From e84bfdb217238370139c64fdae81d4d77b896cb8 Mon Sep 17 00:00:00 2001 From: Masaya Suzuki Date: Tue, 29 Nov 2022 01:34:33 -0800 Subject: [PATCH] Migrate to GitHub OIDC based auth for Launchable (#11808) This change updates the CI workflows to use the new GitHub OpenID connect based authentication flow. GitHub started to provide a public-key signed token that contain pull-request data. This is commonly used as a short-lived token in the authentication flow (Open ID Connect). Launchable recently started supporting this. Migrate to this new method. The permission clause added to the jobs is more restrictive than the default access except for the "id-token: write" permission (https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token). This should give the e2e tests enough permissions to run. The id-token permission is necessary to get the OIDC ID tokens as instructed by the GitHub article https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings. See https://docs.launchableinc.com/sending-data-to-launchable/migration-to-github-oidc-auth for the overview and the process. Signed-off-by: Masaya Suzuki Signed-off-by: Masaya Suzuki --- .github/workflows/cluster_endtoend_12.yml | 5 ++++- .github/workflows/cluster_endtoend_13.yml | 5 ++++- .github/workflows/cluster_endtoend_15.yml | 5 ++++- .github/workflows/cluster_endtoend_18.yml | 5 ++++- .github/workflows/cluster_endtoend_21.yml | 5 ++++- .github/workflows/cluster_endtoend_22.yml | 5 ++++- .../workflows/cluster_endtoend_ers_prs_newfeatures_heavy.yml | 5 ++++- .github/workflows/cluster_endtoend_mysql80.yml | 5 ++++- .github/workflows/cluster_endtoend_mysql_server_vault.yml | 5 ++++- .github/workflows/cluster_endtoend_onlineddl_declarative.yml | 5 ++++- .../cluster_endtoend_onlineddl_declarative_mysql57.yml | 5 ++++- .github/workflows/cluster_endtoend_onlineddl_ghost.yml | 5 ++++- .../workflows/cluster_endtoend_onlineddl_ghost_mysql57.yml | 5 ++++- .github/workflows/cluster_endtoend_onlineddl_revert.yml | 5 ++++- .../workflows/cluster_endtoend_onlineddl_revert_mysql57.yml | 5 ++++- .github/workflows/cluster_endtoend_onlineddl_revertible.yml | 5 ++++- .../cluster_endtoend_onlineddl_revertible_mysql57.yml | 5 ++++- .github/workflows/cluster_endtoend_onlineddl_scheduler.yml | 5 ++++- .../cluster_endtoend_onlineddl_scheduler_mysql57.yml | 5 ++++- .github/workflows/cluster_endtoend_onlineddl_singleton.yml | 5 ++++- .../cluster_endtoend_onlineddl_singleton_mysql57.yml | 5 ++++- .github/workflows/cluster_endtoend_onlineddl_vrepl.yml | 5 ++++- .../workflows/cluster_endtoend_onlineddl_vrepl_mysql57.yml | 5 ++++- .../workflows/cluster_endtoend_onlineddl_vrepl_stress.yml | 5 ++++- .../cluster_endtoend_onlineddl_vrepl_stress_mysql57.yml | 5 ++++- .../cluster_endtoend_onlineddl_vrepl_stress_suite.yml | 5 ++++- ...cluster_endtoend_onlineddl_vrepl_stress_suite_mysql57.yml | 5 ++++- .github/workflows/cluster_endtoend_onlineddl_vrepl_suite.yml | 5 ++++- .../cluster_endtoend_onlineddl_vrepl_suite_mysql57.yml | 5 ++++- .github/workflows/cluster_endtoend_schemadiff_vrepl.yml | 5 ++++- .../workflows/cluster_endtoend_schemadiff_vrepl_mysql57.yml | 5 ++++- .github/workflows/cluster_endtoend_tabletmanager_consul.yml | 5 ++++- .github/workflows/cluster_endtoend_tabletmanager_tablegc.yml | 5 ++++- .../cluster_endtoend_tabletmanager_tablegc_mysql57.yml | 5 ++++- .../workflows/cluster_endtoend_tabletmanager_throttler.yml | 5 ++++- ...luster_endtoend_tabletmanager_throttler_custom_config.yml | 5 ++++- .../cluster_endtoend_tabletmanager_throttler_topo.yml | 5 ++++- .github/workflows/cluster_endtoend_topo_connection_cache.yml | 5 ++++- .../cluster_endtoend_vreplication_across_db_versions.yml | 5 ++++- .github/workflows/cluster_endtoend_vreplication_basic.yml | 5 ++++- .../workflows/cluster_endtoend_vreplication_cellalias.yml | 5 ++++- ...uster_endtoend_vreplication_migrate_vdiff2_convert_tz.yml | 5 ++++- .../workflows/cluster_endtoend_vreplication_multicell.yml | 5 ++++- .github/workflows/cluster_endtoend_vreplication_v2.yml | 5 ++++- .github/workflows/cluster_endtoend_vstream_failover.yml | 5 ++++- .../cluster_endtoend_vstream_stoponreshard_false.yml | 5 ++++- .../cluster_endtoend_vstream_stoponreshard_true.yml | 5 ++++- .../cluster_endtoend_vstream_with_keyspaces_to_watch.yml | 5 ++++- .github/workflows/cluster_endtoend_vtbackup.yml | 5 ++++- ...luster_endtoend_vtctlbackup_sharded_clustertest_heavy.yml | 5 ++++- .github/workflows/cluster_endtoend_vtgate_concurrentdml.yml | 5 ++++- .github/workflows/cluster_endtoend_vtgate_gen4.yml | 5 ++++- .github/workflows/cluster_endtoend_vtgate_general_heavy.yml | 5 ++++- .github/workflows/cluster_endtoend_vtgate_godriver.yml | 5 ++++- .../workflows/cluster_endtoend_vtgate_partial_keyspace.yml | 5 ++++- .github/workflows/cluster_endtoend_vtgate_queries.yml | 5 ++++- .github/workflows/cluster_endtoend_vtgate_readafterwrite.yml | 5 ++++- .github/workflows/cluster_endtoend_vtgate_reservedconn.yml | 5 ++++- .github/workflows/cluster_endtoend_vtgate_schema.yml | 5 ++++- .github/workflows/cluster_endtoend_vtgate_schema_tracker.yml | 5 ++++- .../cluster_endtoend_vtgate_tablet_healthcheck_cache.yml | 5 ++++- .github/workflows/cluster_endtoend_vtgate_topo.yml | 5 ++++- .github/workflows/cluster_endtoend_vtgate_topo_consul.yml | 5 ++++- .github/workflows/cluster_endtoend_vtgate_topo_etcd.yml | 5 ++++- .github/workflows/cluster_endtoend_vtgate_transaction.yml | 5 ++++- .github/workflows/cluster_endtoend_vtgate_unsharded.yml | 5 ++++- .github/workflows/cluster_endtoend_vtgate_vindex_heavy.yml | 5 ++++- .github/workflows/cluster_endtoend_vtgate_vschema.yml | 5 ++++- .github/workflows/cluster_endtoend_vtorc.yml | 5 ++++- .github/workflows/cluster_endtoend_vtorc_mysql57.yml | 5 ++++- .github/workflows/cluster_endtoend_vttablet_prscomplex.yml | 5 ++++- .github/workflows/cluster_endtoend_xb_backup.yml | 5 ++++- .github/workflows/cluster_endtoend_xb_backup_mysql57.yml | 5 ++++- .github/workflows/cluster_endtoend_xb_recovery.yml | 5 ++++- .github/workflows/cluster_endtoend_xb_recovery_mysql57.yml | 5 ++++- test/templates/cluster_endtoend_test.tpl | 5 ++++- test/templates/cluster_endtoend_test_mysql57.tpl | 5 ++++- 77 files changed, 308 insertions(+), 77 deletions(-) diff --git a/.github/workflows/cluster_endtoend_12.yml b/.github/workflows/cluster_endtoend_12.yml index e03ac583bcf..a7d609c17e9 100644 --- a/.github/workflows/cluster_endtoend_12.yml +++ b/.github/workflows/cluster_endtoend_12.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (12) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_13.yml b/.github/workflows/cluster_endtoend_13.yml index 3f66af8e41a..453b498db47 100644 --- a/.github/workflows/cluster_endtoend_13.yml +++ b/.github/workflows/cluster_endtoend_13.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (13) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_15.yml b/.github/workflows/cluster_endtoend_15.yml index 73932f2c47d..69d5c9c235f 100644 --- a/.github/workflows/cluster_endtoend_15.yml +++ b/.github/workflows/cluster_endtoend_15.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (15) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_18.yml b/.github/workflows/cluster_endtoend_18.yml index 67efe9046b5..0ed49f4f77b 100644 --- a/.github/workflows/cluster_endtoend_18.yml +++ b/.github/workflows/cluster_endtoend_18.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (18) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_21.yml b/.github/workflows/cluster_endtoend_21.yml index 83674bcdc06..cd8a9e4941f 100644 --- a/.github/workflows/cluster_endtoend_21.yml +++ b/.github/workflows/cluster_endtoend_21.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (21) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_22.yml b/.github/workflows/cluster_endtoend_22.yml index 839b5d47fb2..c8d83a4db51 100644 --- a/.github/workflows/cluster_endtoend_22.yml +++ b/.github/workflows/cluster_endtoend_22.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (22) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_ers_prs_newfeatures_heavy.yml b/.github/workflows/cluster_endtoend_ers_prs_newfeatures_heavy.yml index 202f976c4e6..b15478c5cb9 100644 --- a/.github/workflows/cluster_endtoend_ers_prs_newfeatures_heavy.yml +++ b/.github/workflows/cluster_endtoend_ers_prs_newfeatures_heavy.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (ers_prs_newfeatures_heavy) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_mysql80.yml b/.github/workflows/cluster_endtoend_mysql80.yml index b402688736f..aed8ea5b72e 100644 --- a/.github/workflows/cluster_endtoend_mysql80.yml +++ b/.github/workflows/cluster_endtoend_mysql80.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (mysql80) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_mysql_server_vault.yml b/.github/workflows/cluster_endtoend_mysql_server_vault.yml index 51404bc7830..0d861826d2c 100644 --- a/.github/workflows/cluster_endtoend_mysql_server_vault.yml +++ b/.github/workflows/cluster_endtoend_mysql_server_vault.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (mysql_server_vault) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_onlineddl_declarative.yml b/.github/workflows/cluster_endtoend_onlineddl_declarative.yml index 96886a93e58..bea3d75689f 100644 --- a/.github/workflows/cluster_endtoend_onlineddl_declarative.yml +++ b/.github/workflows/cluster_endtoend_onlineddl_declarative.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (onlineddl_declarative) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_onlineddl_declarative_mysql57.yml b/.github/workflows/cluster_endtoend_onlineddl_declarative_mysql57.yml index 968cfe9b690..c261d436352 100644 --- a/.github/workflows/cluster_endtoend_onlineddl_declarative_mysql57.yml +++ b/.github/workflows/cluster_endtoend_onlineddl_declarative_mysql57.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (onlineddl_declarative) mysql57 runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_onlineddl_ghost.yml b/.github/workflows/cluster_endtoend_onlineddl_ghost.yml index 66d37682e3a..d22963d9c83 100644 --- a/.github/workflows/cluster_endtoend_onlineddl_ghost.yml +++ b/.github/workflows/cluster_endtoend_onlineddl_ghost.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (onlineddl_ghost) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_onlineddl_ghost_mysql57.yml b/.github/workflows/cluster_endtoend_onlineddl_ghost_mysql57.yml index 902aadc2042..fbc349d16ea 100644 --- a/.github/workflows/cluster_endtoend_onlineddl_ghost_mysql57.yml +++ b/.github/workflows/cluster_endtoend_onlineddl_ghost_mysql57.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (onlineddl_ghost) mysql57 runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_onlineddl_revert.yml b/.github/workflows/cluster_endtoend_onlineddl_revert.yml index 145e68e4545..815bd215309 100644 --- a/.github/workflows/cluster_endtoend_onlineddl_revert.yml +++ b/.github/workflows/cluster_endtoend_onlineddl_revert.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (onlineddl_revert) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_onlineddl_revert_mysql57.yml b/.github/workflows/cluster_endtoend_onlineddl_revert_mysql57.yml index b8d355eb3c0..7a4cb5946db 100644 --- a/.github/workflows/cluster_endtoend_onlineddl_revert_mysql57.yml +++ b/.github/workflows/cluster_endtoend_onlineddl_revert_mysql57.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (onlineddl_revert) mysql57 runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_onlineddl_revertible.yml b/.github/workflows/cluster_endtoend_onlineddl_revertible.yml index ae1789b1e8e..d435b886b3f 100644 --- a/.github/workflows/cluster_endtoend_onlineddl_revertible.yml +++ b/.github/workflows/cluster_endtoend_onlineddl_revertible.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (onlineddl_revertible) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_onlineddl_revertible_mysql57.yml b/.github/workflows/cluster_endtoend_onlineddl_revertible_mysql57.yml index d025230233c..9da53c39fe2 100644 --- a/.github/workflows/cluster_endtoend_onlineddl_revertible_mysql57.yml +++ b/.github/workflows/cluster_endtoend_onlineddl_revertible_mysql57.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (onlineddl_revertible) mysql57 runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_onlineddl_scheduler.yml b/.github/workflows/cluster_endtoend_onlineddl_scheduler.yml index c6f9a44a06e..78f11055210 100644 --- a/.github/workflows/cluster_endtoend_onlineddl_scheduler.yml +++ b/.github/workflows/cluster_endtoend_onlineddl_scheduler.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (onlineddl_scheduler) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_onlineddl_scheduler_mysql57.yml b/.github/workflows/cluster_endtoend_onlineddl_scheduler_mysql57.yml index 58024902dfc..8080912ada5 100644 --- a/.github/workflows/cluster_endtoend_onlineddl_scheduler_mysql57.yml +++ b/.github/workflows/cluster_endtoend_onlineddl_scheduler_mysql57.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (onlineddl_scheduler) mysql57 runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_onlineddl_singleton.yml b/.github/workflows/cluster_endtoend_onlineddl_singleton.yml index d3f25bd1a22..6fa1d8a3aee 100644 --- a/.github/workflows/cluster_endtoend_onlineddl_singleton.yml +++ b/.github/workflows/cluster_endtoend_onlineddl_singleton.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (onlineddl_singleton) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_onlineddl_singleton_mysql57.yml b/.github/workflows/cluster_endtoend_onlineddl_singleton_mysql57.yml index f59b9ed2541..0c6c8f8c6e7 100644 --- a/.github/workflows/cluster_endtoend_onlineddl_singleton_mysql57.yml +++ b/.github/workflows/cluster_endtoend_onlineddl_singleton_mysql57.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (onlineddl_singleton) mysql57 runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_onlineddl_vrepl.yml b/.github/workflows/cluster_endtoend_onlineddl_vrepl.yml index 33375df390e..6a56e4d7f7d 100644 --- a/.github/workflows/cluster_endtoend_onlineddl_vrepl.yml +++ b/.github/workflows/cluster_endtoend_onlineddl_vrepl.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (onlineddl_vrepl) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_onlineddl_vrepl_mysql57.yml b/.github/workflows/cluster_endtoend_onlineddl_vrepl_mysql57.yml index 26c6d01440e..753a9fcf505 100644 --- a/.github/workflows/cluster_endtoend_onlineddl_vrepl_mysql57.yml +++ b/.github/workflows/cluster_endtoend_onlineddl_vrepl_mysql57.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (onlineddl_vrepl) mysql57 runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_onlineddl_vrepl_stress.yml b/.github/workflows/cluster_endtoend_onlineddl_vrepl_stress.yml index fd42e41ce6d..840b7eb7d06 100644 --- a/.github/workflows/cluster_endtoend_onlineddl_vrepl_stress.yml +++ b/.github/workflows/cluster_endtoend_onlineddl_vrepl_stress.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (onlineddl_vrepl_stress) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_onlineddl_vrepl_stress_mysql57.yml b/.github/workflows/cluster_endtoend_onlineddl_vrepl_stress_mysql57.yml index 40517d35936..ab3d6ef4eb8 100644 --- a/.github/workflows/cluster_endtoend_onlineddl_vrepl_stress_mysql57.yml +++ b/.github/workflows/cluster_endtoend_onlineddl_vrepl_stress_mysql57.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (onlineddl_vrepl_stress) mysql57 runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_onlineddl_vrepl_stress_suite.yml b/.github/workflows/cluster_endtoend_onlineddl_vrepl_stress_suite.yml index 26776f24b28..61f3b034bcf 100644 --- a/.github/workflows/cluster_endtoend_onlineddl_vrepl_stress_suite.yml +++ b/.github/workflows/cluster_endtoend_onlineddl_vrepl_stress_suite.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (onlineddl_vrepl_stress_suite) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_onlineddl_vrepl_stress_suite_mysql57.yml b/.github/workflows/cluster_endtoend_onlineddl_vrepl_stress_suite_mysql57.yml index f45d16ac8a5..e0154c81b86 100644 --- a/.github/workflows/cluster_endtoend_onlineddl_vrepl_stress_suite_mysql57.yml +++ b/.github/workflows/cluster_endtoend_onlineddl_vrepl_stress_suite_mysql57.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (onlineddl_vrepl_stress_suite) mysql57 runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_onlineddl_vrepl_suite.yml b/.github/workflows/cluster_endtoend_onlineddl_vrepl_suite.yml index 0a079742de5..0a0d1273d39 100644 --- a/.github/workflows/cluster_endtoend_onlineddl_vrepl_suite.yml +++ b/.github/workflows/cluster_endtoend_onlineddl_vrepl_suite.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (onlineddl_vrepl_suite) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_onlineddl_vrepl_suite_mysql57.yml b/.github/workflows/cluster_endtoend_onlineddl_vrepl_suite_mysql57.yml index d3a980b2609..6ec8972e555 100644 --- a/.github/workflows/cluster_endtoend_onlineddl_vrepl_suite_mysql57.yml +++ b/.github/workflows/cluster_endtoend_onlineddl_vrepl_suite_mysql57.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (onlineddl_vrepl_suite) mysql57 runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_schemadiff_vrepl.yml b/.github/workflows/cluster_endtoend_schemadiff_vrepl.yml index 838e2adf428..7f3423a7ffa 100644 --- a/.github/workflows/cluster_endtoend_schemadiff_vrepl.yml +++ b/.github/workflows/cluster_endtoend_schemadiff_vrepl.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (schemadiff_vrepl) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_schemadiff_vrepl_mysql57.yml b/.github/workflows/cluster_endtoend_schemadiff_vrepl_mysql57.yml index f8870d0760a..d639ac088c4 100644 --- a/.github/workflows/cluster_endtoend_schemadiff_vrepl_mysql57.yml +++ b/.github/workflows/cluster_endtoend_schemadiff_vrepl_mysql57.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (schemadiff_vrepl) mysql57 runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_tabletmanager_consul.yml b/.github/workflows/cluster_endtoend_tabletmanager_consul.yml index b3b0db6d166..615b0d7df77 100644 --- a/.github/workflows/cluster_endtoend_tabletmanager_consul.yml +++ b/.github/workflows/cluster_endtoend_tabletmanager_consul.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (tabletmanager_consul) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_tabletmanager_tablegc.yml b/.github/workflows/cluster_endtoend_tabletmanager_tablegc.yml index 487ef3211bb..b507eaa5a7f 100644 --- a/.github/workflows/cluster_endtoend_tabletmanager_tablegc.yml +++ b/.github/workflows/cluster_endtoend_tabletmanager_tablegc.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (tabletmanager_tablegc) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_tabletmanager_tablegc_mysql57.yml b/.github/workflows/cluster_endtoend_tabletmanager_tablegc_mysql57.yml index 8b37d84172e..92619b78b0a 100644 --- a/.github/workflows/cluster_endtoend_tabletmanager_tablegc_mysql57.yml +++ b/.github/workflows/cluster_endtoend_tabletmanager_tablegc_mysql57.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (tabletmanager_tablegc) mysql57 runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_tabletmanager_throttler.yml b/.github/workflows/cluster_endtoend_tabletmanager_throttler.yml index 9c5de9c317b..52d7587c4cf 100644 --- a/.github/workflows/cluster_endtoend_tabletmanager_throttler.yml +++ b/.github/workflows/cluster_endtoend_tabletmanager_throttler.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (tabletmanager_throttler) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_tabletmanager_throttler_custom_config.yml b/.github/workflows/cluster_endtoend_tabletmanager_throttler_custom_config.yml index 2dca6aafed9..422557b99ce 100644 --- a/.github/workflows/cluster_endtoend_tabletmanager_throttler_custom_config.yml +++ b/.github/workflows/cluster_endtoend_tabletmanager_throttler_custom_config.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (tabletmanager_throttler_custom_config) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_tabletmanager_throttler_topo.yml b/.github/workflows/cluster_endtoend_tabletmanager_throttler_topo.yml index d98c8048ae7..0fd4c68bd59 100644 --- a/.github/workflows/cluster_endtoend_tabletmanager_throttler_topo.yml +++ b/.github/workflows/cluster_endtoend_tabletmanager_throttler_topo.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (tabletmanager_throttler_topo) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_topo_connection_cache.yml b/.github/workflows/cluster_endtoend_topo_connection_cache.yml index 48edb2f9ab9..4e97e364ab5 100644 --- a/.github/workflows/cluster_endtoend_topo_connection_cache.yml +++ b/.github/workflows/cluster_endtoend_topo_connection_cache.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (topo_connection_cache) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vreplication_across_db_versions.yml b/.github/workflows/cluster_endtoend_vreplication_across_db_versions.yml index a7151434f33..f5549b68838 100644 --- a/.github/workflows/cluster_endtoend_vreplication_across_db_versions.yml +++ b/.github/workflows/cluster_endtoend_vreplication_across_db_versions.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vreplication_across_db_versions) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vreplication_basic.yml b/.github/workflows/cluster_endtoend_vreplication_basic.yml index 2e4a51c6788..deb98bd278a 100644 --- a/.github/workflows/cluster_endtoend_vreplication_basic.yml +++ b/.github/workflows/cluster_endtoend_vreplication_basic.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vreplication_basic) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vreplication_cellalias.yml b/.github/workflows/cluster_endtoend_vreplication_cellalias.yml index 2e7df0d4083..3b209019a21 100644 --- a/.github/workflows/cluster_endtoend_vreplication_cellalias.yml +++ b/.github/workflows/cluster_endtoend_vreplication_cellalias.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vreplication_cellalias) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vreplication_migrate_vdiff2_convert_tz.yml b/.github/workflows/cluster_endtoend_vreplication_migrate_vdiff2_convert_tz.yml index 410de96102c..b6139103722 100644 --- a/.github/workflows/cluster_endtoend_vreplication_migrate_vdiff2_convert_tz.yml +++ b/.github/workflows/cluster_endtoend_vreplication_migrate_vdiff2_convert_tz.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vreplication_migrate_vdiff2_convert_tz) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vreplication_multicell.yml b/.github/workflows/cluster_endtoend_vreplication_multicell.yml index da8883a2055..db8139f342a 100644 --- a/.github/workflows/cluster_endtoend_vreplication_multicell.yml +++ b/.github/workflows/cluster_endtoend_vreplication_multicell.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vreplication_multicell) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vreplication_v2.yml b/.github/workflows/cluster_endtoend_vreplication_v2.yml index b48515dc6ea..b094f8c6c23 100644 --- a/.github/workflows/cluster_endtoend_vreplication_v2.yml +++ b/.github/workflows/cluster_endtoend_vreplication_v2.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vreplication_v2) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vstream_failover.yml b/.github/workflows/cluster_endtoend_vstream_failover.yml index 8b8ea8c31fb..698c3dff08c 100644 --- a/.github/workflows/cluster_endtoend_vstream_failover.yml +++ b/.github/workflows/cluster_endtoend_vstream_failover.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vstream_failover) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vstream_stoponreshard_false.yml b/.github/workflows/cluster_endtoend_vstream_stoponreshard_false.yml index 2bf5603be9c..88de137109c 100644 --- a/.github/workflows/cluster_endtoend_vstream_stoponreshard_false.yml +++ b/.github/workflows/cluster_endtoend_vstream_stoponreshard_false.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vstream_stoponreshard_false) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vstream_stoponreshard_true.yml b/.github/workflows/cluster_endtoend_vstream_stoponreshard_true.yml index 248c1938c39..3773c576c4b 100644 --- a/.github/workflows/cluster_endtoend_vstream_stoponreshard_true.yml +++ b/.github/workflows/cluster_endtoend_vstream_stoponreshard_true.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vstream_stoponreshard_true) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vstream_with_keyspaces_to_watch.yml b/.github/workflows/cluster_endtoend_vstream_with_keyspaces_to_watch.yml index 8ea6a744956..d2be334a4df 100644 --- a/.github/workflows/cluster_endtoend_vstream_with_keyspaces_to_watch.yml +++ b/.github/workflows/cluster_endtoend_vstream_with_keyspaces_to_watch.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vstream_with_keyspaces_to_watch) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtbackup.yml b/.github/workflows/cluster_endtoend_vtbackup.yml index 17b9a09c58e..00506c7f5e9 100644 --- a/.github/workflows/cluster_endtoend_vtbackup.yml +++ b/.github/workflows/cluster_endtoend_vtbackup.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtbackup) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtctlbackup_sharded_clustertest_heavy.yml b/.github/workflows/cluster_endtoend_vtctlbackup_sharded_clustertest_heavy.yml index e3b0b165407..74ff9be3be9 100644 --- a/.github/workflows/cluster_endtoend_vtctlbackup_sharded_clustertest_heavy.yml +++ b/.github/workflows/cluster_endtoend_vtctlbackup_sharded_clustertest_heavy.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtctlbackup_sharded_clustertest_heavy) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtgate_concurrentdml.yml b/.github/workflows/cluster_endtoend_vtgate_concurrentdml.yml index ee21b00b84c..9188cbb9fc0 100644 --- a/.github/workflows/cluster_endtoend_vtgate_concurrentdml.yml +++ b/.github/workflows/cluster_endtoend_vtgate_concurrentdml.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtgate_concurrentdml) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtgate_gen4.yml b/.github/workflows/cluster_endtoend_vtgate_gen4.yml index e40ba611d2c..52eaeca3806 100644 --- a/.github/workflows/cluster_endtoend_vtgate_gen4.yml +++ b/.github/workflows/cluster_endtoend_vtgate_gen4.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtgate_gen4) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtgate_general_heavy.yml b/.github/workflows/cluster_endtoend_vtgate_general_heavy.yml index 6123a64a4c6..8a845bcac3f 100644 --- a/.github/workflows/cluster_endtoend_vtgate_general_heavy.yml +++ b/.github/workflows/cluster_endtoend_vtgate_general_heavy.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtgate_general_heavy) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtgate_godriver.yml b/.github/workflows/cluster_endtoend_vtgate_godriver.yml index 8c1813fb3fa..d593eb2105d 100644 --- a/.github/workflows/cluster_endtoend_vtgate_godriver.yml +++ b/.github/workflows/cluster_endtoend_vtgate_godriver.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtgate_godriver) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtgate_partial_keyspace.yml b/.github/workflows/cluster_endtoend_vtgate_partial_keyspace.yml index b2be7a7b9e4..31480c4fc84 100644 --- a/.github/workflows/cluster_endtoend_vtgate_partial_keyspace.yml +++ b/.github/workflows/cluster_endtoend_vtgate_partial_keyspace.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtgate_partial_keyspace) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtgate_queries.yml b/.github/workflows/cluster_endtoend_vtgate_queries.yml index 7c6ed82966e..2230618f937 100644 --- a/.github/workflows/cluster_endtoend_vtgate_queries.yml +++ b/.github/workflows/cluster_endtoend_vtgate_queries.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtgate_queries) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtgate_readafterwrite.yml b/.github/workflows/cluster_endtoend_vtgate_readafterwrite.yml index f4e4ce1a58f..1f274198f51 100644 --- a/.github/workflows/cluster_endtoend_vtgate_readafterwrite.yml +++ b/.github/workflows/cluster_endtoend_vtgate_readafterwrite.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtgate_readafterwrite) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtgate_reservedconn.yml b/.github/workflows/cluster_endtoend_vtgate_reservedconn.yml index ef1352a2aec..f3a0b5f7425 100644 --- a/.github/workflows/cluster_endtoend_vtgate_reservedconn.yml +++ b/.github/workflows/cluster_endtoend_vtgate_reservedconn.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtgate_reservedconn) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtgate_schema.yml b/.github/workflows/cluster_endtoend_vtgate_schema.yml index 69372bea97f..4794398890a 100644 --- a/.github/workflows/cluster_endtoend_vtgate_schema.yml +++ b/.github/workflows/cluster_endtoend_vtgate_schema.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtgate_schema) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtgate_schema_tracker.yml b/.github/workflows/cluster_endtoend_vtgate_schema_tracker.yml index ce465c296c0..c7acbe06e43 100644 --- a/.github/workflows/cluster_endtoend_vtgate_schema_tracker.yml +++ b/.github/workflows/cluster_endtoend_vtgate_schema_tracker.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtgate_schema_tracker) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtgate_tablet_healthcheck_cache.yml b/.github/workflows/cluster_endtoend_vtgate_tablet_healthcheck_cache.yml index 5a121c80410..431c9a05ff1 100644 --- a/.github/workflows/cluster_endtoend_vtgate_tablet_healthcheck_cache.yml +++ b/.github/workflows/cluster_endtoend_vtgate_tablet_healthcheck_cache.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtgate_tablet_healthcheck_cache) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtgate_topo.yml b/.github/workflows/cluster_endtoend_vtgate_topo.yml index 138a2050fc6..58eea812a23 100644 --- a/.github/workflows/cluster_endtoend_vtgate_topo.yml +++ b/.github/workflows/cluster_endtoend_vtgate_topo.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtgate_topo) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtgate_topo_consul.yml b/.github/workflows/cluster_endtoend_vtgate_topo_consul.yml index d1b8228856c..1a18bf30586 100644 --- a/.github/workflows/cluster_endtoend_vtgate_topo_consul.yml +++ b/.github/workflows/cluster_endtoend_vtgate_topo_consul.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtgate_topo_consul) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtgate_topo_etcd.yml b/.github/workflows/cluster_endtoend_vtgate_topo_etcd.yml index e2fb5663120..b18e30e0804 100644 --- a/.github/workflows/cluster_endtoend_vtgate_topo_etcd.yml +++ b/.github/workflows/cluster_endtoend_vtgate_topo_etcd.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtgate_topo_etcd) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtgate_transaction.yml b/.github/workflows/cluster_endtoend_vtgate_transaction.yml index 99ce1d4cebb..d6b49387b8f 100644 --- a/.github/workflows/cluster_endtoend_vtgate_transaction.yml +++ b/.github/workflows/cluster_endtoend_vtgate_transaction.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtgate_transaction) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtgate_unsharded.yml b/.github/workflows/cluster_endtoend_vtgate_unsharded.yml index 7756da24364..1988f9ecc15 100644 --- a/.github/workflows/cluster_endtoend_vtgate_unsharded.yml +++ b/.github/workflows/cluster_endtoend_vtgate_unsharded.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtgate_unsharded) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtgate_vindex_heavy.yml b/.github/workflows/cluster_endtoend_vtgate_vindex_heavy.yml index e43282072fd..f070824cc66 100644 --- a/.github/workflows/cluster_endtoend_vtgate_vindex_heavy.yml +++ b/.github/workflows/cluster_endtoend_vtgate_vindex_heavy.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtgate_vindex_heavy) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtgate_vschema.yml b/.github/workflows/cluster_endtoend_vtgate_vschema.yml index 0ff034604f0..1d301b81b6a 100644 --- a/.github/workflows/cluster_endtoend_vtgate_vschema.yml +++ b/.github/workflows/cluster_endtoend_vtgate_vschema.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtgate_vschema) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtorc.yml b/.github/workflows/cluster_endtoend_vtorc.yml index 863678042ba..6421a406de4 100644 --- a/.github/workflows/cluster_endtoend_vtorc.yml +++ b/.github/workflows/cluster_endtoend_vtorc.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtorc) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vtorc_mysql57.yml b/.github/workflows/cluster_endtoend_vtorc_mysql57.yml index 57ef3168d10..77e3c24717a 100644 --- a/.github/workflows/cluster_endtoend_vtorc_mysql57.yml +++ b/.github/workflows/cluster_endtoend_vtorc_mysql57.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vtorc) mysql57 runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_vttablet_prscomplex.yml b/.github/workflows/cluster_endtoend_vttablet_prscomplex.yml index 74fe50fbe3f..47486c5a4fd 100644 --- a/.github/workflows/cluster_endtoend_vttablet_prscomplex.yml +++ b/.github/workflows/cluster_endtoend_vttablet_prscomplex.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (vttablet_prscomplex) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_xb_backup.yml b/.github/workflows/cluster_endtoend_xb_backup.yml index 9f0c02b5431..123acf5810b 100644 --- a/.github/workflows/cluster_endtoend_xb_backup.yml +++ b/.github/workflows/cluster_endtoend_xb_backup.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (xb_backup) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_xb_backup_mysql57.yml b/.github/workflows/cluster_endtoend_xb_backup_mysql57.yml index 90519f8310f..c0cfcfc419b 100644 --- a/.github/workflows/cluster_endtoend_xb_backup_mysql57.yml +++ b/.github/workflows/cluster_endtoend_xb_backup_mysql57.yml @@ -9,7 +9,7 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 # This is used if we need to pin the xtrabackup version used in tests. # If this is NOT set then the latest version available will be used. @@ -19,6 +19,9 @@ jobs: build: name: Run endtoend tests on Cluster (xb_backup) mysql57 runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_xb_recovery.yml b/.github/workflows/cluster_endtoend_xb_recovery.yml index 7b3c3be33fa..88ba9820199 100644 --- a/.github/workflows/cluster_endtoend_xb_recovery.yml +++ b/.github/workflows/cluster_endtoend_xb_recovery.yml @@ -9,12 +9,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on Cluster (xb_recovery) runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/.github/workflows/cluster_endtoend_xb_recovery_mysql57.yml b/.github/workflows/cluster_endtoend_xb_recovery_mysql57.yml index 44546f3e594..38a9c3f315c 100644 --- a/.github/workflows/cluster_endtoend_xb_recovery_mysql57.yml +++ b/.github/workflows/cluster_endtoend_xb_recovery_mysql57.yml @@ -9,7 +9,7 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{ github.event.pull_request.head.sha }}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 # This is used if we need to pin the xtrabackup version used in tests. # If this is NOT set then the latest version available will be used. @@ -19,6 +19,9 @@ jobs: build: name: Run endtoend tests on Cluster (xb_recovery) mysql57 runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/test/templates/cluster_endtoend_test.tpl b/test/templates/cluster_endtoend_test.tpl index e0bfe3e1a45..f0aa850f41d 100644 --- a/test/templates/cluster_endtoend_test.tpl +++ b/test/templates/cluster_endtoend_test.tpl @@ -7,12 +7,15 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{`{{ github.event.pull_request.head.sha }}`}}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 jobs: build: name: Run endtoend tests on {{.Name}} runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI diff --git a/test/templates/cluster_endtoend_test_mysql57.tpl b/test/templates/cluster_endtoend_test_mysql57.tpl index 238fab09b11..3ddffa31fb4 100644 --- a/test/templates/cluster_endtoend_test_mysql57.tpl +++ b/test/templates/cluster_endtoend_test_mysql57.tpl @@ -7,7 +7,7 @@ concurrency: env: LAUNCHABLE_ORGANIZATION: "vitess" LAUNCHABLE_WORKSPACE: "vitess-app" - GITHUB_PR_HEAD_SHA: "${{`{{ github.event.pull_request.head.sha }}`}}" + EXPERIMENTAL_GITHUB_OIDC_TOKEN_AUTH: 1 {{if .InstallXtraBackup}} # This is used if we need to pin the xtrabackup version used in tests. # If this is NOT set then the latest version available will be used. @@ -18,6 +18,9 @@ jobs: build: name: Run endtoend tests on {{.Name}} runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read steps: - name: Skip CI