From 4ab5cc8eb867dd81d2b5677008863ac45e532572 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oriol=20Mu=C3=B1oz?= Date: Tue, 20 Jan 2026 13:49:48 +0000 Subject: [PATCH 1/5] Add cloudsql for perftests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oriol Muñoz --- cluster/pulumi/common/src/index.ts | 1 + cluster/pulumi/common/src/postgres.ts | 11 ++++++--- cluster/pulumi/gha/src/index.ts | 4 +++- cluster/pulumi/gha/src/performanceTests.ts | 27 ++++++++++++++++++++++ cluster/pulumi/gha/src/runners.ts | 14 ++++++++--- 5 files changed, 50 insertions(+), 7 deletions(-) create mode 100644 cluster/pulumi/gha/src/performanceTests.ts diff --git a/cluster/pulumi/common/src/index.ts b/cluster/pulumi/common/src/index.ts index 5f9a04b202..2c66af56cb 100644 --- a/cluster/pulumi/common/src/index.ts +++ b/cluster/pulumi/common/src/index.ts @@ -24,6 +24,7 @@ export * from './dockerConfig'; export * from './serviceAccount'; export * from './participantKms'; export * from './config/migrationSchema'; +export * from './postgres'; export * from './pruning'; export * from './config/loadTesterConfig'; export * from './config/networkWideConfig'; diff --git a/cluster/pulumi/common/src/postgres.ts b/cluster/pulumi/common/src/postgres.ts index c20bb18ba8..26421f4176 100644 --- a/cluster/pulumi/common/src/postgres.ts +++ b/cluster/pulumi/common/src/postgres.ts @@ -65,7 +65,12 @@ export class CloudPostgres extends pulumi.ComponentResource implements Postgres secretName: string, cloudSqlConfig: CloudSqlConfig, active: boolean = true, - opts: { disableProtection?: boolean; migrationId?: string; logicalDecoding?: boolean } = {} + opts: { + disableProtection?: boolean; + migrationId?: string; + logicalDecoding?: boolean; + disableBackups?: boolean; + } = {} ) { const instanceLogicalName = xns.logicalName + '-' + instanceName; const instanceLogicalNameAlias = xns.logicalName + '-' + alias; // pulumi name before #12391 @@ -93,8 +98,8 @@ export class CloudPostgres extends pulumi.ComponentResource implements Postgres ...(opts.logicalDecoding ? [{ name: 'cloudsql.logical_decoding', value: 'on' }] : []), ], backupConfiguration: { - enabled: true, - pointInTimeRecoveryEnabled: true, + enabled: !opts.disableBackups, + pointInTimeRecoveryEnabled: !opts.disableBackups, ...(spliceConfig.pulumiProjectConfig.cloudSql.backupsToRetain ? { backupRetentionSettings: { diff --git a/cluster/pulumi/gha/src/index.ts b/cluster/pulumi/gha/src/index.ts index b1664c1843..be946d76de 100644 --- a/cluster/pulumi/gha/src/index.ts +++ b/cluster/pulumi/gha/src/index.ts @@ -2,8 +2,10 @@ // SPDX-License-Identifier: Apache-2.0 import { installController } from './controller'; import { installDockerRegistryMirror } from './dockerMirror'; +import { installPerformanceTestsServices } from './performanceTests'; import { installRunnerScaleSets } from './runners'; installDockerRegistryMirror(); const controller = installController(); -installRunnerScaleSets(controller); +const ghaNamespace = installRunnerScaleSets(controller); +installPerformanceTestsServices(ghaNamespace); diff --git a/cluster/pulumi/gha/src/performanceTests.ts b/cluster/pulumi/gha/src/performanceTests.ts new file mode 100644 index 0000000000..792cc60c4b --- /dev/null +++ b/cluster/pulumi/gha/src/performanceTests.ts @@ -0,0 +1,27 @@ +import { CloudPostgres, ExactNamespace } from '@lfdecentralizedtrust/splice-pulumi-common'; + +export function installPerformanceTestsServices(ghaNamespace: ExactNamespace): void { + createCloudSQLInstanceForPerformanceTests(ghaNamespace); +} + +function createCloudSQLInstanceForPerformanceTests(ghaNamespace: ExactNamespace): void { + new CloudPostgres( + ghaNamespace, + 'performance-test-db', + 'performance-test-db', + 'performance-test-db-secret', + { + enabled: true, + maintenanceWindow: { day: 2, hour: 8 }, + protected: false, + tier: 'db-custom-2-7680', // same as devnet & testnet as of Jan 2026 + enterprisePlus: false, + }, + false, // that means that it will start stopped + { + disableProtection: true, + disableBackups: true, + logicalDecoding: false, + } + ); +} diff --git a/cluster/pulumi/gha/src/runners.ts b/cluster/pulumi/gha/src/runners.ts index 319e10f219..3517940103 100644 --- a/cluster/pulumi/gha/src/runners.ts +++ b/cluster/pulumi/gha/src/runners.ts @@ -4,6 +4,7 @@ import * as k8s from '@pulumi/kubernetes'; import { appsAffinityAndTolerations, DOCKER_REPO, + ExactNamespace, HELM_MAX_HISTORY_SIZE, imagePullSecretByNamespaceNameForServiceAccount, infraAffinityAndTolerations, @@ -754,10 +755,11 @@ function installPodMonitor(runnersNamespace: Namespace) { ); } -export function installRunnerScaleSets(controller: k8s.helm.v3.Release): void { - const runnersNamespace = new Namespace('gha-runners', { +const GHA_NAMESPACE_NAME = 'gha-runners'; +export function installRunnerScaleSets(controller: k8s.helm.v3.Release): ExactNamespace { + const runnersNamespace = new Namespace(GHA_NAMESPACE_NAME, { metadata: { - name: 'gha-runners', + name: GHA_NAMESPACE_NAME, }, }); @@ -793,4 +795,10 @@ export function installRunnerScaleSets(controller: k8s.helm.v3.Release): void { installDockerRunnerScaleSets(controller, runnersNamespace, tokenSecret, cachePvc, saName); installK8sRunnerScaleSets(controller, runnersNamespace, tokenSecret, cachePvcName, saName); installPodMonitor(runnersNamespace); + + const exactNs: ExactNamespace = { + ns: runnersNamespace, + logicalName: GHA_NAMESPACE_NAME, + }; + return exactNs; } From 600fd1c04c8531d2fd4debf80ab63b755d988189 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oriol=20Mu=C3=B1oz?= Date: Tue, 20 Jan 2026 16:27:15 +0000 Subject: [PATCH 2/5] apparently this is not allowed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oriol Muñoz --- cluster/pulumi/gha/src/performanceTests.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/pulumi/gha/src/performanceTests.ts b/cluster/pulumi/gha/src/performanceTests.ts index 792cc60c4b..6f5806e8b9 100644 --- a/cluster/pulumi/gha/src/performanceTests.ts +++ b/cluster/pulumi/gha/src/performanceTests.ts @@ -17,7 +17,7 @@ function createCloudSQLInstanceForPerformanceTests(ghaNamespace: ExactNamespace) tier: 'db-custom-2-7680', // same as devnet & testnet as of Jan 2026 enterprisePlus: false, }, - false, // that means that it will start stopped + true, { disableProtection: true, disableBackups: true, From 484fdb095948161f8d97501b7db9951422456e3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oriol=20Mu=C3=B1oz?= Date: Wed, 21 Jan 2026 11:59:39 +0000 Subject: [PATCH 3/5] add the env vars to k8s runners MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oriol Muñoz --- cluster/pulumi/gha/src/index.ts | 4 +- cluster/pulumi/gha/src/performanceTests.ts | 10 ++--- cluster/pulumi/gha/src/runners.test.ts | 4 ++ cluster/pulumi/gha/src/runners.ts | 50 ++++++++++++++++------ 4 files changed, 47 insertions(+), 21 deletions(-) diff --git a/cluster/pulumi/gha/src/index.ts b/cluster/pulumi/gha/src/index.ts index be946d76de..b1664c1843 100644 --- a/cluster/pulumi/gha/src/index.ts +++ b/cluster/pulumi/gha/src/index.ts @@ -2,10 +2,8 @@ // SPDX-License-Identifier: Apache-2.0 import { installController } from './controller'; import { installDockerRegistryMirror } from './dockerMirror'; -import { installPerformanceTestsServices } from './performanceTests'; import { installRunnerScaleSets } from './runners'; installDockerRegistryMirror(); const controller = installController(); -const ghaNamespace = installRunnerScaleSets(controller); -installPerformanceTestsServices(ghaNamespace); +installRunnerScaleSets(controller); diff --git a/cluster/pulumi/gha/src/performanceTests.ts b/cluster/pulumi/gha/src/performanceTests.ts index 6f5806e8b9..7400aeffbb 100644 --- a/cluster/pulumi/gha/src/performanceTests.ts +++ b/cluster/pulumi/gha/src/performanceTests.ts @@ -1,11 +1,9 @@ import { CloudPostgres, ExactNamespace } from '@lfdecentralizedtrust/splice-pulumi-common'; -export function installPerformanceTestsServices(ghaNamespace: ExactNamespace): void { - createCloudSQLInstanceForPerformanceTests(ghaNamespace); -} - -function createCloudSQLInstanceForPerformanceTests(ghaNamespace: ExactNamespace): void { - new CloudPostgres( +export function createCloudSQLInstanceForPerformanceTests( + ghaNamespace: ExactNamespace +): CloudPostgres { + return new CloudPostgres( ghaNamespace, 'performance-test-db', 'performance-test-db', diff --git a/cluster/pulumi/gha/src/runners.test.ts b/cluster/pulumi/gha/src/runners.test.ts index 668889c260..516cf795be 100644 --- a/cluster/pulumi/gha/src/runners.test.ts +++ b/cluster/pulumi/gha/src/runners.test.ts @@ -15,6 +15,7 @@ jest.mock('./config', () => ({ runnerHookVersion: '1.1', }, })); +class FakeCloudPostgres extends pulumi.Resource {} jest.mock('@lfdecentralizedtrust/splice-pulumi-common', () => ({ __esModule: true, appsAffinityAndTolerations: {}, @@ -22,6 +23,9 @@ jest.mock('@lfdecentralizedtrust/splice-pulumi-common', () => ({ HELM_MAX_HISTORY_SIZE: 42, imagePullSecretByNamespaceNameForServiceAccount: () => [], infraAffinityAndTolerations: {}, + CloudPostgres: function CloudPostgres() { + return new FakeCloudPostgres('CloudPostgres', 'cloud-postgres', true); + }, })); jest.mock('@lfdecentralizedtrust/splice-pulumi-common/src/config/envConfig', () => ({ __esModule: true, diff --git a/cluster/pulumi/gha/src/runners.ts b/cluster/pulumi/gha/src/runners.ts index 3517940103..25d711edcb 100644 --- a/cluster/pulumi/gha/src/runners.ts +++ b/cluster/pulumi/gha/src/runners.ts @@ -3,6 +3,7 @@ import * as k8s from '@pulumi/kubernetes'; import { appsAffinityAndTolerations, + CloudPostgres, DOCKER_REPO, ExactNamespace, HELM_MAX_HISTORY_SIZE, @@ -19,6 +20,7 @@ import yaml from 'js-yaml'; import { createCachePvc } from './cache'; import { ghaConfig } from './config'; +import { createCloudSQLInstanceForPerformanceTests } from './performanceTests'; type ResourcesSpec = { requests?: { @@ -404,7 +406,8 @@ function installK8sRunnerScaleSet( cachePvcName: string, resources: ResourcesSpec, serviceAccountName: string, - dependsOn: Resource[] + dependsOn: Resource[], + performanceTestsDb: CloudPostgres ): Release { const podConfigMapName = `${name}-pod-config`; // A configMap that will be mounted to runner pods and provide additional pod spec for the workflow pods @@ -535,6 +538,21 @@ function installK8sRunnerScaleSet( name: 'ACTIONS_RUNNER_CONTAINER_HOOK_TEMPLATE', value: '/pod.yaml', }, + { + name: 'PERFORMANCE_TESTS_DB_HOST', + value: performanceTestsDb.address, + }, + { + name: 'PERFORMANCE_TESTS_DB_USER', + value: 'cnadmin', + }, + { + name: 'PERFORMANCE_TESTS_DB_PASSWORD', + valueFrom: { + key: 'postgresPassword', + name: performanceTestsDb.secretName, + }, + }, ], volumeMounts: [ { @@ -702,9 +720,10 @@ function installK8sRunnerScaleSets( runnersNamespace: Namespace, tokenSecret: Secret, cachePvcName: string, - serviceAccountName: string + serviceAccountName: string, + performanceTestsDb: CloudPostgres ): void { - const dependsOn = [controller, runnersNamespace, tokenSecret]; + const dependsOn = [controller, runnersNamespace, tokenSecret, performanceTestsDb]; runnerSpecs .filter(spec => spec.k8s) @@ -716,7 +735,8 @@ function installK8sRunnerScaleSets( cachePvcName, spec.resources, serviceAccountName, - dependsOn + dependsOn, + performanceTestsDb ); }); } @@ -756,12 +776,16 @@ function installPodMonitor(runnersNamespace: Namespace) { } const GHA_NAMESPACE_NAME = 'gha-runners'; -export function installRunnerScaleSets(controller: k8s.helm.v3.Release): ExactNamespace { +export function installRunnerScaleSets(controller: k8s.helm.v3.Release): void { const runnersNamespace = new Namespace(GHA_NAMESPACE_NAME, { metadata: { name: GHA_NAMESPACE_NAME, }, }); + const exactNs: ExactNamespace = { + ns: runnersNamespace, + logicalName: GHA_NAMESPACE_NAME, + }; const tokenSecret = new k8s.core.v1.Secret( 'gh-access-token', @@ -792,13 +816,15 @@ export function installRunnerScaleSets(controller: k8s.helm.v3.Release): ExactNa const saName = 'k8s-runners'; installRunnersServiceAccount(runnersNamespace, saName); + const performanceTestsDb = createCloudSQLInstanceForPerformanceTests(exactNs); installDockerRunnerScaleSets(controller, runnersNamespace, tokenSecret, cachePvc, saName); - installK8sRunnerScaleSets(controller, runnersNamespace, tokenSecret, cachePvcName, saName); + installK8sRunnerScaleSets( + controller, + runnersNamespace, + tokenSecret, + cachePvcName, + saName, + performanceTestsDb + ); installPodMonitor(runnersNamespace); - - const exactNs: ExactNamespace = { - ns: runnersNamespace, - logicalName: GHA_NAMESPACE_NAME, - }; - return exactNs; } From 561a6bb5dab38be188429709381826a8ef6c6db5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oriol=20Mu=C3=B1oz?= Date: Wed, 21 Jan 2026 12:36:37 +0000 Subject: [PATCH 4/5] [ci] run MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oriol Muñoz From f5fa5560d88498aafb5445e5e1bda287839215d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oriol=20Mu=C3=B1oz?= Date: Wed, 21 Jan 2026 12:54:05 +0000 Subject: [PATCH 5/5] [ci] why was this header not added MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oriol Muñoz --- cluster/pulumi/gha/src/performanceTests.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cluster/pulumi/gha/src/performanceTests.ts b/cluster/pulumi/gha/src/performanceTests.ts index 7400aeffbb..0677b50292 100644 --- a/cluster/pulumi/gha/src/performanceTests.ts +++ b/cluster/pulumi/gha/src/performanceTests.ts @@ -1,3 +1,5 @@ +// Copyright (c) 2024 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved. +// SPDX-License-Identifier: Apache-2.0 import { CloudPostgres, ExactNamespace } from '@lfdecentralizedtrust/splice-pulumi-common'; export function createCloudSQLInstanceForPerformanceTests(