From 501e11130c840ac77457d3beb82eea4555332522 Mon Sep 17 00:00:00 2001 From: Jonathan Perry Date: Tue, 18 Apr 2023 19:09:08 -0400 Subject: [PATCH] Make the AWS role a repository secret (#1622) Making the AWS Role we are assuming a repository secret so we can: 1. Actually set it to the correct value 2. Iterate on the role slightly easier (without needed more PRs) --- .github/workflows/{night-ecr.yml => nightly-ecr.yml} | 5 +++-- .github/workflows/nightly-eks.yml | 2 +- src/test/common.go | 9 +++++---- src/test/nightly/ecr_publish_test.go | 1 + 4 files changed, 10 insertions(+), 7 deletions(-) rename .github/workflows/{night-ecr.yml => nightly-ecr.yml} (86%) diff --git a/.github/workflows/night-ecr.yml b/.github/workflows/nightly-ecr.yml similarity index 86% rename from .github/workflows/night-ecr.yml rename to .github/workflows/nightly-ecr.yml index aec04c21e1..5ca1e7ed62 100644 --- a/.github/workflows/night-ecr.yml +++ b/.github/workflows/nightly-ecr.yml @@ -25,14 +25,15 @@ jobs: uses: ./.github/actions/node - name: Build the Zarf binary - run: make zarf-cli-linux-amd + run: make build-cli-linux-amd - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v2 with: - role-to-assume: "zarf-nightly-tester" + role-to-assume: ${{ secrets.AWS_NIGHTLY_ROLE }} aws-region: us-east-1 + # NOTE: The aws cli will need to be explicitly installed on self-hosted runners - name: Login to the ECR Registry run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/t8y5r5z5 ─╯ diff --git a/.github/workflows/nightly-eks.yml b/.github/workflows/nightly-eks.yml index 5f2ad2d5f7..7069f0b7ab 100644 --- a/.github/workflows/nightly-eks.yml +++ b/.github/workflows/nightly-eks.yml @@ -30,7 +30,7 @@ jobs: - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v2 with: - role-to-assume: "zarf-nightly-tester" + role-to-assume: ${{ secrets.AWS_NIGHTLY_ROLE }}} aws-region: us-east-1 - name: Build the eks package diff --git a/src/test/common.go b/src/test/common.go index 70c3209b87..5f968ec9bb 100644 --- a/src/test/common.go +++ b/src/test/common.go @@ -40,7 +40,7 @@ func GetCLIName() string { return binaryName } -// setup actions for each test. +// Setup performs actions prior to each test. func (e2e *ZarfE2ETest) Setup(t *testing.T) { t.Log("Test setup") // Output list of allocated cluster resources @@ -51,7 +51,7 @@ func (e2e *ZarfE2ETest) Setup(t *testing.T) { } } -// setup actions for each test that requires a K8s cluster. +// SetupWithCluster performs actions for each test that requires a K8s cluster. func (e2e *ZarfE2ETest) SetupWithCluster(t *testing.T) { if !e2e.RunClusterTests { t.Skip("") @@ -59,16 +59,17 @@ func (e2e *ZarfE2ETest) SetupWithCluster(t *testing.T) { e2e.Setup(t) } -// teardown actions for each test. +// Teardown performs actions prior to tearing down each test. func (e2e *ZarfE2ETest) Teardown(t *testing.T) { t.Log("Test teardown") } -// execZarfCommand executes a Zarf command. +// ExecZarfCommand executes a Zarf command. func (e2e *ZarfE2ETest) ExecZarfCommand(commandString ...string) (string, string, error) { return exec.CmdWithContext(context.TODO(), exec.PrintCfg(), e2e.ZarfBinPath, commandString...) } +// CleanFiles removes files and directories that have been created during the test. func (e2e *ZarfE2ETest) CleanFiles(files ...string) { for _, file := range files { _ = os.RemoveAll(file) diff --git a/src/test/nightly/ecr_publish_test.go b/src/test/nightly/ecr_publish_test.go index 56be61a9ed..d0b068d7f4 100644 --- a/src/test/nightly/ecr_publish_test.go +++ b/src/test/nightly/ecr_publish_test.go @@ -24,6 +24,7 @@ var ( /* This test assumes the following: 1. The user running the test has a current valid credential to the public.ecr.aws/t8y5r5z5/zarf-nightly repository in their docker config.json + 2. The zarf CLI has been built and is available in the build directory */ func TestECRPublishing(t *testing.T) { t.Log("E2E: Testing component actions")