Skip to content

Commit

Permalink
ci(pr): disable jobs that require AWS access until a valid set of key…
Browse files Browse the repository at this point in the history
…s are available as secrets

Signed-off-by: Alvaro Lopez Hernandez <alvaro.lopezhernandez@engineering.digital.dwp.gov.uk>
  • Loading branch information
alv-lop committed Oct 31, 2023
1 parent 65a32d1 commit b0285f3
Showing 1 changed file with 99 additions and 98 deletions.
197 changes: 99 additions & 98 deletions .github/workflows/pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -51,103 +51,104 @@ jobs:
run: |
cat results/results.json
docker:
name: Docker build and push
runs-on: ubuntu-latest
if: github.event.pull_request.draft == false
needs: check-aws-credentials
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to AWS ECR
uses: docker/login-action@v2
with:
registry: ${{ secrets.AWS_ACCOUNT }}.dkr.ecr.eu-west-1.amazonaws.com
username: ${{ secrets.ACTIONS_ACCESS_KEY_ID }}
password: ${{ secrets.ACTIONS_SECRET_ACCESS_KEY }}
- name: Build and push
uses: docker/build-push-action@v3
with:
context: docker-image
build-args: 'KONG=2.8.1.1'
push: true
tags: |
ghcr.io/dwp/terraform-aws-kong-gateway:${{ github.run_number }}
${{ secrets.AWS_ACCOUNT }}.dkr.ecr.eu-west-1.amazonaws.com/terraform-aws-kong-gateway:${{ github.run_number }}
## Commenting until ACTIONS_ACCESS_KEY_ID and ACTIONS_SECRET_ACCESS_KEY are set with a valid set of credentials.
#
# docker:
# name: Docker build and push
# runs-on: ubuntu-latest
# if: github.event.pull_request.draft == false
# needs: check-aws-credentials
# steps:
# - name: Checkout repo
# uses: actions/checkout@v3
# - name: Set up Docker Buildx
# uses: docker/setup-buildx-action@v2
# - name: Login to GitHub Container Registry
# uses: docker/login-action@v2
# with:
# registry: ghcr.io
# username: ${{ github.actor }}
# password: ${{ secrets.GITHUB_TOKEN }}
# - name: Login to AWS ECR
# uses: docker/login-action@v2
# with:
# registry: ${{ secrets.AWS_ACCOUNT }}.dkr.ecr.eu-west-1.amazonaws.com
# username: ${{ secrets.ACTIONS_ACCESS_KEY_ID }}
# password: ${{ secrets.ACTIONS_SECRET_ACCESS_KEY }}
# - name: Build and push
# uses: docker/build-push-action@v3
# with:
# context: docker-image
# build-args: 'KONG=2.8.1.1'
# push: true
# tags: |
# ghcr.io/dwp/terraform-aws-kong-gateway:${{ github.run_number }}
# ${{ secrets.AWS_ACCOUNT }}.dkr.ecr.eu-west-1.amazonaws.com/terraform-aws-kong-gateway:${{ github.run_number }}

check-aws-credentials:
name: Test AWS Credentials
runs-on: ubuntu-latest
if: github.event.pull_request.draft == false
steps:
- name: Test AWS Credentials
uses: docker://amazon/aws-cli
with:
args: ec2 describe-availability-zones --region us-east-1
env:
AWS_ACCESS_KEY_ID: ${{ secrets.ACTIONS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.ACTIONS_SECRET_ACCESS_KEY }}
# check-aws-credentials:
# name: Test AWS Credentials
# runs-on: ubuntu-latest
# if: github.event.pull_request.draft == false
# steps:
# - name: Test AWS Credentials
# uses: docker://amazon/aws-cli
# with:
# args: ec2 describe-availability-zones --region us-east-1
# env:
# AWS_ACCESS_KEY_ID: ${{ secrets.ACTIONS_ACCESS_KEY_ID }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.ACTIONS_SECRET_ACCESS_KEY }}

test:
name: Kitchen-Terraform
runs-on: ubuntu-latest
if: github.event.pull_request.draft == false
needs:
- check-aws-credentials
- docker
env:
GEMFILE_DIR: .
AWS_ACCESS_KEY_ID: ${{ secrets.ACTIONS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.ACTIONS_SECRET_ACCESS_KEY }}
TF_VAR_region: eu-west-1
TF_VAR_vpc_cidr_block: "10.0.0.0/16"
TF_VAR_kong_database_password: ${{ secrets.KONG_DATABASE_PASSWORD }}

steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Kitchen Test ECS
uses: dwp/github-action-kitchen-terraform@v2.0.1
with:
terraform-version: 0.14.7
kitchen-command: test hybrid-ecs --destroy=always
aws-account-number: ${{ secrets.AWS_ACCOUNT }}
env:
AWS_ACCESS_KEY_ID: ${{ secrets.ACTIONS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.ACTIONS_SECRET_ACCESS_KEY }}
TF_VAR_region: eu-west-1
TF_VAR_environment: GHA-${{ github.run_number }}
TF_VAR_vpc_cidr_block: "10.0.0.0/16"
TF_VAR_kong_database_password: ${{ secrets.KONG_DATABASE_PASSWORD }}
TF_VAR_image_url: ${{ secrets.AWS_ACCOUNT }}.dkr.ecr.eu-west-1.amazonaws.com/terraform-aws-kong-gateway:${{ github.run_number }}
KONG_EE_LICENSE: ${{ secrets.KONG_EE_LICENSE }}
- name: Kitchen Test Amazon Linux 2
uses: dwp/github-action-kitchen-terraform@v2.0.1
with:
terraform-version: 0.14.7
kitchen-command: test hybrid-amazon-linux --destroy=always
aws-account-number: ${{ secrets.AWS_ACCOUNT }}
env:
AWS_ACCESS_KEY_ID: ${{ secrets.ACTIONS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.ACTIONS_SECRET_ACCESS_KEY }}
TF_VAR_region: eu-west-1
TF_VAR_environment: GHA-${{ github.run_number }}
TF_VAR_vpc_cidr_block: "10.0.0.0/16"
TF_VAR_kong_database_password: ${{ secrets.KONG_DATABASE_PASSWORD }}
- name: Deactivate AWS Credentials
if: ${{ always() }}
uses: docker://amazon/aws-cli
with:
args: iam update-access-key --access-key-id ${{ secrets.ACTIONS_ACCESS_KEY_ID }} --status Inactive
env:
AWS_REGION: us-east-1
AWS_ACCESS_KEY_ID: ${{ secrets.ACTIONS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.ACTIONS_SECRET_ACCESS_KEY }}
# test:
# name: Kitchen-Terraform
# runs-on: ubuntu-latest
# if: github.event.pull_request.draft == false
# needs:
# - check-aws-credentials
# - docker
# env:
# GEMFILE_DIR: .
# AWS_ACCESS_KEY_ID: ${{ secrets.ACTIONS_ACCESS_KEY_ID }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.ACTIONS_SECRET_ACCESS_KEY }}
# TF_VAR_region: eu-west-1
# TF_VAR_vpc_cidr_block: "10.0.0.0/16"
# TF_VAR_kong_database_password: ${{ secrets.KONG_DATABASE_PASSWORD }}
# steps:
# - name: Checkout repo
# uses: actions/checkout@v2
# - name: Kitchen Test ECS
# uses: dwp/github-action-kitchen-terraform@v2.0.1
# with:
# terraform-version: 0.14.7
# kitchen-command: test hybrid-ecs --destroy=always
# aws-account-number: ${{ secrets.AWS_ACCOUNT }}
# env:
# AWS_ACCESS_KEY_ID: ${{ secrets.ACTIONS_ACCESS_KEY_ID }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.ACTIONS_SECRET_ACCESS_KEY }}
# TF_VAR_region: eu-west-1
# TF_VAR_environment: GHA-${{ github.run_number }}
# TF_VAR_vpc_cidr_block: "10.0.0.0/16"
# TF_VAR_kong_database_password: ${{ secrets.KONG_DATABASE_PASSWORD }}
# TF_VAR_image_url: ${{ secrets.AWS_ACCOUNT }}.dkr.ecr.eu-west-1.amazonaws.com/terraform-aws-kong-gateway:${{ github.run_number }}
# KONG_EE_LICENSE: ${{ secrets.KONG_EE_LICENSE }}
# - name: Kitchen Test Amazon Linux 2
# uses: dwp/github-action-kitchen-terraform@v2.0.1
# with:
# terraform-version: 0.14.7
# kitchen-command: test hybrid-amazon-linux --destroy=always
# aws-account-number: ${{ secrets.AWS_ACCOUNT }}
# env:
# AWS_ACCESS_KEY_ID: ${{ secrets.ACTIONS_ACCESS_KEY_ID }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.ACTIONS_SECRET_ACCESS_KEY }}
# TF_VAR_region: eu-west-1
# TF_VAR_environment: GHA-${{ github.run_number }}
# TF_VAR_vpc_cidr_block: "10.0.0.0/16"
# TF_VAR_kong_database_password: ${{ secrets.KONG_DATABASE_PASSWORD }}
# - name: Deactivate AWS Credentials
# if: ${{ always() }}
# uses: docker://amazon/aws-cli
# with:
# args: iam update-access-key --access-key-id ${{ secrets.ACTIONS_ACCESS_KEY_ID }} --status Inactive
# env:
# AWS_REGION: us-east-1
# AWS_ACCESS_KEY_ID: ${{ secrets.ACTIONS_ACCESS_KEY_ID }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.ACTIONS_SECRET_ACCESS_KEY }}

0 comments on commit b0285f3

Please sign in to comment.