Make the AWS role a repository secret (#1622)

Making the AWS Role we are assuming a repository secret so we can: 1. Actually set it to the correct value 2. Iterate on the role slightly easier (without needed more PRs)
defenseunicorns · Apr 18, 2023 · 501e111 · 501e111
1 parent 4dcf30f
commit 501e111
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 7 deletions.
diff --git a/.github/workflows/night-ecr.yml → .github/workflows/nightly-ecr.yml b/.github/workflows/night-ecr.yml → .github/workflows/nightly-ecr.yml
@@ -25,14 +25,15 @@ jobs:
  uses: ./.github/actions/node
 
  - name: Build the Zarf binary
- run: make zarf-cli-linux-amd
+ run: make build-cli-linux-amd
 
  - name: Configure AWS Credentials
  uses: aws-actions/configure-aws-credentials@v2
  with:
- role-to-assume: "zarf-nightly-tester"
+ role-to-assume: ${{ secrets.AWS_NIGHTLY_ROLE }}
  aws-region: us-east-1
 
+ # NOTE: The aws cli will need to be explicitly installed on self-hosted runners
  - name: Login to the ECR Registry
  run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/t8y5r5z5 ─╯
 

diff --git a/.github/workflows/nightly-eks.yml b/.github/workflows/nightly-eks.yml
@@ -30,7 +30,7 @@ jobs:
  - name: Configure AWS Credentials
  uses: aws-actions/configure-aws-credentials@v2
  with:
- role-to-assume: "zarf-nightly-tester"
+ role-to-assume: ${{ secrets.AWS_NIGHTLY_ROLE }}}
  aws-region: us-east-1
 
  - name: Build the eks package

diff --git a/src/test/common.go b/src/test/common.go
@@ -40,7 +40,7 @@ func GetCLIName() string {
  return binaryName
 }
 
-// setup actions for each test.
+// Setup performs actions prior to each test.
 func (e2e *ZarfE2ETest) Setup(t *testing.T) {
  t.Log("Test setup")
  // Output list of allocated cluster resources
@@ -51,24 +51,25 @@ func (e2e *ZarfE2ETest) Setup(t *testing.T) {
  }
 }
 
-// setup actions for each test that requires a K8s cluster.
+// SetupWithCluster performs actions for each test that requires a K8s cluster.
 func (e2e *ZarfE2ETest) SetupWithCluster(t *testing.T) {
  if !e2e.RunClusterTests {
  t.Skip("")
  }
  e2e.Setup(t)
 }
 
-// teardown actions for each test.
+// Teardown performs actions prior to tearing down each test.
 func (e2e *ZarfE2ETest) Teardown(t *testing.T) {
  t.Log("Test teardown")
 }
 
-// execZarfCommand executes a Zarf command.
+// ExecZarfCommand executes a Zarf command.
 func (e2e *ZarfE2ETest) ExecZarfCommand(commandString ...string) (string, string, error) {
  return exec.CmdWithContext(context.TODO(), exec.PrintCfg(), e2e.ZarfBinPath, commandString...)
 }
 
+// CleanFiles removes files and directories that have been created during the test.
 func (e2e *ZarfE2ETest) CleanFiles(files ...string) {
  for _, file := range files {
  _ = os.RemoveAll(file)

diff --git a/src/test/nightly/ecr_publish_test.go b/src/test/nightly/ecr_publish_test.go
@@ -24,6 +24,7 @@ var (
 /*
 This test assumes the following:
  1. The user running the test has a current valid credential to the public.ecr.aws/t8y5r5z5/zarf-nightly repository in their docker config.json
+ 2. The zarf CLI has been built and is available in the build directory
 */
 func TestECRPublishing(t *testing.T) {
  t.Log("E2E: Testing component actions")