Cat the secrets directly [skip ci]

.github/workflows/containers-and-az-pool.yaml

@@ -115,7 +115,7 @@ jobs:
         with:
           push: true # This can be toggled manually for tweaking.
           tags: |
-            ${{ env.REGISTRY}}/${{ env.IMAGE_NAME }}:test-${{ needs.build-dependencies-image.outputs.tag }}
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:test-${{ needs.build-dependencies-image.outputs.tag }}
           file: ./Dockerfile
           build-args: |
             TAG=${{ needs.build-dependencies-image.outputs.tag }}
@@ -151,37 +151,15 @@ jobs:
 
       - name: Writing out config file
         run: |
-          cat <<EOF > pool-config-${{ github.sha }}.txt
-          [Authentication]
-          keyvault_url = "${{ secrets.CFA_PREDICT_VAULT_URL }}"
-          tenant_id = "${{ secrets.TENANT_ID }}"
-          application_id = "${{ secrets.EDAV_CFA_PREDICT_NNHT_SP_APP_ID}}"
-          subscription_id = "${{ secrets.SUBSCRIPTION_ID}}"
-          user_assigned_identity = "${{ secrets. BATCH_USER_ASSIGNED_IDENTITY }}"
-          client_id = "${{ secrets.AZURE_BATCH_ACCOUNT_CLIENT_ID}}"
-          principal_id = "${{ secrets.PRINCIPAL_ID }}"
-          subnet_id = "${{ secrets.SUBNET_ID }}"
-          resource_group = "${{ secrets.PRD_RESOURCE_GROUP }}"
-
-          [Storage]
-          storage_account_url = "${{ secrets.STORAGE_ACCOUNT_URL }}"
-          storage_account_name = "${{ secrets.STORAGE_ACCOUNT_NAME}}"
-          user_assigned_identity = "${{ secrets.BATCH_USER_ASSIGNED_IDENTITY}}"
-
-          [Container]
-          container_registry_url = "https://${{ env.REGISTRY }}"
-          container_registry_username = "cfaprdbatchcr"
-          container_registry_password = "${{ secrets.CFAPRDBATCHCR_REGISTRY_PASSWORD }}"
-          container_registry_server = "${{ env.REGISTRY }}"
-
-          [Batch]
-          pool_vm_size = "${{ env.VM_SIZE }}"
-          pool_id = "${{ env.POOL_ID }}"
-          batch_account_name = "${{ secrets.BATCH_ACCOUNT_NAME}}"
-
-
+          cat <<EOF > pool-config-${{ github.sha }}.toml
+          ${{ secrets.POOL_CONFIG_TOML }}
           EOF
 
+          # Replacing placeholders in the config file
+          sed -i 's|{{ IMAGE_NAME }}|${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:test-${{ TAG }}|g' pool-config-${{ github.sha }}.toml
+          sed -i 's|{{ VM_SIZE }}|${{ env.VM_SIZE }}|g' pool-config-${{ github.sha }}.toml
+          sed -i 's|{{ POOL_ID }}|${{ env.POOL_ID }}|g' pool-config-${{ github.sha }}.toml
+
       - name: Ensuring the Azure CLI is installed
         run: |
           apt-get update && apt-get install -y --no-install-recommends azure-cli
@@ -228,7 +206,7 @@ jobs:
           # Running the python script azure/pool.py passing the config file
           # as an argument
           pip install -r azure/requirements.txt
-          python3 azure/pool.py pool-config-${{ github.sha }}.txt
+          python3 azure/pool.py pool-config-${{ github.sha }}.toml
 
 
       #########################################################################

.gitignore

@@ -384,3 +384,4 @@ docs
 # cfa-epinow2-pool-config.json
 # for now... will have to gpg encrypt
 cfa-epinow2-batch-pool-config.json
+azure/pool-config.toml

azure/pool.py

@@ -69,6 +69,8 @@ def get_autoscale_formula():
     )
 
     # Create the blob storage container for this batch job
+    # [2024-11-20 George] We are not using this now, so it should be
+    # removed before merging the PR.
     input_container_name = "nnh-rt-input"
     create_container(blob_service_client, input_container_name)
     output_container_name = "nnh-rt-output"