ci: reduce noise from warnings (#3055)

* Fix whitespace errors * Remove usage of external action to URI encode component * Upgrade Azure login action to v2.1 * Remove GitHub actions warning when running e2e test with NOP payload * Only try to upload updated tf state if it exists * Upgrade out of date aws credential actions --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-10-01 01:36:09 -04:00 · 2024-05-03 08:17:40 +02:00 · 2024-05-03 08:17:40 +02:00 · 259e85d9c1
commit 259e85d9c1
parent 3d2a023ccf
7 changed files with 26 additions and 32 deletions
--- a/.github/actions/e2e_cleanup_timeframe/action.yml
+++ b/.github/actions/e2e_cleanup_timeframe/action.yml
@ -16,7 +16,7 @@ runs:
  using: "composite"
  steps:
    - name: Authenticate AWS
-      uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
+      uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
      with:
        role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EDestroy
        aws-region: eu-central-1
@ -42,5 +42,3 @@ runs:
      env:
        GH_TOKEN: ${{ inputs.ghToken }}
        ENCRYPTION_SECRET: ${{ inputs.encryptionSecret }}
-
-
--- a/.github/actions/e2e_test/action.yml
+++ b/.github/actions/e2e_test/action.yml
@ -330,7 +330,7 @@ runs:
      if: (inputs.test == 'nop') || (inputs.test == 'upgrade')
      shell: bash
      run: |
-        echo "::warning::This test has a nop payload. It doesn't run any tests."
+        echo "This test has a nop payload. It doesn't run any tests."
        echo "Sleeping for 30 seconds to allow logs to propagate to the log collection service."
        sleep 30

--- a/.github/actions/login_azure/action.yml
+++ b/.github/actions/login_azure/action.yml
@ -10,6 +10,6 @@ runs:
    # As described at:
    # https://github.com/Azure/login#configure-deployment-credentials
    - name: Login to Azure
-      uses: azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
+      uses: azure/login@6b2456866fc08b011acb422a92a4aa20e2c4de32 # v2.1.0
      with:
        creds: ${{ inputs.azure_credentials }}
--- a/.github/actions/notify_e2e_failure/action.yml
+++ b/.github/actions/notify_e2e_failure/action.yml
@ -36,12 +36,6 @@ runs:
      shell: bash
      run: echo "CURRENT_DATE=$(date +'%Y-%m-%d %H:%M:%S')" >> $GITHUB_ENV

-    - name: Encode URI component
-      uses: Ablestor/encode-uri-component-action@790ea01bcf2d5ca4d0dbe8c15351a87b47f22f61 # v1.3
-      id: encode-uri-component
-      with:
-        string: ${{ inputs.test }}
-
    - name: Create body template
      id: body-template
      shell: bash
@ -69,13 +63,15 @@ runs:
          fi
        }

+        e2eTestPayload=$(echo "${{ inputs.test }}" | jq -R -r @uri)
+
        q=$(echo "(filters:!(
          $(queryGen cloud.provider "${{ inputs.provider }}")
          $(queryGen metadata.github.ref-stream "${{ inputs.refStream }}")
          $(queryGen metadata.github.kubernetes-version "${{ inputs.kubernetesVersion }}")
          $(queryGen metadata.github.attestation-variant "${{ inputs.attestationVariant }}")
          $(queryGen metadata.github.cluster-creation "${{ inputs.clusterCreation }}")
-          $(queryGen metadata.github.e2e-test-payload "${{ steps.encode-uri-component.outputs.string }}")
+          $(queryGen metadata.github.e2e-test-payload "${e2eTestPayload}")
          (query:(match_phrase:(metadata.github.run-id:${{ github.run_id }})))
          ))" | tr -d "\t\n ")

--- a/.github/actions/update_tfstate/action.yml
+++ b/.github/actions/update_tfstate/action.yml
@ -2,7 +2,7 @@ name: Update TFState
 description: "Update the terraform state artifact."

 inputs:
-  name: 
+  name:
    description: "The name of the artifact that contains the tfstate."
    required: true
  runID:
@ -20,17 +20,17 @@ runs:
  using: "composite"
  steps:
    - name: Check if tfstate should be deleted
-      if: always() && ${{ inputs.skipDeletion }} == "false"
+      if: always() && inputs.skipDeletion == 'false'
      shell: bash
      run: |
-        if [ ! -d constellation-terraform ] && [ ! -d constellation-iam-terraform ]; then
-        echo "DELETE_TF_STATE=true" >> "$GITHUB_ENV"     
+        if [[ ! -d constellation-terraform ]] && [[ ! -d constellation-iam-terraform ]]; then
+          echo "DELETE_TF_STATE=true" >> "$GITHUB_ENV"
        else
-        echo "DELETE_TF_STATE=false" >> "$GITHUB_ENV"
+          echo "DELETE_TF_STATE=false" >> "$GITHUB_ENV"
        fi

    - name: Delete tfstate artifact if necessary
-      if: always() && env.DELETE_TF_STATE == 'true' && ${{ inputs.skipDeletion }} == "false"
+      if: always() && env.DELETE_TF_STATE == 'true' && inputs.skipDeletion == 'false'
      uses: ./.github/actions/artifact_delete
      with:
        name: ${{ inputs.name }}
@ -41,22 +41,24 @@ runs:
      shell: bash
      run: |
        rm -rf to-zip/*
+        mkdir -p to-zip
+
        to_upload=""
-        if [ -d constellation-terraform ]; then
-        cp -r constellation-terraform to-zip
-        rm to-zip/constellation-terraform/plan.zip
-        rm -rf to-zip/constellation-terraform/.terraform
-        to_upload+="to-zip/constellation-terraform"
+        if [[ -d constellation-terraform ]]; then
+          cp -r constellation-terraform to-zip
+          rm -f to-zip/constellation-terraform/plan.zip
+          rm -rf to-zip/constellation-terraform/.terraform
+          to_upload+="to-zip/constellation-terraform"
        fi
-        if [ -d constellation-iam-terraform ]; then
-        cp -r constellation-iam-terraform to-zip
-        rm -rf to-zip/constellation-iam-terraform/.terraform
-        to_upload+=" to-zip/constellation-iam-terraform"
+        if [[ -d constellation-iam-terraform ]]; then
+          cp -r constellation-iam-terraform to-zip
+          rm -rf to-zip/constellation-iam-terraform/.terraform
+          to_upload+=" to-zip/constellation-iam-terraform"
        fi
        echo "TO_UPLOAD=$to_upload" >> "$GITHUB_ENV"

    - name: Update tfstate
-      if: always()
+      if: always() && env.TO_UPLOAD != ''
      uses: ./.github/actions/artifact_upload
      with:
        name: ${{ inputs.name }}
@ -64,5 +66,3 @@ runs:
          ${{ env.TO_UPLOAD }}
        encryptionSecret: ${{ inputs.encryptionSecret }}
        overwrite: true
-
-
--- a/.github/workflows/e2e-test-provider-example.yml
+++ b/.github/workflows/e2e-test-provider-example.yml
@ -156,7 +156,7 @@ jobs:

      - name: Login to AWS (IAM + Cluster role)
        if: steps.determine.outputs.cloudProvider == 'aws'
-        uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
        with:
          role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ETerraform
          aws-region: eu-central-1
--- a/.github/workflows/e2e-test-weekly.yml
+++ b/.github/workflows/e2e-test-weekly.yml
@ -385,7 +385,7 @@ jobs:
          GH_TOKEN: ${{ github.token }}
        uses: ./.github/actions/update_tfstate
        with:
-          name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }} 
+          name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }}
          runID: ${{ github.run_id }}
          encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}