgrade test on Openshift + environment: openshift-test runs-on: ubuntu-latest if: ${{ vars.SKIP_OPENSHIFT != 'true' }} steps: diff --git a/.github/workflows/release-openshift.yaml b/.github/workflows/release-openshift.yaml index 7dc924f06d..81ff1dd755 100644 --- a/.github/workflows/release-openshift.yaml +++ b/.github/workflows/release-openshift.yaml @@ -8,6 +8,7 @@ on: jobs: release-openshift: name: "Create Pull request for openshift release" + environment: openshift-test runs-on: ubuntu-latest env: GITHUB_TOKEN: ${{ github.token }} diff --git a/.github/workflows/test-contract.yml b/.github/workflows/test-contract.yml index 5951962334..10c33bbbf5 100644 --- a/.github/workflows/test-contract.yml +++ b/.github/workflows/test-contract.yml @@ -7,6 +7,7 @@ on: jobs: contract: name: Contract Tests + environment: test runs-on: ubuntu-latest steps: - name: Check out code diff --git a/.github/workflows/test-e2e-gov.yml b/.github/workflows/test-e2e-gov.yml index 89c98e7a79..21be6738f0 100644 --- a/.github/workflows/test-e2e-gov.yml +++ b/.github/workflows/test-e2e-gov.yml @@ -7,6 +7,7 @@ on: jobs: e2e-gov: name: E2E Gov tests + environment: gov-test runs-on: ubuntu-latest steps: - name: Check out code diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index f264bd6c8c..ed4ad329db 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -11,7 +11,6 @@ on: jobs: compute: - environment: test name: "Compute test matrix" runs-on: ubuntu-latest outputs: @@ -29,6 +28,7 @@ jobs: cat "${GITHUB_OUTPUT}" prepare-e2e: name: Prepare E2E configuration and image + environment: release runs-on: ubuntu-latest env: REPOSITORY: ${{ github.repository_owner }}/mongodb-atlas-kubernetes-operator-prerelease @@ -135,6 +135,7 @@ jobs: forked: ${{ inputs.forked }} e2e: name: E2E tests + environment: test needs: [compute, prepare-e2e, prepare-e2e-bundle] runs-on: ubuntu-latest env: @@ -253,16 +254,14 @@ jobs: K8S_PLATFORM: "${{ steps.properties.outputs.k8s_platform }}" K8S_VERSION: "${{ steps.properties.outputs.k8s_version }}" TEST_NAME: "${{ matrix.test }}" - DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_ACCOUNT_ARN_LIST: ${{ secrets.AWS_ACCOUNT_ARN_LIST }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_NEW_TEST }} + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET_NEW_TEST }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - GCP_SA_CRED: ${{ secrets.GCP_SA_CRED_NEW_TEST }} + GCP_SA_CRED: ${{ secrets.GCP_SA_CRED }} DATADOG_KEY: ${{ secrets.DATADOG_KEY }} PAGER_DUTY_SERVICE_KEY: ${{ secrets.PAGER_DUTY_SERVICE_KEY }} run: | diff --git a/.github/workflows/test-int.yml b/.github/workflows/test-int.yml index 65b48c2340..ba0486a9c1 100644 --- a/.github/workflows/test-int.yml +++ b/.github/workflows/test-int.yml @@ -12,6 +12,7 @@ on: jobs: int-test: name: Integration tests + environment: test runs-on: ubuntu-latest strategy: fail-fast: false