From b90797d31fa7217d5a8d87488f0e6f590ae70dbf Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Tue, 25 Feb 2025 12:55:18 +1100 Subject: [PATCH 01/13] ci(idp-sql): run idp-sql tests in testing isolation --- .github/config/nodejs-prod.jsonc | 3 +-- run/idp-sql/app.js | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/config/nodejs-prod.jsonc b/.github/config/nodejs-prod.jsonc index 5f908446a0..9e0bc57522 100644 --- a/.github/config/nodejs-prod.jsonc +++ b/.github/config/nodejs-prod.jsonc @@ -42,7 +42,7 @@ ".kokoro/", ".prettierignore", ".prettierrc.js", - "cloud-samples-tools", // checked out by GH action in ci-*.yml + "cloud-samples-tools", // checked out by GH action in ci-*.yml "CODEOWNERS", "CODE_OF_CONDUCT.md", "CONTRIBUTING.md", @@ -94,7 +94,6 @@ "healthcare/fhir", // Error: Cannot find module 'whatwg-url' "iam/deny", // PERMISSION_DENIED: Permission iam.googleapis.com/denypolicies.create denied on resource cloudresourcemanager.googleapis.com/projects/long-door-651 "recaptcha_enterprise/snippets", // Cannot use import statement outside a module - "run/idp-sql", // Error: Invalid contents in the credentials file "run/markdown-preview/editor", // Error: could not create an identity token: Cannot fetch ID token in this environment, use GCE or set the GOOGLE_APPLICATION_CREDENTIALS environment variable to a service account credentials JSON file "run/system-package", // Error: ENOENT: no such file or directory, access '/usr/bin/dot' "scheduler", // SyntaxError: Cannot use import statement outside a module diff --git a/run/idp-sql/app.js b/run/idp-sql/app.js index 5543a7aba2..5f974b8473 100644 --- a/run/idp-sql/app.js +++ b/run/idp-sql/app.js @@ -22,7 +22,7 @@ const {authenticateJWT, requestLogger} = require('./middleware'); const app = express(); app.use(express.static(__dirname + '/static')); -// Automatically parse request body as form data. +// Automatically parse request body as form data app.use(express.urlencoded({extended: false})); app.use(express.json()); From 1312379cd93bed735552b60cb471d776dc668a22 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Tue, 25 Feb 2025 14:13:25 +1100 Subject: [PATCH 02/13] add secret --- run/idp-sql/ci-setup.json | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 run/idp-sql/ci-setup.json diff --git a/run/idp-sql/ci-setup.json b/run/idp-sql/ci-setup.json new file mode 100644 index 0000000000..4438f36e58 --- /dev/null +++ b/run/idp-sql/ci-setup.json @@ -0,0 +1,5 @@ +{ + "secrets": { + "IDP_KEY": "nodejs-docs-samples-tests/nodejs-docs-samples-idp-key" + } + } From ae8a90c8658f82158df63a145b4cff5d3c429803 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Tue, 25 Feb 2025 14:19:27 +1100 Subject: [PATCH 03/13] update tests run, copied from eventarc/audit-storage --- run/idp-sql/package.json | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/run/idp-sql/package.json b/run/idp-sql/package.json index 5f7970a3de..7fc26bdee3 100644 --- a/run/idp-sql/package.json +++ b/run/idp-sql/package.json @@ -14,8 +14,10 @@ }, "scripts": { "start": "node index.js", - "test": "c8 mocha -p -j 2 test/app.test.js --timeout=120000 --exit", - "system-test": "c8 mocha -p -j 2 test/system.test.js --timeout=1800000 --exit" + "unit-test": "c8 mocha -p -j 2 test/app.test.js --timeout=120000 --exit", + "system-test": "c8 mocha -p -j 2 test/system.test.js --timeout=1800000 --exit", + "all-test": "npm run unit-test && npm run system-test", + "test": "npm -- run all-test" }, "dependencies": { "express": "^4.16.2", From 00e8114b1357366ec2fe6fb617fbecc932f1bb8c Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Tue, 25 Feb 2025 14:26:28 +1100 Subject: [PATCH 04/13] debug: swap order --- run/idp-sql/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run/idp-sql/package.json b/run/idp-sql/package.json index 7fc26bdee3..67fd4e3704 100644 --- a/run/idp-sql/package.json +++ b/run/idp-sql/package.json @@ -16,7 +16,7 @@ "start": "node index.js", "unit-test": "c8 mocha -p -j 2 test/app.test.js --timeout=120000 --exit", "system-test": "c8 mocha -p -j 2 test/system.test.js --timeout=1800000 --exit", - "all-test": "npm run unit-test && npm run system-test", + "all-test": "npm run system-test && npm run unit-test", "test": "npm -- run all-test" }, "dependencies": { From 7e5ae5ffa38ba4997f2002a9dab050425206df0f Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Tue, 25 Feb 2025 14:34:20 +1100 Subject: [PATCH 05/13] Revert "debug: swap order" This reverts commit 00e8114b1357366ec2fe6fb617fbecc932f1bb8c. --- run/idp-sql/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run/idp-sql/package.json b/run/idp-sql/package.json index 67fd4e3704..7fc26bdee3 100644 --- a/run/idp-sql/package.json +++ b/run/idp-sql/package.json @@ -16,7 +16,7 @@ "start": "node index.js", "unit-test": "c8 mocha -p -j 2 test/app.test.js --timeout=120000 --exit", "system-test": "c8 mocha -p -j 2 test/system.test.js --timeout=1800000 --exit", - "all-test": "npm run system-test && npm run unit-test", + "all-test": "npm run unit-test && npm run system-test", "test": "npm -- run all-test" }, "dependencies": { From f573a2ae4d21711a0b469fa322119b6bc28d9417 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Tue, 25 Feb 2025 14:45:20 +1100 Subject: [PATCH 06/13] debug: update firebase-admin version --- run/idp-sql/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run/idp-sql/package.json b/run/idp-sql/package.json index 7fc26bdee3..1febe62959 100644 --- a/run/idp-sql/package.json +++ b/run/idp-sql/package.json @@ -21,7 +21,7 @@ }, "dependencies": { "express": "^4.16.2", - "firebase-admin": "^12.0.0", + "firebase-admin": "^13.0.0", "gcp-metadata": "^6.0.0", "google-auth-library": "^9.0.0", "handlebars": "^4.7.6", From 21b96051b6d376d1273085c2ec14a73919441425 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Tue, 25 Feb 2025 15:12:56 +1100 Subject: [PATCH 07/13] add env, secrets --- run/idp-sql/ci-setup.json | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/run/idp-sql/ci-setup.json b/run/idp-sql/ci-setup.json index 4438f36e58..7d2895a165 100644 --- a/run/idp-sql/ci-setup.json +++ b/run/idp-sql/ci-setup.json @@ -1,5 +1,12 @@ { - "secrets": { - "IDP_KEY": "nodejs-docs-samples-tests/nodejs-docs-samples-idp-key" - } + "env": { + "SERVICE_NAME": "idp-sql-ci", + "CLOUD_SQL_CONNECTION_NAME": "nodejs-docs-samples-tests:us-central1:postgres-ci", + "DB_NAME": "kokoro_ci", + "DB_USER": "kokoro_ci" + }, + "secrets": { + "IDP_KEY": "nodejs-docs-samples-tests/nodejs-docs-samples-idp-key", + "DB_PASSWORD": "nodejs-docs-samples-tests/nodejs-docs-samples-sql-password" } +} From 1a96dace5798a79cd9dd01e7ccc811c532483b96 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Tue, 25 Feb 2025 15:21:51 +1100 Subject: [PATCH 08/13] correct exit code on retry --- run/idp-sql/test/retry.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run/idp-sql/test/retry.sh b/run/idp-sql/test/retry.sh index 78385733f0..0f36c2075a 100755 --- a/run/idp-sql/test/retry.sh +++ b/run/idp-sql/test/retry.sh @@ -59,7 +59,7 @@ do if ((attempt_num==max_attempts)) then echo "Attempt $attempt_num / $max_attempts failed! No more retries left!" - exit + exit 1 else echo "Attempt $attempt_num / $max_attempts failed!" sleep $((attempt_num++)) From b21482e58e5910526f8931e22b110f224576c51c Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Wed, 26 Feb 2025 09:56:03 +1100 Subject: [PATCH 09/13] dynamic service name --- run/idp-sql/ci-setup.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run/idp-sql/ci-setup.json b/run/idp-sql/ci-setup.json index 7d2895a165..baa28fc736 100644 --- a/run/idp-sql/ci-setup.json +++ b/run/idp-sql/ci-setup.json @@ -1,6 +1,6 @@ { "env": { - "SERVICE_NAME": "idp-sql-ci", + "SERVICE_NAME": "idp-sql-${RUN_ID}", "CLOUD_SQL_CONNECTION_NAME": "nodejs-docs-samples-tests:us-central1:postgres-ci", "DB_NAME": "kokoro_ci", "DB_USER": "kokoro_ci" From dad045b4f12212d0df0b1c7489402e22604f0ad5 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Wed, 26 Feb 2025 09:56:24 +1100 Subject: [PATCH 10/13] wip: pass service account as env, to test --- .github/workflows/ci-prod.yaml | 3 ++- run/idp-sql/test/e2e_test_cleanup.yaml | 3 +++ run/idp-sql/test/e2e_test_setup.yaml | 4 ++++ run/idp-sql/test/system.test.js | 3 +++ 4 files changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-prod.yaml b/.github/workflows/ci-prod.yaml index 77208eeff4..9e1e95c6a5 100644 --- a/.github/workflows/ci-prod.yaml +++ b/.github/workflows/ci-prod.yaml @@ -85,6 +85,7 @@ jobs: path: ${{ fromJson(github.event_name == 'pull_request' && needs.affected.outputs.nodejs-paths || '[]') }} env: GOOGLE_SAMPLES_PROJECT: long-door-651 + GOOGLE_SERVICE_ACCOUNT: kokoro-system-test@long-door-651.iam.gserviceaccount.com CI_SETUP: ${{ toJson(fromJson(needs.affected.outputs.nodejs-setups)[matrix.path])}} steps: - name: CI Setup @@ -99,7 +100,7 @@ jobs: with: project_id: ${{ env.GOOGLE_SAMPLES_PROJECT }} workload_identity_provider: projects/1046198160504/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider - service_account: kokoro-system-test@long-door-651.iam.gserviceaccount.com + service_account: ${{ env.GOOGLE_SERVICE_ACCOUNT }} access_token_lifetime: 600s # 10 minutes - name: Export environment variables uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 diff --git a/run/idp-sql/test/e2e_test_cleanup.yaml b/run/idp-sql/test/e2e_test_cleanup.yaml index 7521b55ee7..adf0c2482f 100644 --- a/run/idp-sql/test/e2e_test_cleanup.yaml +++ b/run/idp-sql/test/e2e_test_cleanup.yaml @@ -20,3 +20,6 @@ substitutions: _VERSION: manual _REGION: us-central1 _PLATFORM: managed + _SERVICE_ACCOUNT: ${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com + +serviceAccount: 'projects/${PROJECT_ID}/serviceAccounts/${_SERVICE_ACCOUNT}' diff --git a/run/idp-sql/test/e2e_test_setup.yaml b/run/idp-sql/test/e2e_test_setup.yaml index 3053d19812..f1dc964eb6 100644 --- a/run/idp-sql/test/e2e_test_setup.yaml +++ b/run/idp-sql/test/e2e_test_setup.yaml @@ -57,3 +57,7 @@ substitutions: _DB_NAME: postgres _DB_USER: postgres _DB_PASSWORD: password1234 + _SERVICE_ACCOUNT: ${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com + +serviceAccount: 'projects/${PROJECT_ID}/serviceAccounts/${_SERVICE_ACCOUNT}' + diff --git a/run/idp-sql/test/system.test.js b/run/idp-sql/test/system.test.js index 343718467c..664baab4e0 100644 --- a/run/idp-sql/test/system.test.js +++ b/run/idp-sql/test/system.test.js @@ -32,6 +32,8 @@ describe('System Tests', () => { console.log('"SERVICE_NAME" env var not found. Defaulting to "idp-sql"'); SERVICE_NAME = 'idp-sql'; } + + const {GOOGLE_SERVICE_ACCOUNT} = process.env; const {SAMPLE_VERSION} = process.env; const PLATFORM = 'managed'; const REGION = 'us-central1'; @@ -60,6 +62,7 @@ describe('System Tests', () => { '--config ./test/e2e_test_setup.yaml ' + `--substitutions _SERVICE=${SERVICE_NAME},_PLATFORM=${PLATFORM},_REGION=${REGION}` + `,_DB_PASSWORD=${DB_PASSWORD},_CLOUD_SQL_CONNECTION_NAME=${CLOUD_SQL_CONNECTION_NAME}`; + if (GOOGLE_SERVICE_ACCOUNT) buildCmd += `,_SERVICE_ACCOUNT=${GOOGLE_SERVICE_ACCOUNT}`; if (SAMPLE_VERSION) buildCmd += `,_VERSION=${SAMPLE_VERSION}`; console.log('Starting Cloud Build...'); From bc3e82ede941311c394d2e6e3fee7948adde464e Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Wed, 26 Feb 2025 10:02:35 +1100 Subject: [PATCH 11/13] logging: CLOUD_LOGGING_ONLY --- run/idp-sql/test/e2e_test_cleanup.yaml | 1 + run/idp-sql/test/e2e_test_setup.yaml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/run/idp-sql/test/e2e_test_cleanup.yaml b/run/idp-sql/test/e2e_test_cleanup.yaml index adf0c2482f..b8955703b7 100644 --- a/run/idp-sql/test/e2e_test_cleanup.yaml +++ b/run/idp-sql/test/e2e_test_cleanup.yaml @@ -23,3 +23,4 @@ substitutions: _SERVICE_ACCOUNT: ${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com serviceAccount: 'projects/${PROJECT_ID}/serviceAccounts/${_SERVICE_ACCOUNT}' +logging: CLOUD_LOGGING_ONLY diff --git a/run/idp-sql/test/e2e_test_setup.yaml b/run/idp-sql/test/e2e_test_setup.yaml index f1dc964eb6..ce2ecbd0a2 100644 --- a/run/idp-sql/test/e2e_test_setup.yaml +++ b/run/idp-sql/test/e2e_test_setup.yaml @@ -60,4 +60,4 @@ substitutions: _SERVICE_ACCOUNT: ${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com serviceAccount: 'projects/${PROJECT_ID}/serviceAccounts/${_SERVICE_ACCOUNT}' - +logging: CLOUD_LOGGING_ONLY From 10e72a8ba30bfddb90ff3d654c8d32e8fcc4c11f Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Wed, 26 Feb 2025 12:12:56 +1100 Subject: [PATCH 12/13] correct YAML is useful --- run/idp-sql/test/e2e_test_cleanup.yaml | 3 ++- run/idp-sql/test/e2e_test_setup.yaml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/run/idp-sql/test/e2e_test_cleanup.yaml b/run/idp-sql/test/e2e_test_cleanup.yaml index b8955703b7..dffd8c2d3c 100644 --- a/run/idp-sql/test/e2e_test_cleanup.yaml +++ b/run/idp-sql/test/e2e_test_cleanup.yaml @@ -23,4 +23,5 @@ substitutions: _SERVICE_ACCOUNT: ${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com serviceAccount: 'projects/${PROJECT_ID}/serviceAccounts/${_SERVICE_ACCOUNT}' -logging: CLOUD_LOGGING_ONLY +options: + logging: CLOUD_LOGGING_ONLY diff --git a/run/idp-sql/test/e2e_test_setup.yaml b/run/idp-sql/test/e2e_test_setup.yaml index ce2ecbd0a2..e22b407841 100644 --- a/run/idp-sql/test/e2e_test_setup.yaml +++ b/run/idp-sql/test/e2e_test_setup.yaml @@ -60,4 +60,5 @@ substitutions: _SERVICE_ACCOUNT: ${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com serviceAccount: 'projects/${PROJECT_ID}/serviceAccounts/${_SERVICE_ACCOUNT}' -logging: CLOUD_LOGGING_ONLY +options: + logging: CLOUD_LOGGING_ONLY From e95da9d4d8a050bf03872f2ea422ac3d089d008c Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Wed, 26 Feb 2025 12:24:41 +1100 Subject: [PATCH 13/13] dynamicsubtitutions --- run/idp-sql/test/e2e_test_cleanup.yaml | 1 + run/idp-sql/test/e2e_test_setup.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/run/idp-sql/test/e2e_test_cleanup.yaml b/run/idp-sql/test/e2e_test_cleanup.yaml index dffd8c2d3c..41ede5730a 100644 --- a/run/idp-sql/test/e2e_test_cleanup.yaml +++ b/run/idp-sql/test/e2e_test_cleanup.yaml @@ -25,3 +25,4 @@ substitutions: serviceAccount: 'projects/${PROJECT_ID}/serviceAccounts/${_SERVICE_ACCOUNT}' options: logging: CLOUD_LOGGING_ONLY + dynamicSubstitutions: true diff --git a/run/idp-sql/test/e2e_test_setup.yaml b/run/idp-sql/test/e2e_test_setup.yaml index e22b407841..dc1c319bfc 100644 --- a/run/idp-sql/test/e2e_test_setup.yaml +++ b/run/idp-sql/test/e2e_test_setup.yaml @@ -62,3 +62,4 @@ substitutions: serviceAccount: 'projects/${PROJECT_ID}/serviceAccounts/${_SERVICE_ACCOUNT}' options: logging: CLOUD_LOGGING_ONLY + dynamicSubstitutions: true