ci: reduce noise from warnings (#3055)

* Fix whitespace errors
* Remove usage of external action to URI encode component
* Upgrade Azure login action to v2.1
* Remove GitHub actions warning when running e2e test with NOP payload
* Only try to upload updated tf state if it exists
* Upgrade out of date aws credential actions

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2024-05-03 08:17:40 +02:00 committed by GitHub
parent 3d2a023ccf
commit 259e85d9c1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 26 additions and 32 deletions

View File

@ -16,7 +16,7 @@ runs:
using: "composite" using: "composite"
steps: steps:
- name: Authenticate AWS - name: Authenticate AWS
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EDestroy role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EDestroy
aws-region: eu-central-1 aws-region: eu-central-1
@ -42,5 +42,3 @@ runs:
env: env:
GH_TOKEN: ${{ inputs.ghToken }} GH_TOKEN: ${{ inputs.ghToken }}
ENCRYPTION_SECRET: ${{ inputs.encryptionSecret }} ENCRYPTION_SECRET: ${{ inputs.encryptionSecret }}

View File

@ -330,7 +330,7 @@ runs:
if: (inputs.test == 'nop') || (inputs.test == 'upgrade') if: (inputs.test == 'nop') || (inputs.test == 'upgrade')
shell: bash shell: bash
run: | run: |
echo "::warning::This test has a nop payload. It doesn't run any tests." echo "This test has a nop payload. It doesn't run any tests."
echo "Sleeping for 30 seconds to allow logs to propagate to the log collection service." echo "Sleeping for 30 seconds to allow logs to propagate to the log collection service."
sleep 30 sleep 30

View File

@ -10,6 +10,6 @@ runs:
# As described at: # As described at:
# https://github.com/Azure/login#configure-deployment-credentials # https://github.com/Azure/login#configure-deployment-credentials
- name: Login to Azure - name: Login to Azure
uses: azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1 uses: azure/login@6b2456866fc08b011acb422a92a4aa20e2c4de32 # v2.1.0
with: with:
creds: ${{ inputs.azure_credentials }} creds: ${{ inputs.azure_credentials }}

View File

@ -36,12 +36,6 @@ runs:
shell: bash shell: bash
run: echo "CURRENT_DATE=$(date +'%Y-%m-%d %H:%M:%S')" >> $GITHUB_ENV run: echo "CURRENT_DATE=$(date +'%Y-%m-%d %H:%M:%S')" >> $GITHUB_ENV
- name: Encode URI component
uses: Ablestor/encode-uri-component-action@790ea01bcf2d5ca4d0dbe8c15351a87b47f22f61 # v1.3
id: encode-uri-component
with:
string: ${{ inputs.test }}
- name: Create body template - name: Create body template
id: body-template id: body-template
shell: bash shell: bash
@ -69,13 +63,15 @@ runs:
fi fi
} }
e2eTestPayload=$(echo "${{ inputs.test }}" | jq -R -r @uri)
q=$(echo "(filters:!( q=$(echo "(filters:!(
$(queryGen cloud.provider "${{ inputs.provider }}") $(queryGen cloud.provider "${{ inputs.provider }}")
$(queryGen metadata.github.ref-stream "${{ inputs.refStream }}") $(queryGen metadata.github.ref-stream "${{ inputs.refStream }}")
$(queryGen metadata.github.kubernetes-version "${{ inputs.kubernetesVersion }}") $(queryGen metadata.github.kubernetes-version "${{ inputs.kubernetesVersion }}")
$(queryGen metadata.github.attestation-variant "${{ inputs.attestationVariant }}") $(queryGen metadata.github.attestation-variant "${{ inputs.attestationVariant }}")
$(queryGen metadata.github.cluster-creation "${{ inputs.clusterCreation }}") $(queryGen metadata.github.cluster-creation "${{ inputs.clusterCreation }}")
$(queryGen metadata.github.e2e-test-payload "${{ steps.encode-uri-component.outputs.string }}") $(queryGen metadata.github.e2e-test-payload "${e2eTestPayload}")
(query:(match_phrase:(metadata.github.run-id:${{ github.run_id }}))) (query:(match_phrase:(metadata.github.run-id:${{ github.run_id }})))
))" | tr -d "\t\n ") ))" | tr -d "\t\n ")

View File

@ -20,17 +20,17 @@ runs:
using: "composite" using: "composite"
steps: steps:
- name: Check if tfstate should be deleted - name: Check if tfstate should be deleted
if: always() && ${{ inputs.skipDeletion }} == "false" if: always() && inputs.skipDeletion == 'false'
shell: bash shell: bash
run: | run: |
if [ ! -d constellation-terraform ] && [ ! -d constellation-iam-terraform ]; then if [[ ! -d constellation-terraform ]] && [[ ! -d constellation-iam-terraform ]]; then
echo "DELETE_TF_STATE=true" >> "$GITHUB_ENV" echo "DELETE_TF_STATE=true" >> "$GITHUB_ENV"
else else
echo "DELETE_TF_STATE=false" >> "$GITHUB_ENV" echo "DELETE_TF_STATE=false" >> "$GITHUB_ENV"
fi fi
- name: Delete tfstate artifact if necessary - name: Delete tfstate artifact if necessary
if: always() && env.DELETE_TF_STATE == 'true' && ${{ inputs.skipDeletion }} == "false" if: always() && env.DELETE_TF_STATE == 'true' && inputs.skipDeletion == 'false'
uses: ./.github/actions/artifact_delete uses: ./.github/actions/artifact_delete
with: with:
name: ${{ inputs.name }} name: ${{ inputs.name }}
@ -41,22 +41,24 @@ runs:
shell: bash shell: bash
run: | run: |
rm -rf to-zip/* rm -rf to-zip/*
mkdir -p to-zip
to_upload="" to_upload=""
if [ -d constellation-terraform ]; then if [[ -d constellation-terraform ]]; then
cp -r constellation-terraform to-zip cp -r constellation-terraform to-zip
rm to-zip/constellation-terraform/plan.zip rm -f to-zip/constellation-terraform/plan.zip
rm -rf to-zip/constellation-terraform/.terraform rm -rf to-zip/constellation-terraform/.terraform
to_upload+="to-zip/constellation-terraform" to_upload+="to-zip/constellation-terraform"
fi fi
if [ -d constellation-iam-terraform ]; then if [[ -d constellation-iam-terraform ]]; then
cp -r constellation-iam-terraform to-zip cp -r constellation-iam-terraform to-zip
rm -rf to-zip/constellation-iam-terraform/.terraform rm -rf to-zip/constellation-iam-terraform/.terraform
to_upload+=" to-zip/constellation-iam-terraform" to_upload+=" to-zip/constellation-iam-terraform"
fi fi
echo "TO_UPLOAD=$to_upload" >> "$GITHUB_ENV" echo "TO_UPLOAD=$to_upload" >> "$GITHUB_ENV"
- name: Update tfstate - name: Update tfstate
if: always() if: always() && env.TO_UPLOAD != ''
uses: ./.github/actions/artifact_upload uses: ./.github/actions/artifact_upload
with: with:
name: ${{ inputs.name }} name: ${{ inputs.name }}
@ -64,5 +66,3 @@ runs:
${{ env.TO_UPLOAD }} ${{ env.TO_UPLOAD }}
encryptionSecret: ${{ inputs.encryptionSecret }} encryptionSecret: ${{ inputs.encryptionSecret }}
overwrite: true overwrite: true

View File

@ -156,7 +156,7 @@ jobs:
- name: Login to AWS (IAM + Cluster role) - name: Login to AWS (IAM + Cluster role)
if: steps.determine.outputs.cloudProvider == 'aws' if: steps.determine.outputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ETerraform role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ETerraform
aws-region: eu-central-1 aws-region: eu-central-1