Split ci (#917)

ovotech · Jan 10, 2024 · d2b5736 · d2b5736
1 parent 70eb07e
commit d2b5736
Show file tree

Hide file tree

Showing 3 changed files with 86 additions and 70 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -5,34 +5,6 @@ on:
  workflow_dispatch:
 
 jobs:
- ci_block:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v3
- - name: block on ci workflows
- id: block
- env:
- GITHUB_TOKEN: ${{ github.token }}
- MIN_WAIT: 30
- MAX_WAIT: 300
- run: bash ./scripts/ci_concurrency.sh
- dependabot:
- permissions:
- contents: write
- runs-on: ubuntu-latest
- if: github.actor == 'dependabot[bot]'
- steps:
- - name: Dependabot metadata
- id: metadata
- uses: dependabot/fetch-metadata@v1
- with:
- github-token: "${{ secrets.GITHUB_TOKEN }}"
- - name: Enable auto-merge for Dependabot PRs
- if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
- run: gh pr merge --auto --merge "$PR_URL"
- env:
- PR_URL: ${{github.event.pull_request.html_url}}
- GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
  go_checks:
  runs-on: ubuntu-latest
  container: eversc/go-pr-checks:1.19
@@ -57,27 +29,6 @@ jobs:
  - name: go test
  run: |
  go test ./... -v
- test_cloudfunction_deploy:
- runs-on: ubuntu-latest
- container: google/cloud-sdk
- steps:
- - uses: actions/checkout@v3
- - name: deploy cloudfunction
- env:
- GCLOUD_SERVICE_KEY: ${{ secrets.gcloud_service_key }}
- run: |
- echo $GCLOUD_SERVICE_KEY | base64 -d | gcloud auth activate-service-account --key-file=-
- export RAND_SUFFIX=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 8 ; echo '')
- gcloud functions deploy ckr-dummy-$RAND_SUFFIX \
- --region europe-west1 \
- --entry-point Request \
- --runtime go119 \
- --trigger-http \
- --project pe-dev-185509
- gcloud functions delete ckr-dummy-$RAND_SUFFIX \
- --region europe-west1 \
- --project pe-dev-185509 \
- --quiet
  docker_build:
  runs-on: ubuntu-latest
  steps:
@@ -103,24 +54,3 @@ jobs:
  - name: terraform validate
  id: validate
  run: terraform validate -no-color -test-directory=tf_module/ckr_gcp
- e2e_test:
- runs-on: ubuntu-latest
- container: eversc/aws-cli:1.19
- needs: ci_block
- steps:
- - uses: actions/checkout@v3
- - name: e2e test rotation
- env:
- CKR_CREDENTIALS_GITHUBAPITOKEN: ${{ secrets.CKR_GITHUB_TOKEN }}
- AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_E2E_TEST }}
- AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_E2E_TEST }}
- run: |
- export GO111MODULE=on
- go build -o cloud-key-rotator ./cmd
- chmod u+x cloud-key-rotator
- aws secretsmanager get-secret-value --secret-id ckr-config --region eu-west-1 --query SecretString --output text > config.json
- echo "used aws creds"
- ./cloud-key-rotator rotate
- rm config.json
- sleep 10
- if $(aws sts get-caller-identity >/dev/null 2>/dev/null); then exit 1; fi
diff --git a/.github/workflows/dependabot_automerge.yml b/.github/workflows/dependabot_automerge.yml
@@ -0,0 +1,25 @@
+name: Dependabot Automerge
+on:
+ workflow_run:
+ workflows: ["E2E tests"]
+ types:
+ - completed
+
+jobs:
+ dependabot:
+ permissions:
+ contents: write
+ runs-on: ubuntu-latest
+ if: github.actor == 'dependabot[bot]'
+ steps:
+ - name: Dependabot metadata
+ id: metadata
+ uses: dependabot/fetch-metadata@v1
+ with:
+ github-token: "${{ secrets.GITHUB_TOKEN }}"
+ - name: Enable auto-merge for Dependabot PRs
+ if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
+ run: gh pr merge --auto --merge "$PR_URL"
+ env:
+ PR_URL: ${{github.event.pull_request.html_url}}
+ GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
@@ -0,0 +1,61 @@
+name: E2E tests
+on:
+ workflow_run:
+ workflows: ["CI"]
+ types:
+ - completed
+
+jobs:
+ test_cloudfunction_deploy:
+ runs-on: ubuntu-latest
+ container: google/cloud-sdk
+ steps:
+ - uses: actions/checkout@v3
+ - name: deploy cloudfunction
+ env:
+ GCLOUD_SERVICE_KEY: ${{ secrets.gcloud_service_key }}
+ run: |
+ echo $GCLOUD_SERVICE_KEY | base64 -d | gcloud auth activate-service-account --key-file=-
+ export RAND_SUFFIX=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 8 ; echo '')
+ gcloud functions deploy ckr-dummy-$RAND_SUFFIX \
+ --region europe-west1 \
+ --entry-point Request \
+ --runtime go119 \
+ --trigger-http \
+ --project pe-dev-185509
+ gcloud functions delete ckr-dummy-$RAND_SUFFIX \
+ --region europe-west1 \
+ --project pe-dev-185509 \
+ --quiet
+ ci_block:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ - name: block on ci workflows
+ id: block
+ env:
+ GITHUB_TOKEN: ${{ github.token }}
+ MIN_WAIT: 30
+ MAX_WAIT: 300
+ run: bash ./scripts/ci_concurrency.sh
+ e2e_test:
+ runs-on: ubuntu-latest
+ container: eversc/aws-cli:1.19
+ needs: ci_block
+ steps:
+ - uses: actions/checkout@v3
+ - name: e2e test rotation
+ env:
+ CKR_CREDENTIALS_GITHUBAPITOKEN: ${{ secrets.CKR_GITHUB_TOKEN }}
+ AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_E2E_TEST }}
+ AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_E2E_TEST }}
+ run: |
+ export GO111MODULE=on
+ go build -o cloud-key-rotator ./cmd
+ chmod u+x cloud-key-rotator
+ aws secretsmanager get-secret-value --secret-id ckr-config --region eu-west-1 --query SecretString --output text > config.json
+ echo "used aws creds"
+ ./cloud-key-rotator rotate
+ rm config.json
+ sleep 10
+ if $(aws sts get-caller-identity >/dev/null 2>/dev/null); then exit 1; fi