From 24efe7cf4696fe3a91eb4c7fd8871097a6977f08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oriol=20Mu=C3=B1oz?= Date: Wed, 21 Jan 2026 16:29:45 +0000 Subject: [PATCH 1/4] Revert "[static] Add missing secretKeyRef in GHA setup (#3638)" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 080c7d9be6c6af7a15347b2055fac1a804a2341a. Signed-off-by: Oriol Muñoz --- cluster/pulumi/gha/src/runners.ts | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/cluster/pulumi/gha/src/runners.ts b/cluster/pulumi/gha/src/runners.ts index b4c604adec..b1e1907d62 100644 --- a/cluster/pulumi/gha/src/runners.ts +++ b/cluster/pulumi/gha/src/runners.ts @@ -549,10 +549,8 @@ function installK8sRunnerScaleSet( { name: 'PERFORMANCE_TESTS_DB_PASSWORD', valueFrom: { - secretKeyRef: { - key: 'postgresPassword', - name: performanceTestsDb.secretName, - }, + key: 'postgresPassword', + name: performanceTestsDb.secretName, }, }, ], From 09e6d1b31747b73835ef43072dfc67d3a6d24a18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oriol=20Mu=C3=B1oz?= Date: Wed, 21 Jan 2026 16:29:45 +0000 Subject: [PATCH 2/4] Revert "Deploy CloudSQL instance for performance tests (#3634)" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 35543de905c3e2d61cd92e00d8226d4dbc1623e4. Signed-off-by: Oriol Muñoz --- cluster/pulumi/common/src/index.ts | 1 - cluster/pulumi/common/src/postgres.ts | 11 ++--- cluster/pulumi/gha/src/performanceTests.ts | 27 ------------ cluster/pulumi/gha/src/runners.test.ts | 4 -- cluster/pulumi/gha/src/runners.ts | 48 ++++------------------ 5 files changed, 10 insertions(+), 81 deletions(-) delete mode 100644 cluster/pulumi/gha/src/performanceTests.ts diff --git a/cluster/pulumi/common/src/index.ts b/cluster/pulumi/common/src/index.ts index 2c66af56cb..5f9a04b202 100644 --- a/cluster/pulumi/common/src/index.ts +++ b/cluster/pulumi/common/src/index.ts @@ -24,7 +24,6 @@ export * from './dockerConfig'; export * from './serviceAccount'; export * from './participantKms'; export * from './config/migrationSchema'; -export * from './postgres'; export * from './pruning'; export * from './config/loadTesterConfig'; export * from './config/networkWideConfig'; diff --git a/cluster/pulumi/common/src/postgres.ts b/cluster/pulumi/common/src/postgres.ts index 26421f4176..c20bb18ba8 100644 --- a/cluster/pulumi/common/src/postgres.ts +++ b/cluster/pulumi/common/src/postgres.ts @@ -65,12 +65,7 @@ export class CloudPostgres extends pulumi.ComponentResource implements Postgres secretName: string, cloudSqlConfig: CloudSqlConfig, active: boolean = true, - opts: { - disableProtection?: boolean; - migrationId?: string; - logicalDecoding?: boolean; - disableBackups?: boolean; - } = {} + opts: { disableProtection?: boolean; migrationId?: string; logicalDecoding?: boolean } = {} ) { const instanceLogicalName = xns.logicalName + '-' + instanceName; const instanceLogicalNameAlias = xns.logicalName + '-' + alias; // pulumi name before #12391 @@ -98,8 +93,8 @@ export class CloudPostgres extends pulumi.ComponentResource implements Postgres ...(opts.logicalDecoding ? [{ name: 'cloudsql.logical_decoding', value: 'on' }] : []), ], backupConfiguration: { - enabled: !opts.disableBackups, - pointInTimeRecoveryEnabled: !opts.disableBackups, + enabled: true, + pointInTimeRecoveryEnabled: true, ...(spliceConfig.pulumiProjectConfig.cloudSql.backupsToRetain ? { backupRetentionSettings: { diff --git a/cluster/pulumi/gha/src/performanceTests.ts b/cluster/pulumi/gha/src/performanceTests.ts deleted file mode 100644 index 0677b50292..0000000000 --- a/cluster/pulumi/gha/src/performanceTests.ts +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright (c) 2024 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved. -// SPDX-License-Identifier: Apache-2.0 -import { CloudPostgres, ExactNamespace } from '@lfdecentralizedtrust/splice-pulumi-common'; - -export function createCloudSQLInstanceForPerformanceTests( - ghaNamespace: ExactNamespace -): CloudPostgres { - return new CloudPostgres( - ghaNamespace, - 'performance-test-db', - 'performance-test-db', - 'performance-test-db-secret', - { - enabled: true, - maintenanceWindow: { day: 2, hour: 8 }, - protected: false, - tier: 'db-custom-2-7680', // same as devnet & testnet as of Jan 2026 - enterprisePlus: false, - }, - true, - { - disableProtection: true, - disableBackups: true, - logicalDecoding: false, - } - ); -} diff --git a/cluster/pulumi/gha/src/runners.test.ts b/cluster/pulumi/gha/src/runners.test.ts index 516cf795be..668889c260 100644 --- a/cluster/pulumi/gha/src/runners.test.ts +++ b/cluster/pulumi/gha/src/runners.test.ts @@ -15,7 +15,6 @@ jest.mock('./config', () => ({ runnerHookVersion: '1.1', }, })); -class FakeCloudPostgres extends pulumi.Resource {} jest.mock('@lfdecentralizedtrust/splice-pulumi-common', () => ({ __esModule: true, appsAffinityAndTolerations: {}, @@ -23,9 +22,6 @@ jest.mock('@lfdecentralizedtrust/splice-pulumi-common', () => ({ HELM_MAX_HISTORY_SIZE: 42, imagePullSecretByNamespaceNameForServiceAccount: () => [], infraAffinityAndTolerations: {}, - CloudPostgres: function CloudPostgres() { - return new FakeCloudPostgres('CloudPostgres', 'cloud-postgres', true); - }, })); jest.mock('@lfdecentralizedtrust/splice-pulumi-common/src/config/envConfig', () => ({ __esModule: true, diff --git a/cluster/pulumi/gha/src/runners.ts b/cluster/pulumi/gha/src/runners.ts index b1e1907d62..71f1514c6d 100644 --- a/cluster/pulumi/gha/src/runners.ts +++ b/cluster/pulumi/gha/src/runners.ts @@ -3,9 +3,7 @@ import * as k8s from '@pulumi/kubernetes'; import { appsAffinityAndTolerations, - CloudPostgres, DOCKER_REPO, - ExactNamespace, HELM_MAX_HISTORY_SIZE, imagePullSecretByNamespaceNameForServiceAccount, infraAffinityAndTolerations, @@ -20,7 +18,6 @@ import yaml from 'js-yaml'; import { createCachePvc } from './cache'; import { ghaConfig } from './config'; -import { createCloudSQLInstanceForPerformanceTests } from './performanceTests'; type ResourcesSpec = { requests?: { @@ -406,8 +403,7 @@ function installK8sRunnerScaleSet( cachePvcName: string, resources: ResourcesSpec, serviceAccountName: string, - dependsOn: Resource[], - performanceTestsDb: CloudPostgres + dependsOn: Resource[] ): Release { const podConfigMapName = `${name}-pod-config`; // A configMap that will be mounted to runner pods and provide additional pod spec for the workflow pods @@ -538,21 +534,6 @@ function installK8sRunnerScaleSet( name: 'ACTIONS_RUNNER_CONTAINER_HOOK_TEMPLATE', value: '/pod.yaml', }, - { - name: 'PERFORMANCE_TESTS_DB_HOST', - value: performanceTestsDb.address, - }, - { - name: 'PERFORMANCE_TESTS_DB_USER', - value: 'cnadmin', - }, - { - name: 'PERFORMANCE_TESTS_DB_PASSWORD', - valueFrom: { - key: 'postgresPassword', - name: performanceTestsDb.secretName, - }, - }, ], volumeMounts: [ { @@ -720,10 +701,9 @@ function installK8sRunnerScaleSets( runnersNamespace: Namespace, tokenSecret: Secret, cachePvcName: string, - serviceAccountName: string, - performanceTestsDb: CloudPostgres + serviceAccountName: string ): void { - const dependsOn = [controller, runnersNamespace, tokenSecret, performanceTestsDb]; + const dependsOn = [controller, runnersNamespace, tokenSecret]; runnerSpecs .filter(spec => spec.k8s) @@ -735,8 +715,7 @@ function installK8sRunnerScaleSets( cachePvcName, spec.resources, serviceAccountName, - dependsOn, - performanceTestsDb + dependsOn ); }); } @@ -775,17 +754,12 @@ function installPodMonitor(runnersNamespace: Namespace) { ); } -const GHA_NAMESPACE_NAME = 'gha-runners'; export function installRunnerScaleSets(controller: k8s.helm.v3.Release): void { - const runnersNamespace = new Namespace(GHA_NAMESPACE_NAME, { + const runnersNamespace = new Namespace('gha-runners', { metadata: { - name: GHA_NAMESPACE_NAME, + name: 'gha-runners', }, }); - const exactNs: ExactNamespace = { - ns: runnersNamespace, - logicalName: GHA_NAMESPACE_NAME, - }; const tokenSecret = new k8s.core.v1.Secret( 'gh-access-token', @@ -817,15 +791,7 @@ export function installRunnerScaleSets(controller: k8s.helm.v3.Release): void { const saName = 'k8s-runners'; installRunnersServiceAccount(runnersNamespace, saName); - const performanceTestsDb = createCloudSQLInstanceForPerformanceTests(exactNs); installDockerRunnerScaleSets(controller, runnersNamespace, tokenSecret, cachePvc, saName); - installK8sRunnerScaleSets( - controller, - runnersNamespace, - tokenSecret, - cachePvcName, - saName, - performanceTestsDb - ); + installK8sRunnerScaleSets(controller, runnersNamespace, tokenSecret, cachePvcName, saName); installPodMonitor(runnersNamespace); } From d741be3235fe9c53d502e5d0a33d08cf3d6d21c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oriol=20Mu=C3=B1oz?= Date: Wed, 21 Jan 2026 16:29:52 +0000 Subject: [PATCH 3/4] [ci] run MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oriol Muñoz From 50948afc40d7c2a2e56783f22091dfdebc9c3073 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oriol=20Mu=C3=B1oz?= Date: Wed, 21 Jan 2026 16:37:02 +0000 Subject: [PATCH 4/4] [ci] run MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oriol Muñoz