From d12f69f7a2aed8d2653a9f1d2379454ac25cd881 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 10:48:08 +1100 Subject: [PATCH 01/37] Add service account as a default envvar --- .github/scripts/setup-vars.js | 1 + .github/workflows/ci-prod.yaml | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/scripts/setup-vars.js b/.github/scripts/setup-vars.js index c78c2f2f63..f27058b663 100644 --- a/.github/scripts/setup-vars.js +++ b/.github/scripts/setup-vars.js @@ -19,6 +19,7 @@ export default function setupVars({projectId, core, setup}, runId = null) { const vars = { PROJECT_ID: projectId, RUN_ID: runId || uniqueId(), + SERVICE_ACCOUNT: process.env.GOOGLE_SERVICE_ACCOUNT, ...(setup.env || {}), }; diff --git a/.github/workflows/ci-prod.yaml b/.github/workflows/ci-prod.yaml index 77208eeff4..d49e4b8ab6 100644 --- a/.github/workflows/ci-prod.yaml +++ b/.github/workflows/ci-prod.yaml @@ -85,6 +85,7 @@ jobs: path: ${{ fromJson(github.event_name == 'pull_request' && needs.affected.outputs.nodejs-paths || '[]') }} env: GOOGLE_SAMPLES_PROJECT: long-door-651 + GOOGLE_SERVICE_ACCOUNT: kokoro-system-test@long-door-651.iam.gserviceaccount.com CI_SETUP: ${{ toJson(fromJson(needs.affected.outputs.nodejs-setups)[matrix.path])}} steps: - name: CI Setup @@ -99,8 +100,9 @@ jobs: with: project_id: ${{ env.GOOGLE_SAMPLES_PROJECT }} workload_identity_provider: projects/1046198160504/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider - service_account: kokoro-system-test@long-door-651.iam.gserviceaccount.com + service_account: ${{ env.GOOGLE_SERVICE_ACCOUNT }} access_token_lifetime: 600s # 10 minutes + token_format: 'access_token' - name: Export environment variables uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 id: vars From d7d5d6c5de5a4fdb57f96e54a9a06763c109d242 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 10:58:17 +1100 Subject: [PATCH 02/37] add access token as secert value --- .github/scripts/setup-vars.js | 8 +++++++- .github/workflows/ci-prod.yaml | 4 +++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/scripts/setup-vars.js b/.github/scripts/setup-vars.js index f27058b663..eddb4243af 100644 --- a/.github/scripts/setup-vars.js +++ b/.github/scripts/setup-vars.js @@ -14,7 +14,7 @@ limitations under the License. */ -export default function setupVars({projectId, core, setup}, runId = null) { +export default function setupVars({projectId, core, setup, accessToken}, runId = null) { // Define automatic variables plus custom variables. const vars = { PROJECT_ID: projectId, @@ -36,6 +36,12 @@ export default function setupVars({projectId, core, setup}, runId = null) { core.exportVariable(key, value); } + // Set global secret for the Service Account access token + // Use in place of 'gcloud auth print-identity-token' + // usage: curl -H 'Bearer: $ACCESS_TOKEN' https:// + core.setSecret("ACCESS_TOKEN") + core.exportVariable('ACCESS_TOKEN', accessToken) + // Show exported secrets, for logging purposes. // TODO: We might want to fetch the secrets here and export them directly. // https://cloud.google.com/secret-manager/docs/create-secret-quickstart#secretmanager-quickstart-nodejs diff --git a/.github/workflows/ci-prod.yaml b/.github/workflows/ci-prod.yaml index d49e4b8ab6..b202325f3d 100644 --- a/.github/workflows/ci-prod.yaml +++ b/.github/workflows/ci-prod.yaml @@ -97,6 +97,7 @@ jobs: with: node-version: ${{ fromJson(env.CI_SETUP).node-version }} - uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2 + id: auth with: project_id: ${{ env.GOOGLE_SAMPLES_PROJECT }} workload_identity_provider: projects/1046198160504/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider @@ -111,7 +112,8 @@ jobs: const { default: setupVars } = await import('${{ github.workspace }}/.github/scripts/setup-vars.js') const projectId = '${{ env.GOOGLE_SAMPLES_PROJECT }}'; const setup = JSON.parse(process.env.CI_SETUP); - return await setupVars({projectId, core, setup}) + const accessToken = '${{ steps.auth.outputs.access_token }}' + return await setupVars({projectId, core, setup, accessToken}) - uses: google-github-actions/get-secretmanager-secrets@e5bb06c2ca53b244f978d33348d18317a7f263ce # v2 if: ${{ fromJson(steps.vars.outputs.result).secrets }} with: From 57ddd7f40eca494626fd65a9fc3138027f4200fd Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 11:00:42 +1100 Subject: [PATCH 03/37] test availability of new envvars --- eventarc/audit-storage/test/runner.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/eventarc/audit-storage/test/runner.sh b/eventarc/audit-storage/test/runner.sh index 9726e03eb8..79dc82f09c 100755 --- a/eventarc/audit-storage/test/runner.sh +++ b/eventarc/audit-storage/test/runner.sh @@ -20,6 +20,7 @@ requireEnv() { test "${!1}" || (echo "Environment Variable '$1' not found" && exit 1) } requireEnv SERVICE_NAME +requireEnv ACCESS_TOKEN echo '---' test/deploy.sh @@ -40,7 +41,8 @@ function cleanup { trap cleanup EXIT # TODO: Perform authentication inside the test. -export ID_TOKEN=$(gcloud auth print-identity-token) +export ID_TOKEN=$ACCESS_TOKEN # from default secrets +echo $SERVICE_ACCOUNT # for validation TODO(glasnt) remove debugging export BASE_URL=$(test/url.sh) test -z "$BASE_URL" && echo "BASE_URL value is empty" && exit 1 From 0db05adae32afaf05f9f4e92d8b936d1a09dbfca Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 11:06:38 +1100 Subject: [PATCH 04/37] process.env lol --- .github/scripts/setup-vars.js | 4 ++-- .github/workflows/ci-prod.yaml | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/scripts/setup-vars.js b/.github/scripts/setup-vars.js index eddb4243af..7842fa4cd2 100644 --- a/.github/scripts/setup-vars.js +++ b/.github/scripts/setup-vars.js @@ -14,12 +14,12 @@ limitations under the License. */ -export default function setupVars({projectId, core, setup, accessToken}, runId = null) { +export default function setupVars({projectId, core, setup, serviceAccount, accessToken}, runId = null) { // Define automatic variables plus custom variables. const vars = { PROJECT_ID: projectId, RUN_ID: runId || uniqueId(), - SERVICE_ACCOUNT: process.env.GOOGLE_SERVICE_ACCOUNT, + SERVICE_ACCOUNT: serviceAccount, ...(setup.env || {}), }; diff --git a/.github/workflows/ci-prod.yaml b/.github/workflows/ci-prod.yaml index b202325f3d..786f61a43f 100644 --- a/.github/workflows/ci-prod.yaml +++ b/.github/workflows/ci-prod.yaml @@ -112,8 +112,9 @@ jobs: const { default: setupVars } = await import('${{ github.workspace }}/.github/scripts/setup-vars.js') const projectId = '${{ env.GOOGLE_SAMPLES_PROJECT }}'; const setup = JSON.parse(process.env.CI_SETUP); + const serviceAccount = process.env.GOOGLE_SERVICE_ACCOUNT; const accessToken = '${{ steps.auth.outputs.access_token }}' - return await setupVars({projectId, core, setup, accessToken}) + return await setupVars({projectId, core, setup, serviceAccount, accessToken}) - uses: google-github-actions/get-secretmanager-secrets@e5bb06c2ca53b244f978d33348d18317a7f263ce # v2 if: ${{ fromJson(steps.vars.outputs.result).secrets }} with: From 279448d3889dae776c60928512e382f55fcaba70 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 11:09:20 +1100 Subject: [PATCH 05/37] envvars gonna envvar --- .github/workflows/ci-prod.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-prod.yaml b/.github/workflows/ci-prod.yaml index 786f61a43f..3f786ed172 100644 --- a/.github/workflows/ci-prod.yaml +++ b/.github/workflows/ci-prod.yaml @@ -112,7 +112,7 @@ jobs: const { default: setupVars } = await import('${{ github.workspace }}/.github/scripts/setup-vars.js') const projectId = '${{ env.GOOGLE_SAMPLES_PROJECT }}'; const setup = JSON.parse(process.env.CI_SETUP); - const serviceAccount = process.env.GOOGLE_SERVICE_ACCOUNT; + const serviceAccount = '${{ env.GOOGLE_SERVICE_ACCOUNT }}'; const accessToken = '${{ steps.auth.outputs.access_token }}' return await setupVars({projectId, core, setup, serviceAccount, accessToken}) - uses: google-github-actions/get-secretmanager-secrets@e5bb06c2ca53b244f978d33348d18317a7f263ce # v2 From 14b0dc5638aacdbd32b260fd972b96ccf93f24ba Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 11:23:01 +1100 Subject: [PATCH 06/37] update ci-dev.yaml --- .github/workflows/ci-dev.yaml | 11 ++++++++--- .github/workflows/ci-prod.yaml | 4 ++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci-dev.yaml b/.github/workflows/ci-dev.yaml index 322467fe5b..8091791a22 100644 --- a/.github/workflows/ci-dev.yaml +++ b/.github/workflows/ci-dev.yaml @@ -73,6 +73,7 @@ jobs: path: ${{ fromJson(github.event_name == 'pull_request' && needs.affected.outputs.nodejs-paths || '[]') }} env: GOOGLE_SAMPLES_PROJECT: long-door-651 + GOOGLE_SERVICE_ACCOUNT: kokoro-system-test@long-door-651.iam.gserviceaccount.com CI_SETUP: ${{ toJson(fromJson(needs.affected.outputs.nodejs-setups)[matrix.path])}} steps: - name: CI Setup @@ -84,20 +85,24 @@ jobs: with: node-version: ${{ fromJson(env.CI_SETUP).node-version }} - uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2 + id: auth with: project_id: ${{ env.GOOGLE_SAMPLES_PROJECT }} workload_identity_provider: projects/1046198160504/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider - service_account: kokoro-system-test@long-door-651.iam.gserviceaccount.com + service_account: ${{ env.GOOGLE_SERVICE_ACCOUNT }} access_token_lifetime: 600s # 10 minutes + token_format: 'access_token' - name: Export environment variables uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 id: vars with: script: | - const { default: setupVars } = await import('${{ github.workspace }}/.github/scripts/setup-vars.js') + const { default: setupVars } = await import('${{ github.workspace }}/.github/scripts/setup-vars.js'); const projectId = '${{ env.GOOGLE_SAMPLES_PROJECT }}'; const setup = JSON.parse(process.env.CI_SETUP); - return await setupVars({projectId, core, setup}) + const serviceAccount = '${{ env.GOOGLE_SERVICE_ACCOUNT }}'; + const accessToken = '${{ steps.auth.outputs.access_token }}'; + return await setupVars({projectId, core, setup, serviceAccount, accessToken}) - uses: google-github-actions/get-secretmanager-secrets@e5bb06c2ca53b244f978d33348d18317a7f263ce # v2 if: ${{ fromJson(steps.vars.outputs.result).secrets }} with: diff --git a/.github/workflows/ci-prod.yaml b/.github/workflows/ci-prod.yaml index 3f786ed172..72cc1b7d30 100644 --- a/.github/workflows/ci-prod.yaml +++ b/.github/workflows/ci-prod.yaml @@ -109,11 +109,11 @@ jobs: id: vars with: script: | - const { default: setupVars } = await import('${{ github.workspace }}/.github/scripts/setup-vars.js') + const { default: setupVars } = await import('${{ github.workspace }}/.github/scripts/setup-vars.js'); const projectId = '${{ env.GOOGLE_SAMPLES_PROJECT }}'; const setup = JSON.parse(process.env.CI_SETUP); const serviceAccount = '${{ env.GOOGLE_SERVICE_ACCOUNT }}'; - const accessToken = '${{ steps.auth.outputs.access_token }}' + const accessToken = '${{ steps.auth.outputs.access_token }}'; return await setupVars({projectId, core, setup, serviceAccount, accessToken}) - uses: google-github-actions/get-secretmanager-secrets@e5bb06c2ca53b244f978d33348d18317a7f263ce # v2 if: ${{ fromJson(steps.vars.outputs.result).secrets }} From cc00d3100ccd3ded060320a6d75119bbb8dbe12b Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 11:28:43 +1100 Subject: [PATCH 07/37] add logging for secret --- .github/scripts/setup-vars.js | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/scripts/setup-vars.js b/.github/scripts/setup-vars.js index 7842fa4cd2..d0ac10379d 100644 --- a/.github/scripts/setup-vars.js +++ b/.github/scripts/setup-vars.js @@ -36,12 +36,6 @@ export default function setupVars({projectId, core, setup, serviceAccount, acces core.exportVariable(key, value); } - // Set global secret for the Service Account access token - // Use in place of 'gcloud auth print-identity-token' - // usage: curl -H 'Bearer: $ACCESS_TOKEN' https:// - core.setSecret("ACCESS_TOKEN") - core.exportVariable('ACCESS_TOKEN', accessToken) - // Show exported secrets, for logging purposes. // TODO: We might want to fetch the secrets here and export them directly. // https://cloud.google.com/secret-manager/docs/create-secret-quickstart#secretmanager-quickstart-nodejs @@ -52,6 +46,14 @@ export default function setupVars({projectId, core, setup, serviceAccount, acces console.log(` ${key}: ${setup.secrets[key]}`); } + // Set global secret for the Service Account access token + // Use in place of 'gcloud auth print-identity-token' + // usage: curl -H 'Bearer: $ACCESS_TOKEN' https:// + core.setSecret("ACCESS_TOKEN") + core.exportVariable('ACCESS_TOKEN', accessToken) + // For logging, show the source of the ACCESS_TOKEN + console.log(` ACCESS_TOKEN: steps.auth.outputs.access_token (from GitHub Action)`) + // Return env and secrets to use for further steps. return { env: env, From b6575f4873697c40ee2ff8c1c4f84bf861bc0035 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 11:34:36 +1100 Subject: [PATCH 08/37] revert audit-storage changes --- eventarc/audit-storage/test/runner.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/eventarc/audit-storage/test/runner.sh b/eventarc/audit-storage/test/runner.sh index 79dc82f09c..9726e03eb8 100755 --- a/eventarc/audit-storage/test/runner.sh +++ b/eventarc/audit-storage/test/runner.sh @@ -20,7 +20,6 @@ requireEnv() { test "${!1}" || (echo "Environment Variable '$1' not found" && exit 1) } requireEnv SERVICE_NAME -requireEnv ACCESS_TOKEN echo '---' test/deploy.sh @@ -41,8 +40,7 @@ function cleanup { trap cleanup EXIT # TODO: Perform authentication inside the test. -export ID_TOKEN=$ACCESS_TOKEN # from default secrets -echo $SERVICE_ACCOUNT # for validation TODO(glasnt) remove debugging +export ID_TOKEN=$(gcloud auth print-identity-token) export BASE_URL=$(test/url.sh) test -z "$BASE_URL" && echo "BASE_URL value is empty" && exit 1 From 816124fe6dd48d1ab6e861015537dac2cf9d3b27 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 11:34:52 +1100 Subject: [PATCH 09/37] add example usage of ACCESS_TOKEN, SERVICE_ACCOUNT --- .github/config/nodejs-prod.jsonc | 1 - eventarc/pubsub/ci-setup.json | 6 ++++++ eventarc/pubsub/test/runner.sh | 4 +++- 3 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 eventarc/pubsub/ci-setup.json diff --git a/.github/config/nodejs-prod.jsonc b/.github/config/nodejs-prod.jsonc index 85d160e052..d0acc23817 100644 --- a/.github/config/nodejs-prod.jsonc +++ b/.github/config/nodejs-prod.jsonc @@ -83,7 +83,6 @@ "dlp", // [ERR_REQUIRE_ESM]: require() of ES Module "document-ai", // [ERR_REQUIRE_ESM]: require() of ES Module "eventarc/audit-storage", // (untested) Environment Variable 'SERVICE_NAME' not found - "eventarc/pubsub", // (untested) Environment Variable 'SERVICE_NAME' not found "functions/billing", // Error: Request failed with status code 500 "functions/http/uploadFile", // npm error Missing script: "test" "functions/imagemagick", // Error: A bucket name is needed to use Cloud Storage diff --git a/eventarc/pubsub/ci-setup.json b/eventarc/pubsub/ci-setup.json new file mode 100644 index 0000000000..2c28283718 --- /dev/null +++ b/eventarc/pubsub/ci-setup.json @@ -0,0 +1,6 @@ +{ + "env": { + "SERVICE_NAME": "eventarc-pubsub-$RUN_ID", + "CONTAINER_IMAGE": "gcr.io/$PROJECT_ID/eventarc-pubsub:${RUN_ID}" + } +} diff --git a/eventarc/pubsub/test/runner.sh b/eventarc/pubsub/test/runner.sh index 9726e03eb8..a80652abe2 100755 --- a/eventarc/pubsub/test/runner.sh +++ b/eventarc/pubsub/test/runner.sh @@ -20,6 +20,7 @@ requireEnv() { test "${!1}" || (echo "Environment Variable '$1' not found" && exit 1) } requireEnv SERVICE_NAME +requireEnv ACCESS_TOKEN echo '---' test/deploy.sh @@ -40,7 +41,8 @@ function cleanup { trap cleanup EXIT # TODO: Perform authentication inside the test. -export ID_TOKEN=$(gcloud auth print-identity-token) +export ID_TOKEN=$ACCESS_TOKEN # from envvar +echo "Service account: $SERVICE_ACCOUNT" # debugging export BASE_URL=$(test/url.sh) test -z "$BASE_URL" && echo "BASE_URL value is empty" && exit 1 From 8d75983ccf1df9bab77a9101ed2763fcbe995fd0 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 11:45:46 +1100 Subject: [PATCH 10/37] revert testing sample --- .github/config/nodejs-prod.jsonc | 1 + eventarc/pubsub/ci-setup.json | 6 ------ eventarc/pubsub/test/runner.sh | 4 +--- 3 files changed, 2 insertions(+), 9 deletions(-) delete mode 100644 eventarc/pubsub/ci-setup.json diff --git a/.github/config/nodejs-prod.jsonc b/.github/config/nodejs-prod.jsonc index d0acc23817..85d160e052 100644 --- a/.github/config/nodejs-prod.jsonc +++ b/.github/config/nodejs-prod.jsonc @@ -83,6 +83,7 @@ "dlp", // [ERR_REQUIRE_ESM]: require() of ES Module "document-ai", // [ERR_REQUIRE_ESM]: require() of ES Module "eventarc/audit-storage", // (untested) Environment Variable 'SERVICE_NAME' not found + "eventarc/pubsub", // (untested) Environment Variable 'SERVICE_NAME' not found "functions/billing", // Error: Request failed with status code 500 "functions/http/uploadFile", // npm error Missing script: "test" "functions/imagemagick", // Error: A bucket name is needed to use Cloud Storage diff --git a/eventarc/pubsub/ci-setup.json b/eventarc/pubsub/ci-setup.json deleted file mode 100644 index 2c28283718..0000000000 --- a/eventarc/pubsub/ci-setup.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "env": { - "SERVICE_NAME": "eventarc-pubsub-$RUN_ID", - "CONTAINER_IMAGE": "gcr.io/$PROJECT_ID/eventarc-pubsub:${RUN_ID}" - } -} diff --git a/eventarc/pubsub/test/runner.sh b/eventarc/pubsub/test/runner.sh index a80652abe2..9726e03eb8 100755 --- a/eventarc/pubsub/test/runner.sh +++ b/eventarc/pubsub/test/runner.sh @@ -20,7 +20,6 @@ requireEnv() { test "${!1}" || (echo "Environment Variable '$1' not found" && exit 1) } requireEnv SERVICE_NAME -requireEnv ACCESS_TOKEN echo '---' test/deploy.sh @@ -41,8 +40,7 @@ function cleanup { trap cleanup EXIT # TODO: Perform authentication inside the test. -export ID_TOKEN=$ACCESS_TOKEN # from envvar -echo "Service account: $SERVICE_ACCOUNT" # debugging +export ID_TOKEN=$(gcloud auth print-identity-token) export BASE_URL=$(test/url.sh) test -z "$BASE_URL" && echo "BASE_URL value is empty" && exit 1 From 775a9f222971b637e154502d4b09ffa7a2a78cad Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 11:58:22 +1100 Subject: [PATCH 11/37] make use of access token in a test --- .github/scripts/setup-vars.js | 2 +- run/helloworld/package.json | 4 +++- run/helloworld/test/system.test.js | 10 +++++++--- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/scripts/setup-vars.js b/.github/scripts/setup-vars.js index d0ac10379d..01f0a45bb3 100644 --- a/.github/scripts/setup-vars.js +++ b/.github/scripts/setup-vars.js @@ -47,7 +47,7 @@ export default function setupVars({projectId, core, setup, serviceAccount, acces } // Set global secret for the Service Account access token - // Use in place of 'gcloud auth print-identity-token' + // Use in place of 'gcloud auth print-access-token' // usage: curl -H 'Bearer: $ACCESS_TOKEN' https:// core.setSecret("ACCESS_TOKEN") core.exportVariable('ACCESS_TOKEN', accessToken) diff --git a/run/helloworld/package.json b/run/helloworld/package.json index c380d70ab2..62cccf4d37 100644 --- a/run/helloworld/package.json +++ b/run/helloworld/package.json @@ -6,7 +6,9 @@ "main": "index.js", "scripts": { "start": "node index.js", - "test": "c8 mocha -p -j 2 test/index.test.js --exit", + "test": "npm -- run all-test", + "all-test": "npm run unit-test && npm run system-test", + "unit-test": "c8 mocha -p -j 2 test/index.test.js --exit", "system-test": "NAME=Cloud c8 mocha -p -j 2 test/system.test.js --timeout=180000" }, "type": "module", diff --git a/run/helloworld/test/system.test.js b/run/helloworld/test/system.test.js index 3980f27031..d6f641926c 100644 --- a/run/helloworld/test/system.test.js +++ b/run/helloworld/test/system.test.js @@ -50,6 +50,10 @@ describe('End-to-End Tests', () => { console.log(`"NAME" env var not found. Defaulting to "${NAME}"`); } const {SAMPLE_VERSION} = process.env; + let {ACCESS_TOKEN} = process.env; + if (!ACCESS_TOKEN) { + throw Error('"ACCESS_TOKEN" env var not found.'); + } const PLATFORM = 'managed'; const REGION = 'us-central1'; before(async () => { @@ -75,9 +79,9 @@ describe('End-to-End Tests', () => { if (!BASE_URL) throw Error('Cloud Run service URL not found'); // Retrieve ID token for testing - const client = await auth.getIdTokenClient(BASE_URL); - const clientHeaders = await client.getRequestHeaders(); - ID_TOKEN = clientHeaders['Authorization'].trim(); + //const client = await auth.getIdTokenClient(BASE_URL); + //const clientHeaders = await client.getRequestHeaders(); + ID_TOKEN = ACCESS_TOKEN if (!ID_TOKEN) throw Error('Unable to acquire an ID token.'); }); From a8a54a40df2f1ca7491ee923487c1f80bf3ba48c Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 11:59:14 +1100 Subject: [PATCH 12/37] doc: update usage --- .github/scripts/setup-vars.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/setup-vars.js b/.github/scripts/setup-vars.js index 01f0a45bb3..8d5ee68a8f 100644 --- a/.github/scripts/setup-vars.js +++ b/.github/scripts/setup-vars.js @@ -47,7 +47,7 @@ export default function setupVars({projectId, core, setup, serviceAccount, acces } // Set global secret for the Service Account access token - // Use in place of 'gcloud auth print-access-token' + // Use in place of 'gcloud auth print-access-token' or auth.getIdTokenClient // usage: curl -H 'Bearer: $ACCESS_TOKEN' https:// core.setSecret("ACCESS_TOKEN") core.exportVariable('ACCESS_TOKEN', accessToken) From 33d3a1a79e4f93e93f7c334cc3860b2ca9fd507f Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 12:10:19 +1100 Subject: [PATCH 13/37] use service account --- run/helloworld/test/e2e_test_cleanup.yaml | 6 ++++++ run/helloworld/test/e2e_test_setup.yaml | 6 ++++++ run/helloworld/test/system.test.js | 2 ++ 3 files changed, 14 insertions(+) diff --git a/run/helloworld/test/e2e_test_cleanup.yaml b/run/helloworld/test/e2e_test_cleanup.yaml index a82fd25c06..47434239a9 100644 --- a/run/helloworld/test/e2e_test_cleanup.yaml +++ b/run/helloworld/test/e2e_test_cleanup.yaml @@ -17,3 +17,9 @@ substitutions: _VERSION: manual _REGION: us-central1 _PLATFORM: managed + _SERVICE_ACCOUNT: ${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com + +serviceAccount: 'projects/${PROJECT_ID}/serviceAccounts/${_SERVICE_ACCOUNT}' +options: + logging: CLOUD_LOGGING_ONLY + dynamicSubstitutions: true diff --git a/run/helloworld/test/e2e_test_setup.yaml b/run/helloworld/test/e2e_test_setup.yaml index b354bca091..7f58116cb7 100644 --- a/run/helloworld/test/e2e_test_setup.yaml +++ b/run/helloworld/test/e2e_test_setup.yaml @@ -39,3 +39,9 @@ substitutions: _REGION: us-central1 _PLATFORM: managed _NAME: Cloud + _SERVICE_ACCOUNT: ${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com + +serviceAccount: 'projects/${PROJECT_ID}/serviceAccounts/${_SERVICE_ACCOUNT}' +options: + logging: CLOUD_LOGGING_ONLY + dynamicSubstitutions: true diff --git a/run/helloworld/test/system.test.js b/run/helloworld/test/system.test.js index d6f641926c..529c146c69 100644 --- a/run/helloworld/test/system.test.js +++ b/run/helloworld/test/system.test.js @@ -64,6 +64,7 @@ describe('End-to-End Tests', () => { `--substitutions _SERVICE=${SERVICE_NAME},_PLATFORM=${PLATFORM},_REGION=${REGION}` + `,_NAME=${NAME}`; if (SAMPLE_VERSION) buildCmd += `,_VERSION=${SAMPLE_VERSION}`; + if (GOOGLE_SERVICE_ACCOUNT) buildCmd += `,_SERVICE_ACCOUNT=${GOOGLE_SERVICE_ACCOUNT}`; console.log('Starting Cloud Build...'); execSync(buildCmd, {timeout: 240000}); // timeout at 4 mins @@ -91,6 +92,7 @@ describe('End-to-End Tests', () => { '--config ./test/e2e_test_cleanup.yaml ' + `--substitutions _SERVICE=${SERVICE_NAME},_PLATFORM=${PLATFORM},_REGION=${REGION}`; if (SAMPLE_VERSION) cleanUpCmd += `,_VERSION=${SAMPLE_VERSION}`; + if (GOOGLE_SERVICE_ACCOUNT) buildCmd += `,_SERVICE_ACCOUNT=${GOOGLE_SERVICE_ACCOUNT}`; execSync(cleanUpCmd); }); From ab6973d6bcffc029842b65dfb6bf8bff3c294793 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 12:40:58 +1100 Subject: [PATCH 14/37] reference correct variable --- run/helloworld/test/system.test.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/run/helloworld/test/system.test.js b/run/helloworld/test/system.test.js index 529c146c69..4baa9faaa1 100644 --- a/run/helloworld/test/system.test.js +++ b/run/helloworld/test/system.test.js @@ -64,7 +64,7 @@ describe('End-to-End Tests', () => { `--substitutions _SERVICE=${SERVICE_NAME},_PLATFORM=${PLATFORM},_REGION=${REGION}` + `,_NAME=${NAME}`; if (SAMPLE_VERSION) buildCmd += `,_VERSION=${SAMPLE_VERSION}`; - if (GOOGLE_SERVICE_ACCOUNT) buildCmd += `,_SERVICE_ACCOUNT=${GOOGLE_SERVICE_ACCOUNT}`; + if (SERVICE_ACCOUNT) buildCmd += `,_SERVICE_ACCOUNT=${SERVICE_ACCOUNT}`; console.log('Starting Cloud Build...'); execSync(buildCmd, {timeout: 240000}); // timeout at 4 mins @@ -92,7 +92,7 @@ describe('End-to-End Tests', () => { '--config ./test/e2e_test_cleanup.yaml ' + `--substitutions _SERVICE=${SERVICE_NAME},_PLATFORM=${PLATFORM},_REGION=${REGION}`; if (SAMPLE_VERSION) cleanUpCmd += `,_VERSION=${SAMPLE_VERSION}`; - if (GOOGLE_SERVICE_ACCOUNT) buildCmd += `,_SERVICE_ACCOUNT=${GOOGLE_SERVICE_ACCOUNT}`; + if (SERVICE_ACCOUNT) buildCmd += `,_SERVICE_ACCOUNT=${SERVICE_ACCOUNT}`; execSync(cleanUpCmd); }); From d68a20e37672971c1399cc5dff239ea59fbcc238 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 13:07:04 +1100 Subject: [PATCH 15/37] update order, add service_name --- .github/scripts/setup-vars.js | 2 +- run/helloworld/ci-setup.json | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 run/helloworld/ci-setup.json diff --git a/.github/scripts/setup-vars.js b/.github/scripts/setup-vars.js index 8d5ee68a8f..809a16558f 100644 --- a/.github/scripts/setup-vars.js +++ b/.github/scripts/setup-vars.js @@ -49,8 +49,8 @@ export default function setupVars({projectId, core, setup, serviceAccount, acces // Set global secret for the Service Account access token // Use in place of 'gcloud auth print-access-token' or auth.getIdTokenClient // usage: curl -H 'Bearer: $ACCESS_TOKEN' https:// - core.setSecret("ACCESS_TOKEN") core.exportVariable('ACCESS_TOKEN', accessToken) + core.setSecret('ACCESS_TOKEN') // For logging, show the source of the ACCESS_TOKEN console.log(` ACCESS_TOKEN: steps.auth.outputs.access_token (from GitHub Action)`) diff --git a/run/helloworld/ci-setup.json b/run/helloworld/ci-setup.json new file mode 100644 index 0000000000..94233e215c --- /dev/null +++ b/run/helloworld/ci-setup.json @@ -0,0 +1,5 @@ +{ + "env": { + "SERVICE_NAME": "run-helloworld-$RUN_ID" + } +} From 5392f777a3e2e1f1baace02aba26009d5ff675e1 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 13:08:04 +1100 Subject: [PATCH 16/37] pull envvar --- run/helloworld/test/system.test.js | 1 + 1 file changed, 1 insertion(+) diff --git a/run/helloworld/test/system.test.js b/run/helloworld/test/system.test.js index 4baa9faaa1..b13ef6bff6 100644 --- a/run/helloworld/test/system.test.js +++ b/run/helloworld/test/system.test.js @@ -44,6 +44,7 @@ describe('End-to-End Tests', () => { `"SERVICE_NAME" env var not found. Defaulting to "${SERVICE_NAME}"` ); } + let {SERVICE_ACCOUNT} = process.env; let {NAME} = process.env; if (!NAME) { NAME = 'Cloud'; From 2b98c7b6d95e0670a1a7e044849740d3249eb0a8 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 14:45:14 +1100 Subject: [PATCH 17/37] debug: try using id_token --- .github/scripts/setup-vars.js | 8 ++++---- .github/workflows/ci-dev.yaml | 6 ++++-- .github/workflows/ci-prod.yaml | 6 ++++-- run/helloworld/test/system.test.js | 9 ++++----- 4 files changed, 16 insertions(+), 13 deletions(-) diff --git a/.github/scripts/setup-vars.js b/.github/scripts/setup-vars.js index 809a16558f..f5e1602835 100644 --- a/.github/scripts/setup-vars.js +++ b/.github/scripts/setup-vars.js @@ -14,7 +14,7 @@ limitations under the License. */ -export default function setupVars({projectId, core, setup, serviceAccount, accessToken}, runId = null) { +export default function setupVars({projectId, core, setup, serviceAccount, idToken}, runId = null) { // Define automatic variables plus custom variables. const vars = { PROJECT_ID: projectId, @@ -49,10 +49,10 @@ export default function setupVars({projectId, core, setup, serviceAccount, acces // Set global secret for the Service Account access token // Use in place of 'gcloud auth print-access-token' or auth.getIdTokenClient // usage: curl -H 'Bearer: $ACCESS_TOKEN' https:// - core.exportVariable('ACCESS_TOKEN', accessToken) - core.setSecret('ACCESS_TOKEN') + core.exportVariable('ID_TOKEN', idToken) + core.setSecret('ID_TOKEN') // For logging, show the source of the ACCESS_TOKEN - console.log(` ACCESS_TOKEN: steps.auth.outputs.access_token (from GitHub Action)`) + console.log(` ID_TOKEN: steps.auth.outputs.access_token (from GitHub Action)`) // Return env and secrets to use for further steps. return { diff --git a/.github/workflows/ci-dev.yaml b/.github/workflows/ci-dev.yaml index 8091791a22..1ad4b3bc97 100644 --- a/.github/workflows/ci-dev.yaml +++ b/.github/workflows/ci-dev.yaml @@ -91,7 +91,9 @@ jobs: workload_identity_provider: projects/1046198160504/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider service_account: ${{ env.GOOGLE_SERVICE_ACCOUNT }} access_token_lifetime: 600s # 10 minutes - token_format: 'access_token' + token_format: 'id_token' + id_token_audience: 'https://run.googleapis.com' + id_token_include_email: true - name: Export environment variables uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 id: vars @@ -101,7 +103,7 @@ jobs: const projectId = '${{ env.GOOGLE_SAMPLES_PROJECT }}'; const setup = JSON.parse(process.env.CI_SETUP); const serviceAccount = '${{ env.GOOGLE_SERVICE_ACCOUNT }}'; - const accessToken = '${{ steps.auth.outputs.access_token }}'; + const idToken = '${{ steps.auth.outputs.id_token }}'; return await setupVars({projectId, core, setup, serviceAccount, accessToken}) - uses: google-github-actions/get-secretmanager-secrets@e5bb06c2ca53b244f978d33348d18317a7f263ce # v2 if: ${{ fromJson(steps.vars.outputs.result).secrets }} diff --git a/.github/workflows/ci-prod.yaml b/.github/workflows/ci-prod.yaml index 72cc1b7d30..a4b7ea4f7d 100644 --- a/.github/workflows/ci-prod.yaml +++ b/.github/workflows/ci-prod.yaml @@ -103,7 +103,9 @@ jobs: workload_identity_provider: projects/1046198160504/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider service_account: ${{ env.GOOGLE_SERVICE_ACCOUNT }} access_token_lifetime: 600s # 10 minutes - token_format: 'access_token' + token_format: 'id_token' + id_token_audience: 'https://run.googleapis.com' + id_token_include_email: true - name: Export environment variables uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 id: vars @@ -113,7 +115,7 @@ jobs: const projectId = '${{ env.GOOGLE_SAMPLES_PROJECT }}'; const setup = JSON.parse(process.env.CI_SETUP); const serviceAccount = '${{ env.GOOGLE_SERVICE_ACCOUNT }}'; - const accessToken = '${{ steps.auth.outputs.access_token }}'; + const idToken = '${{ steps.auth.outputs.id_token }}'; return await setupVars({projectId, core, setup, serviceAccount, accessToken}) - uses: google-github-actions/get-secretmanager-secrets@e5bb06c2ca53b244f978d33348d18317a7f263ce # v2 if: ${{ fromJson(steps.vars.outputs.result).secrets }} diff --git a/run/helloworld/test/system.test.js b/run/helloworld/test/system.test.js index b13ef6bff6..a403725ffb 100644 --- a/run/helloworld/test/system.test.js +++ b/run/helloworld/test/system.test.js @@ -51,9 +51,9 @@ describe('End-to-End Tests', () => { console.log(`"NAME" env var not found. Defaulting to "${NAME}"`); } const {SAMPLE_VERSION} = process.env; - let {ACCESS_TOKEN} = process.env; - if (!ACCESS_TOKEN) { - throw Error('"ACCESS_TOKEN" env var not found.'); + let {ID_TOKEN} = process.env; + if (!ID_TOKEN) { + throw Error('"ID_TOKEN" env var not found.'); } const PLATFORM = 'managed'; const REGION = 'us-central1'; @@ -83,7 +83,6 @@ describe('End-to-End Tests', () => { // Retrieve ID token for testing //const client = await auth.getIdTokenClient(BASE_URL); //const clientHeaders = await client.getRequestHeaders(); - ID_TOKEN = ACCESS_TOKEN if (!ID_TOKEN) throw Error('Unable to acquire an ID token.'); }); @@ -93,7 +92,7 @@ describe('End-to-End Tests', () => { '--config ./test/e2e_test_cleanup.yaml ' + `--substitutions _SERVICE=${SERVICE_NAME},_PLATFORM=${PLATFORM},_REGION=${REGION}`; if (SAMPLE_VERSION) cleanUpCmd += `,_VERSION=${SAMPLE_VERSION}`; - if (SERVICE_ACCOUNT) buildCmd += `,_SERVICE_ACCOUNT=${SERVICE_ACCOUNT}`; + if (SERVICE_ACCOUNT) cleanUpCmd += `,_SERVICE_ACCOUNT=${SERVICE_ACCOUNT}`; execSync(cleanUpCmd); }); From 68f927c7d80798e4d562627717caa2ef544e0ea9 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 14:49:39 +1100 Subject: [PATCH 18/37] fix missing renames --- .github/scripts/setup-vars.js | 10 +++++----- .github/workflows/ci-dev.yaml | 2 +- .github/workflows/ci-prod.yaml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/scripts/setup-vars.js b/.github/scripts/setup-vars.js index f5e1602835..45a32aa09e 100644 --- a/.github/scripts/setup-vars.js +++ b/.github/scripts/setup-vars.js @@ -46,13 +46,13 @@ export default function setupVars({projectId, core, setup, serviceAccount, idTok console.log(` ${key}: ${setup.secrets[key]}`); } - // Set global secret for the Service Account access token - // Use in place of 'gcloud auth print-access-token' or auth.getIdTokenClient - // usage: curl -H 'Bearer: $ACCESS_TOKEN' https:// + // Set global secret for the Service Account identity token + // Use in place of 'gcloud auth print-identity-token' or auth.getIdTokenClient + // usage: curl -H 'Bearer: $ID_TOKEN' https:// core.exportVariable('ID_TOKEN', idToken) core.setSecret('ID_TOKEN') - // For logging, show the source of the ACCESS_TOKEN - console.log(` ID_TOKEN: steps.auth.outputs.access_token (from GitHub Action)`) + // For logging, show the source of the ID_TOKEN + console.log(` ID_TOKEN: steps.auth.outputs.id_token (from GitHub Action)`) // Return env and secrets to use for further steps. return { diff --git a/.github/workflows/ci-dev.yaml b/.github/workflows/ci-dev.yaml index 1ad4b3bc97..8ca1a69a4d 100644 --- a/.github/workflows/ci-dev.yaml +++ b/.github/workflows/ci-dev.yaml @@ -104,7 +104,7 @@ jobs: const setup = JSON.parse(process.env.CI_SETUP); const serviceAccount = '${{ env.GOOGLE_SERVICE_ACCOUNT }}'; const idToken = '${{ steps.auth.outputs.id_token }}'; - return await setupVars({projectId, core, setup, serviceAccount, accessToken}) + return await setupVars({projectId, core, setup, serviceAccount, idToken}) - uses: google-github-actions/get-secretmanager-secrets@e5bb06c2ca53b244f978d33348d18317a7f263ce # v2 if: ${{ fromJson(steps.vars.outputs.result).secrets }} with: diff --git a/.github/workflows/ci-prod.yaml b/.github/workflows/ci-prod.yaml index a4b7ea4f7d..7e403a79a5 100644 --- a/.github/workflows/ci-prod.yaml +++ b/.github/workflows/ci-prod.yaml @@ -116,7 +116,7 @@ jobs: const setup = JSON.parse(process.env.CI_SETUP); const serviceAccount = '${{ env.GOOGLE_SERVICE_ACCOUNT }}'; const idToken = '${{ steps.auth.outputs.id_token }}'; - return await setupVars({projectId, core, setup, serviceAccount, accessToken}) + return await setupVars({projectId, core, setup, serviceAccount, idToken}) - uses: google-github-actions/get-secretmanager-secrets@e5bb06c2ca53b244f978d33348d18317a7f263ce # v2 if: ${{ fromJson(steps.vars.outputs.result).secrets }} with: From 33e49c2e2a341bcff5a51f0b3d9fabc3af49ec2d Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 14:52:44 +1100 Subject: [PATCH 19/37] lint --- run/helloworld/test/system.test.js | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/run/helloworld/test/system.test.js b/run/helloworld/test/system.test.js index a403725ffb..6dc981eabe 100644 --- a/run/helloworld/test/system.test.js +++ b/run/helloworld/test/system.test.js @@ -15,8 +15,6 @@ import assert from 'assert'; import {execSync} from 'child_process'; import request from 'got'; -import {GoogleAuth} from 'google-auth-library'; -const auth = new GoogleAuth(); const get = (route, base_url) => { if (!ID_TOKEN) { @@ -44,14 +42,14 @@ describe('End-to-End Tests', () => { `"SERVICE_NAME" env var not found. Defaulting to "${SERVICE_NAME}"` ); } - let {SERVICE_ACCOUNT} = process.env; + const {SERVICE_ACCOUNT} = process.env; let {NAME} = process.env; if (!NAME) { NAME = 'Cloud'; console.log(`"NAME" env var not found. Defaulting to "${NAME}"`); } const {SAMPLE_VERSION} = process.env; - let {ID_TOKEN} = process.env; + const {ID_TOKEN} = process.env; if (!ID_TOKEN) { throw Error('"ID_TOKEN" env var not found.'); } From dbd0edaf832346b0136fb2e470c27e6f6997175e Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 14:56:47 +1100 Subject: [PATCH 20/37] set the value of the token secret, not the key/string --- .github/scripts/setup-vars.js | 2 +- run/helloworld/test/system.test.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/scripts/setup-vars.js b/.github/scripts/setup-vars.js index 45a32aa09e..b2fd95b1bf 100644 --- a/.github/scripts/setup-vars.js +++ b/.github/scripts/setup-vars.js @@ -50,7 +50,7 @@ export default function setupVars({projectId, core, setup, serviceAccount, idTok // Use in place of 'gcloud auth print-identity-token' or auth.getIdTokenClient // usage: curl -H 'Bearer: $ID_TOKEN' https:// core.exportVariable('ID_TOKEN', idToken) - core.setSecret('ID_TOKEN') + core.setSecret(idToken) // For logging, show the source of the ID_TOKEN console.log(` ID_TOKEN: steps.auth.outputs.id_token (from GitHub Action)`) diff --git a/run/helloworld/test/system.test.js b/run/helloworld/test/system.test.js index 6dc981eabe..01a97ce206 100644 --- a/run/helloworld/test/system.test.js +++ b/run/helloworld/test/system.test.js @@ -29,7 +29,7 @@ const get = (route, base_url) => { }); }; -let BASE_URL, ID_TOKEN; +let BASE_URL; describe('End-to-End Tests', () => { const {GOOGLE_CLOUD_PROJECT} = process.env; if (!GOOGLE_CLOUD_PROJECT) { From 770c57a176cb6c88d0862a0ef7775e296dcdc227 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 15:02:33 +1100 Subject: [PATCH 21/37] lint --- run/helloworld/test/system.test.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/run/helloworld/test/system.test.js b/run/helloworld/test/system.test.js index 01a97ce206..f859e8077a 100644 --- a/run/helloworld/test/system.test.js +++ b/run/helloworld/test/system.test.js @@ -29,7 +29,7 @@ const get = (route, base_url) => { }); }; -let BASE_URL; +let BASE_URL, ID_TOKEN; describe('End-to-End Tests', () => { const {GOOGLE_CLOUD_PROJECT} = process.env; if (!GOOGLE_CLOUD_PROJECT) { @@ -49,7 +49,7 @@ describe('End-to-End Tests', () => { console.log(`"NAME" env var not found. Defaulting to "${NAME}"`); } const {SAMPLE_VERSION} = process.env; - const {ID_TOKEN} = process.env; + ID_TOKEN = process.env; if (!ID_TOKEN) { throw Error('"ID_TOKEN" env var not found.'); } From ed7fb4583c771c7371075cee43d3107b74c0f853 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 15:14:04 +1100 Subject: [PATCH 22/37] update setupvars tests --- .github/scripts/setup-vars.test.js | 32 ++++++++++++++++-------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/.github/scripts/setup-vars.test.js b/.github/scripts/setup-vars.test.js index 86524856b4..e1f4b47b90 100644 --- a/.github/scripts/setup-vars.test.js +++ b/.github/scripts/setup-vars.test.js @@ -19,52 +19,54 @@ import setupVars from './setup-vars.js'; import {substituteVars, uniqueId} from './setup-vars.js'; const projectId = 'my-test-project'; +const serviceAccount = "my-sa@my-project.iam.gserviceaccount.com" const core = { exportVariable: (_key, _value) => null, + setSecret: (_key) => null, }; -const autovars = {PROJECT_ID: projectId, RUN_ID: 'run-id'}; +const autovars = {PROJECT_ID: projectId, RUN_ID: 'run-id', SERVICE_ACCOUNT: serviceAccount}; describe('setupVars', () => { describe('env', () => { it('empty', () => { const setup = {}; - const vars = setupVars({projectId, core, setup}, 'run-id'); + const vars = setupVars({projectId, core, setup, serviceAccount}, 'run-id'); const expected = autovars; deepStrictEqual(vars.env, expected); }); it('zero vars', () => { const setup = {env: {}}; - const vars = setupVars({projectId, core, setup}, 'run-id'); + const vars = setupVars({projectId, core, setup, serviceAccount}, 'run-id'); const expected = autovars; deepStrictEqual(vars.env, expected); }); it('one var', () => { const setup = {env: {A: 'x'}}; - const vars = setupVars({projectId, core, setup}, 'run-id'); + const vars = setupVars({projectId, core, setup, serviceAccount}, 'run-id'); const expected = {...autovars, A: 'x'}; deepStrictEqual(vars.env, expected); }); it('three vars', () => { const setup = {env: {A: 'x', B: 'y', C: 'z'}}; - const vars = setupVars({projectId, core, setup}, 'run-id'); + const vars = setupVars({projectId, core, setup, serviceAccount}, 'run-id'); const expected = {...autovars, A: 'x', B: 'y', C: 'z'}; deepStrictEqual(vars.env, expected); }); it('should override automatic variables', () => { - const setup = {env: {PROJECT_ID: 'custom-value'}}; - const vars = setupVars({projectId, core, setup}, 'run-id'); - const expected = {PROJECT_ID: 'custom-value', RUN_ID: 'run-id'}; + const setup = {env: {PROJECT_ID: 'custom-value', SERVICE_ACCOUNT: 'baz@foo.com'}}; + const vars = setupVars({projectId, core, setup, serviceAccount}, 'run-id'); + const expected = {PROJECT_ID: 'custom-value', RUN_ID: 'run-id', SERVICE_ACCOUNT: 'baz@foo.com'}; deepStrictEqual(vars.env, expected); }); it('should interpolate variables', () => { const setup = {env: {A: 'x', B: 'y', C: '$A/${B}'}}; - const vars = setupVars({projectId, core, setup}, 'run-id'); + const vars = setupVars({projectId, core, setup, serviceAccount}, 'run-id'); const expected = {...autovars, A: 'x', B: 'y', C: 'x/y'}; deepStrictEqual(vars.env, expected); }); @@ -74,7 +76,7 @@ describe('setupVars', () => { env: {C: '$x/$y'}, secrets: {A: 'x', B: 'y'}, }; - const vars = setupVars({projectId, core, setup}, 'run-id'); + const vars = setupVars({projectId, core, setup, serviceAccount}, 'run-id'); const expected = {...autovars, C: '$x/$y'}; deepStrictEqual(vars.env, expected); }); @@ -83,20 +85,20 @@ describe('setupVars', () => { describe('secrets', () => { it('zero secrets', () => { const setup = {secrets: {}}; - const vars = setupVars({projectId, core, setup}, 'run-id'); + const vars = setupVars({projectId, core, setup, serviceAccount}, 'run-id'); deepStrictEqual(vars.secrets, ''); }); it('one secret', () => { const setup = {secrets: {A: 'x'}}; - const vars = setupVars({projectId, core, setup}, 'run-id'); + const vars = setupVars({projectId, core, setup, serviceAccount}, 'run-id'); const expected = 'A:x'; deepStrictEqual(vars.secrets, expected); }); it('three secrets', () => { const setup = {secrets: {A: 'x', B: 'y', C: 'z'}}; - const vars = setupVars({projectId, core, setup}, 'run-id'); + const vars = setupVars({projectId, core, setup, serviceAccount}, 'run-id'); const expected = 'A:x\nB:y\nC:z'; deepStrictEqual(vars.secrets, expected); }); @@ -106,14 +108,14 @@ describe('setupVars', () => { env: {A: 'x', B: 'y'}, secrets: {C: '$A/$B'}, }; - const vars = setupVars({projectId, core, setup}, 'run-id'); + const vars = setupVars({projectId, core, setup, serviceAccount}, 'run-id'); const expected = 'C:$A/$B'; deepStrictEqual(vars.secrets, expected); }); it('should not interpolate secrets', () => { const setup = {secrets: {A: 'x', B: 'y', C: '$A/$B'}}; - const vars = setupVars({projectId, core, setup}, 'run-id'); + const vars = setupVars({projectId, core, setup, serviceAccount}, 'run-id'); const expected = 'A:x\nB:y\nC:$A/$B'; deepStrictEqual(vars.secrets, expected); }); From 7053eb36fce4ac743698cb5cc248e3b1ffd3a355 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 15:33:42 +1100 Subject: [PATCH 23/37] =?UTF-8?q?debug:=20=C2=AF\=5F(=E3=83=84)=5F/=C2=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/scripts/setup-vars.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/setup-vars.js b/.github/scripts/setup-vars.js index b2fd95b1bf..a737c096e8 100644 --- a/.github/scripts/setup-vars.js +++ b/.github/scripts/setup-vars.js @@ -49,7 +49,7 @@ export default function setupVars({projectId, core, setup, serviceAccount, idTok // Set global secret for the Service Account identity token // Use in place of 'gcloud auth print-identity-token' or auth.getIdTokenClient // usage: curl -H 'Bearer: $ID_TOKEN' https:// - core.exportVariable('ID_TOKEN', idToken) + core.exportVariable('ID_TOKEN', idToken.toString()) core.setSecret(idToken) // For logging, show the source of the ID_TOKEN console.log(` ID_TOKEN: steps.auth.outputs.id_token (from GitHub Action)`) From 875ffd70e30a72d88e013b75d2592d3d711be21b Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 15:46:54 +1100 Subject: [PATCH 24/37] error handling --- .github/scripts/setup-vars.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/scripts/setup-vars.js b/.github/scripts/setup-vars.js index a737c096e8..d65ba4e014 100644 --- a/.github/scripts/setup-vars.js +++ b/.github/scripts/setup-vars.js @@ -49,7 +49,8 @@ export default function setupVars({projectId, core, setup, serviceAccount, idTok // Set global secret for the Service Account identity token // Use in place of 'gcloud auth print-identity-token' or auth.getIdTokenClient // usage: curl -H 'Bearer: $ID_TOKEN' https:// - core.exportVariable('ID_TOKEN', idToken.toString()) + + core.exportVariable('ID_TOKEN', (idToken || '').toString()) core.setSecret(idToken) // For logging, show the source of the ID_TOKEN console.log(` ID_TOKEN: steps.auth.outputs.id_token (from GitHub Action)`) From f009b17fa7f0f7337d2d1210f5271193d90cb990 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 15:52:29 +1100 Subject: [PATCH 25/37] what if we just --- run/helloworld/test/system.test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run/helloworld/test/system.test.js b/run/helloworld/test/system.test.js index f859e8077a..35a292e3dd 100644 --- a/run/helloworld/test/system.test.js +++ b/run/helloworld/test/system.test.js @@ -23,7 +23,7 @@ const get = (route, base_url) => { return request(new URL(route, base_url.trim()), { headers: { - Authorization: `${ID_TOKEN.trim()}`, + Authorization: `${ID_TOKEN}`, }, throwHttpErrors: false, }); From 611e5e9fe47634782e3c2849f9e0eeef77c10d8a Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 16:02:26 +1100 Subject: [PATCH 26/37] debugging --- .github/scripts/setup-vars.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/scripts/setup-vars.js b/.github/scripts/setup-vars.js index d65ba4e014..76145b453d 100644 --- a/.github/scripts/setup-vars.js +++ b/.github/scripts/setup-vars.js @@ -50,10 +50,12 @@ export default function setupVars({projectId, core, setup, serviceAccount, idTok // Use in place of 'gcloud auth print-identity-token' or auth.getIdTokenClient // usage: curl -H 'Bearer: $ID_TOKEN' https:// - core.exportVariable('ID_TOKEN', (idToken || '').toString()) + idToken = (idToken || '').toString() // debug + core.exportVariable('ID_TOKEN', idToken) core.setSecret(idToken) // For logging, show the source of the ID_TOKEN - console.log(` ID_TOKEN: steps.auth.outputs.id_token (from GitHub Action)`) + console.log(` ID_TOKEN: steps.auth.outputs.id_token (from GitHub Action)`); + console.log(`DEBUG: ID_TOKEN looks like ${idToken.substr(0,10)}... length ${idToken.length}`); // Return env and secrets to use for further steps. return { From 301126d22d8f5da1ca07e253adc0179becf1a464 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 16:31:26 +1100 Subject: [PATCH 27/37] debugging --- .github/scripts/setup-vars.js | 1 - .github/workflows/ci-prod.yaml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/scripts/setup-vars.js b/.github/scripts/setup-vars.js index 76145b453d..d538128ca3 100644 --- a/.github/scripts/setup-vars.js +++ b/.github/scripts/setup-vars.js @@ -55,7 +55,6 @@ export default function setupVars({projectId, core, setup, serviceAccount, idTok core.setSecret(idToken) // For logging, show the source of the ID_TOKEN console.log(` ID_TOKEN: steps.auth.outputs.id_token (from GitHub Action)`); - console.log(`DEBUG: ID_TOKEN looks like ${idToken.substr(0,10)}... length ${idToken.length}`); // Return env and secrets to use for further steps. return { diff --git a/.github/workflows/ci-prod.yaml b/.github/workflows/ci-prod.yaml index 7461710b50..36fa56ede7 100644 --- a/.github/workflows/ci-prod.yaml +++ b/.github/workflows/ci-prod.yaml @@ -104,7 +104,7 @@ jobs: service_account: ${{ env.GOOGLE_SERVICE_ACCOUNT }} access_token_lifetime: 600s # 10 minutes token_format: 'id_token' - id_token_audience: 'https://run.googleapis.com' + id_token_audience: 'https://run.app' # any cloud run service id_token_include_email: true - name: Export environment variables uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 From eefafbdf54d85927af589a0897e8a7599011f237 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 17:41:08 +1100 Subject: [PATCH 28/37] add custom audience, set by the auth action, updated by e2e test --- .github/workflows/ci-dev.yaml | 2 +- .github/workflows/ci-prod.yaml | 2 +- run/helloworld/test/e2e_test_setup.yaml | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-dev.yaml b/.github/workflows/ci-dev.yaml index c64a24450e..543ad4f5b0 100644 --- a/.github/workflows/ci-dev.yaml +++ b/.github/workflows/ci-dev.yaml @@ -92,7 +92,7 @@ jobs: service_account: ${{ env.GOOGLE_SERVICE_ACCOUNT }} access_token_lifetime: 600s # 10 minutes token_format: 'id_token' - id_token_audience: 'https://run.googleapis.com' + id_token_audience: 'https://testing.run.app' # service must have this custom audience id_token_include_email: true - name: Export environment variables uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 diff --git a/.github/workflows/ci-prod.yaml b/.github/workflows/ci-prod.yaml index 36fa56ede7..e8d946da87 100644 --- a/.github/workflows/ci-prod.yaml +++ b/.github/workflows/ci-prod.yaml @@ -104,7 +104,7 @@ jobs: service_account: ${{ env.GOOGLE_SERVICE_ACCOUNT }} access_token_lifetime: 600s # 10 minutes token_format: 'id_token' - id_token_audience: 'https://run.app' # any cloud run service + id_token_audience: 'https://testing.run.app' # service must have this custom audience id_token_include_email: true - name: Export environment variables uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 diff --git a/run/helloworld/test/e2e_test_setup.yaml b/run/helloworld/test/e2e_test_setup.yaml index 7f58116cb7..9f000b5613 100644 --- a/run/helloworld/test/e2e_test_setup.yaml +++ b/run/helloworld/test/e2e_test_setup.yaml @@ -29,6 +29,8 @@ steps: --platform ${_PLATFORM} \ --set-env-vars NAME=${_NAME}" + gcloud run services update ${_SERVICE} --add-custom-audiences=https://testing.run.app --region {_REGION} + images: - gcr.io/${PROJECT_ID}/${_SERVICE}:${_VERSION} From 93adf272aea1cb995fe3c146cb0c1621dff76cd1 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 17:52:32 +1100 Subject: [PATCH 29/37] debug --- run/helloworld/test/e2e_test_setup.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/run/helloworld/test/e2e_test_setup.yaml b/run/helloworld/test/e2e_test_setup.yaml index 9f000b5613..ce71bb0e1a 100644 --- a/run/helloworld/test/e2e_test_setup.yaml +++ b/run/helloworld/test/e2e_test_setup.yaml @@ -27,10 +27,8 @@ steps: --no-allow-unauthenticated \ --region ${_REGION} \ --platform ${_PLATFORM} \ - --set-env-vars NAME=${_NAME}" - - gcloud run services update ${_SERVICE} --add-custom-audiences=https://testing.run.app --region {_REGION} - + --set-env-vars NAME=${_NAME} \ + --add-custom-audiences=https://testing.run.app/ images: - gcr.io/${PROJECT_ID}/${_SERVICE}:${_VERSION} From 7f4fe6697685a85c31506500b7df4c106ef78ca4 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 17:58:15 +1100 Subject: [PATCH 30/37] lol --- run/helloworld/test/e2e_test_setup.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run/helloworld/test/e2e_test_setup.yaml b/run/helloworld/test/e2e_test_setup.yaml index ce71bb0e1a..5d5b9a4e4f 100644 --- a/run/helloworld/test/e2e_test_setup.yaml +++ b/run/helloworld/test/e2e_test_setup.yaml @@ -28,7 +28,7 @@ steps: --region ${_REGION} \ --platform ${_PLATFORM} \ --set-env-vars NAME=${_NAME} \ - --add-custom-audiences=https://testing.run.app/ + --add-custom-audiences=https://testing.run.app/" images: - gcr.io/${PROJECT_ID}/${_SERVICE}:${_VERSION} From fed7faa0f887d841e61666d5b8e45c37f10be5e9 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 18:09:21 +1100 Subject: [PATCH 31/37] debugging --- .github/workflows/ci-dev.yaml | 2 +- .github/workflows/ci-prod.yaml | 2 +- run/helloworld/test/e2e_test_cleanup.yaml | 5 +++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-dev.yaml b/.github/workflows/ci-dev.yaml index 543ad4f5b0..b9e7068c0d 100644 --- a/.github/workflows/ci-dev.yaml +++ b/.github/workflows/ci-dev.yaml @@ -92,7 +92,7 @@ jobs: service_account: ${{ env.GOOGLE_SERVICE_ACCOUNT }} access_token_lifetime: 600s # 10 minutes token_format: 'id_token' - id_token_audience: 'https://testing.run.app' # service must have this custom audience + id_token_audience: 'https://testing.run.app/' # service must have this custom audience id_token_include_email: true - name: Export environment variables uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 diff --git a/.github/workflows/ci-prod.yaml b/.github/workflows/ci-prod.yaml index e8d946da87..ec49445fb0 100644 --- a/.github/workflows/ci-prod.yaml +++ b/.github/workflows/ci-prod.yaml @@ -104,7 +104,7 @@ jobs: service_account: ${{ env.GOOGLE_SERVICE_ACCOUNT }} access_token_lifetime: 600s # 10 minutes token_format: 'id_token' - id_token_audience: 'https://testing.run.app' # service must have this custom audience + id_token_audience: 'https://testing.run.app/' # service must have this custom audience id_token_include_email: true - name: Export environment variables uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 diff --git a/run/helloworld/test/e2e_test_cleanup.yaml b/run/helloworld/test/e2e_test_cleanup.yaml index 47434239a9..5944440aee 100644 --- a/run/helloworld/test/e2e_test_cleanup.yaml +++ b/run/helloworld/test/e2e_test_cleanup.yaml @@ -9,8 +9,9 @@ steps: ./test/retry.sh "gcloud container images describe gcr.io/${PROJECT_ID}/${_SERVICE}:${_VERSION}" \ "gcloud container images delete gcr.io/${PROJECT_ID}/${_SERVICE}:${_VERSION} --quiet" - ./test/retry.sh "gcloud run services describe ${_SERVICE} --region ${_REGION} --platform ${_PLATFORM}" \ - "gcloud run services delete ${_SERVICE} --region ${_REGION} --platform ${_PLATFORM} --quiet" + echo "skip cleanup for debugging" + #./test/retry.sh "gcloud run services describe ${_SERVICE} --region ${_REGION} --platform ${_PLATFORM}" \ + # "gcloud run services delete ${_SERVICE} --region ${_REGION} --platform ${_PLATFORM} --quiet" substitutions: _SERVICE: logging-manual From 664b5e77e99a2086018c901ca58edba3a4c77afb Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 19:23:13 +1100 Subject: [PATCH 32/37] try separating setup, using a known unused domain --- .github/workflows/ci-dev.yaml | 2 +- .github/workflows/ci-prod.yaml | 2 +- run/helloworld/test/e2e_test_setup.yaml | 7 +++++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-dev.yaml b/.github/workflows/ci-dev.yaml index b9e7068c0d..48eec185d2 100644 --- a/.github/workflows/ci-dev.yaml +++ b/.github/workflows/ci-dev.yaml @@ -92,7 +92,7 @@ jobs: service_account: ${{ env.GOOGLE_SERVICE_ACCOUNT }} access_token_lifetime: 600s # 10 minutes token_format: 'id_token' - id_token_audience: 'https://testing.run.app/' # service must have this custom audience + id_token_audience: 'https://action.test/' # service must have this custom audience id_token_include_email: true - name: Export environment variables uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 diff --git a/.github/workflows/ci-prod.yaml b/.github/workflows/ci-prod.yaml index ec49445fb0..3448fc7c40 100644 --- a/.github/workflows/ci-prod.yaml +++ b/.github/workflows/ci-prod.yaml @@ -104,7 +104,7 @@ jobs: service_account: ${{ env.GOOGLE_SERVICE_ACCOUNT }} access_token_lifetime: 600s # 10 minutes token_format: 'id_token' - id_token_audience: 'https://testing.run.app/' # service must have this custom audience + id_token_audience: 'https://action.test/' # service must have this custom audience id_token_include_email: true - name: Export environment variables uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 diff --git a/run/helloworld/test/e2e_test_setup.yaml b/run/helloworld/test/e2e_test_setup.yaml index 5d5b9a4e4f..3403450466 100644 --- a/run/helloworld/test/e2e_test_setup.yaml +++ b/run/helloworld/test/e2e_test_setup.yaml @@ -27,8 +27,11 @@ steps: --no-allow-unauthenticated \ --region ${_REGION} \ --platform ${_PLATFORM} \ - --set-env-vars NAME=${_NAME} \ - --add-custom-audiences=https://testing.run.app/" + --set-env-vars NAME=${_NAME}" + + ./test/retry.sh "gcloud run update ${_SERVICE} \ + --region ${_REGION} \ + --add-custom-audiences=https://action.test/" images: - gcr.io/${PROJECT_ID}/${_SERVICE}:${_VERSION} From d98ab9eba5c7df1ea0db6d376612ab4ab37a22d6 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 19:30:14 +1100 Subject: [PATCH 33/37] spelling --- run/helloworld/test/e2e_test_setup.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run/helloworld/test/e2e_test_setup.yaml b/run/helloworld/test/e2e_test_setup.yaml index 3403450466..1e46cc0aee 100644 --- a/run/helloworld/test/e2e_test_setup.yaml +++ b/run/helloworld/test/e2e_test_setup.yaml @@ -29,7 +29,7 @@ steps: --platform ${_PLATFORM} \ --set-env-vars NAME=${_NAME}" - ./test/retry.sh "gcloud run update ${_SERVICE} \ + ./test/retry.sh "gcloud run services update ${_SERVICE} \ --region ${_REGION} \ --add-custom-audiences=https://action.test/" From 0cb016f5de7cf0d1990767bd6ab39d2b1a6c0e4a Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 19:50:42 +1100 Subject: [PATCH 34/37] try matching service account --- run/helloworld/test/e2e_test_setup.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/run/helloworld/test/e2e_test_setup.yaml b/run/helloworld/test/e2e_test_setup.yaml index 1e46cc0aee..90a8ddb84e 100644 --- a/run/helloworld/test/e2e_test_setup.yaml +++ b/run/helloworld/test/e2e_test_setup.yaml @@ -27,7 +27,8 @@ steps: --no-allow-unauthenticated \ --region ${_REGION} \ --platform ${_PLATFORM} \ - --set-env-vars NAME=${_NAME}" + --set-env-vars NAME=${_NAME} \ + --service-account=${_SERVICE_ACCOUNT}" ./test/retry.sh "gcloud run services update ${_SERVICE} \ --region ${_REGION} \ From b64e2c20f7cb62c296fbb7bd8d93cca9b1b48074 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 19:56:30 +1100 Subject: [PATCH 35/37] trim --- run/helloworld/test/system.test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run/helloworld/test/system.test.js b/run/helloworld/test/system.test.js index 35a292e3dd..f859e8077a 100644 --- a/run/helloworld/test/system.test.js +++ b/run/helloworld/test/system.test.js @@ -23,7 +23,7 @@ const get = (route, base_url) => { return request(new URL(route, base_url.trim()), { headers: { - Authorization: `${ID_TOKEN}`, + Authorization: `${ID_TOKEN.trim()}`, }, throwHttpErrors: false, }); From b0ce19b44732920af4db2f035a42c9ebaa201655 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 20:01:05 +1100 Subject: [PATCH 36/37] ...oh --- run/helloworld/test/system.test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run/helloworld/test/system.test.js b/run/helloworld/test/system.test.js index f859e8077a..4089f21501 100644 --- a/run/helloworld/test/system.test.js +++ b/run/helloworld/test/system.test.js @@ -23,7 +23,7 @@ const get = (route, base_url) => { return request(new URL(route, base_url.trim()), { headers: { - Authorization: `${ID_TOKEN.trim()}`, + Authorization: `Bearer ${ID_TOKEN}`, }, throwHttpErrors: false, }); From 1758aa483e7bb89e3a46f3555224e962e1156bd8 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 27 Feb 2025 20:11:33 +1100 Subject: [PATCH 37/37] maybe --- run/helloworld/test/e2e_test_cleanup.yaml | 5 ++--- run/helloworld/test/e2e_test_setup.yaml | 6 +----- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/run/helloworld/test/e2e_test_cleanup.yaml b/run/helloworld/test/e2e_test_cleanup.yaml index 5944440aee..47434239a9 100644 --- a/run/helloworld/test/e2e_test_cleanup.yaml +++ b/run/helloworld/test/e2e_test_cleanup.yaml @@ -9,9 +9,8 @@ steps: ./test/retry.sh "gcloud container images describe gcr.io/${PROJECT_ID}/${_SERVICE}:${_VERSION}" \ "gcloud container images delete gcr.io/${PROJECT_ID}/${_SERVICE}:${_VERSION} --quiet" - echo "skip cleanup for debugging" - #./test/retry.sh "gcloud run services describe ${_SERVICE} --region ${_REGION} --platform ${_PLATFORM}" \ - # "gcloud run services delete ${_SERVICE} --region ${_REGION} --platform ${_PLATFORM} --quiet" + ./test/retry.sh "gcloud run services describe ${_SERVICE} --region ${_REGION} --platform ${_PLATFORM}" \ + "gcloud run services delete ${_SERVICE} --region ${_REGION} --platform ${_PLATFORM} --quiet" substitutions: _SERVICE: logging-manual diff --git a/run/helloworld/test/e2e_test_setup.yaml b/run/helloworld/test/e2e_test_setup.yaml index 90a8ddb84e..b8405f85f8 100644 --- a/run/helloworld/test/e2e_test_setup.yaml +++ b/run/helloworld/test/e2e_test_setup.yaml @@ -28,11 +28,7 @@ steps: --region ${_REGION} \ --platform ${_PLATFORM} \ --set-env-vars NAME=${_NAME} \ - --service-account=${_SERVICE_ACCOUNT}" - - ./test/retry.sh "gcloud run services update ${_SERVICE} \ - --region ${_REGION} \ - --add-custom-audiences=https://action.test/" + --add-custom-audiences 'https://action.test/'" images: - gcr.io/${PROJECT_ID}/${_SERVICE}:${_VERSION}