ci: reduce noise from warnings (#3055)

* Fix whitespace errors
* Remove usage of external action to URI encode component
* Upgrade Azure login action to v2.1
* Remove GitHub actions warning when running e2e test with NOP payload
* Only try to upload updated tf state if it exists
* Upgrade out of date aws credential actions

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2024-05-03 08:17:40 +02:00 committed by GitHub
parent 3d2a023ccf
commit 259e85d9c1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 26 additions and 32 deletions

View File

@ -16,7 +16,7 @@ runs:
using: "composite"
steps:
- name: Authenticate AWS
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EDestroy
aws-region: eu-central-1
@ -42,5 +42,3 @@ runs:
env:
GH_TOKEN: ${{ inputs.ghToken }}
ENCRYPTION_SECRET: ${{ inputs.encryptionSecret }}

View File

@ -330,7 +330,7 @@ runs:
if: (inputs.test == 'nop') || (inputs.test == 'upgrade')
shell: bash
run: |
echo "::warning::This test has a nop payload. It doesn't run any tests."
echo "This test has a nop payload. It doesn't run any tests."
echo "Sleeping for 30 seconds to allow logs to propagate to the log collection service."
sleep 30

View File

@ -10,6 +10,6 @@ runs:
# As described at:
# https://github.com/Azure/login#configure-deployment-credentials
- name: Login to Azure
uses: azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
uses: azure/login@6b2456866fc08b011acb422a92a4aa20e2c4de32 # v2.1.0
with:
creds: ${{ inputs.azure_credentials }}

View File

@ -36,12 +36,6 @@ runs:
shell: bash
run: echo "CURRENT_DATE=$(date +'%Y-%m-%d %H:%M:%S')" >> $GITHUB_ENV
- name: Encode URI component
uses: Ablestor/encode-uri-component-action@790ea01bcf2d5ca4d0dbe8c15351a87b47f22f61 # v1.3
id: encode-uri-component
with:
string: ${{ inputs.test }}
- name: Create body template
id: body-template
shell: bash
@ -69,13 +63,15 @@ runs:
fi
}
e2eTestPayload=$(echo "${{ inputs.test }}" | jq -R -r @uri)
q=$(echo "(filters:!(
$(queryGen cloud.provider "${{ inputs.provider }}")
$(queryGen metadata.github.ref-stream "${{ inputs.refStream }}")
$(queryGen metadata.github.kubernetes-version "${{ inputs.kubernetesVersion }}")
$(queryGen metadata.github.attestation-variant "${{ inputs.attestationVariant }}")
$(queryGen metadata.github.cluster-creation "${{ inputs.clusterCreation }}")
$(queryGen metadata.github.e2e-test-payload "${{ steps.encode-uri-component.outputs.string }}")
$(queryGen metadata.github.e2e-test-payload "${e2eTestPayload}")
(query:(match_phrase:(metadata.github.run-id:${{ github.run_id }})))
))" | tr -d "\t\n ")

View File

@ -2,7 +2,7 @@ name: Update TFState
description: "Update the terraform state artifact."
inputs:
name:
name:
description: "The name of the artifact that contains the tfstate."
required: true
runID:
@ -20,17 +20,17 @@ runs:
using: "composite"
steps:
- name: Check if tfstate should be deleted
if: always() && ${{ inputs.skipDeletion }} == "false"
if: always() && inputs.skipDeletion == 'false'
shell: bash
run: |
if [ ! -d constellation-terraform ] && [ ! -d constellation-iam-terraform ]; then
echo "DELETE_TF_STATE=true" >> "$GITHUB_ENV"
if [[ ! -d constellation-terraform ]] && [[ ! -d constellation-iam-terraform ]]; then
echo "DELETE_TF_STATE=true" >> "$GITHUB_ENV"
else
echo "DELETE_TF_STATE=false" >> "$GITHUB_ENV"
echo "DELETE_TF_STATE=false" >> "$GITHUB_ENV"
fi
- name: Delete tfstate artifact if necessary
if: always() && env.DELETE_TF_STATE == 'true' && ${{ inputs.skipDeletion }} == "false"
if: always() && env.DELETE_TF_STATE == 'true' && inputs.skipDeletion == 'false'
uses: ./.github/actions/artifact_delete
with:
name: ${{ inputs.name }}
@ -41,22 +41,24 @@ runs:
shell: bash
run: |
rm -rf to-zip/*
mkdir -p to-zip
to_upload=""
if [ -d constellation-terraform ]; then
cp -r constellation-terraform to-zip
rm to-zip/constellation-terraform/plan.zip
rm -rf to-zip/constellation-terraform/.terraform
to_upload+="to-zip/constellation-terraform"
if [[ -d constellation-terraform ]]; then
cp -r constellation-terraform to-zip
rm -f to-zip/constellation-terraform/plan.zip
rm -rf to-zip/constellation-terraform/.terraform
to_upload+="to-zip/constellation-terraform"
fi
if [ -d constellation-iam-terraform ]; then
cp -r constellation-iam-terraform to-zip
rm -rf to-zip/constellation-iam-terraform/.terraform
to_upload+=" to-zip/constellation-iam-terraform"
if [[ -d constellation-iam-terraform ]]; then
cp -r constellation-iam-terraform to-zip
rm -rf to-zip/constellation-iam-terraform/.terraform
to_upload+=" to-zip/constellation-iam-terraform"
fi
echo "TO_UPLOAD=$to_upload" >> "$GITHUB_ENV"
- name: Update tfstate
if: always()
if: always() && env.TO_UPLOAD != ''
uses: ./.github/actions/artifact_upload
with:
name: ${{ inputs.name }}
@ -64,5 +66,3 @@ runs:
${{ env.TO_UPLOAD }}
encryptionSecret: ${{ inputs.encryptionSecret }}
overwrite: true

View File

@ -156,7 +156,7 @@ jobs:
- name: Login to AWS (IAM + Cluster role)
if: steps.determine.outputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ETerraform
aws-region: eu-central-1

View File

@ -385,7 +385,7 @@ jobs:
GH_TOKEN: ${{ github.token }}
uses: ./.github/actions/update_tfstate
with:
name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }}
name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }}
runID: ${{ github.run_id }}
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}