Skip to content

Commit 9e4550c

Browse files
matttrachmatttrach
authored
fix: give each job its own session (rancher#107)
Signed-off-by: matttrach <matt.trachier@suse.com>
1 parent 9f04d71 commit 9e4550c

1 file changed

Lines changed: 53 additions & 22 deletions

File tree

.github/workflows/release.yaml

Lines changed: 53 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,7 @@ jobs:
8888
uses: aws-actions/configure-aws-credentials@v4
8989
with:
9090
role-to-assume: ${{env.AWS_ROLE}}
91-
role-session-name: ${{github.run_id}}
91+
role-session-name: ${{github.run_id}}-TestOneBasic
9292
aws-region: ${{env.AWS_REGION}}
9393
role-duration-seconds: 14400 # 4 hours
9494
output-credentials: true
@@ -108,7 +108,7 @@ jobs:
108108
AWS_RETRY_MODE: adaptive
109109
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
110110
GITHUB_OWNER: rancher
111-
IDENTIFIER: ${{github.run_id}}
111+
IDENTIFIER: ${{github.run_id}}-TestOneBasic
112112
ZONE: ${{secrets.ZONE}}
113113
ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory
114114
RANCHER_INSECURE: false
@@ -130,7 +130,7 @@ jobs:
130130
uses: aws-actions/configure-aws-credentials@v4
131131
with:
132132
role-to-assume: ${{env.AWS_ROLE}}
133-
role-session-name: ${{github.run_id}}
133+
role-session-name: ${{github.run_id}}-TestProdBasic
134134
aws-region: ${{env.AWS_REGION}}
135135
role-duration-seconds: 14400 # 4 hours
136136
output-credentials: true
@@ -150,7 +150,7 @@ jobs:
150150
AWS_RETRY_MODE: adaptive
151151
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
152152
GITHUB_OWNER: rancher
153-
IDENTIFIER: ${{github.run_id}}
153+
IDENTIFIER: ${{github.run_id}}-TestProdBasic
154154
ZONE: ${{secrets.ZONE}}
155155
ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory
156156
RANCHER_INSECURE: false
@@ -172,7 +172,7 @@ jobs:
172172
uses: aws-actions/configure-aws-credentials@v4
173173
with:
174174
role-to-assume: ${{env.AWS_ROLE}}
175-
role-session-name: ${{github.run_id}}
175+
role-session-name: ${{github.run_id}}-TestThreeBasic
176176
aws-region: ${{env.AWS_REGION}}
177177
role-duration-seconds: 14400 # 4 hours
178178
output-credentials: true
@@ -192,7 +192,7 @@ jobs:
192192
AWS_RETRY_MODE: adaptive
193193
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
194194
GITHUB_OWNER: rancher
195-
IDENTIFIER: ${{github.run_id}}
195+
IDENTIFIER: ${{github.run_id}}-TestThreeBasic
196196
ZONE: ${{secrets.ZONE}}
197197
ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory
198198
RANCHER_INSECURE: false
@@ -204,7 +204,6 @@ jobs:
204204
needs:
205205
- release
206206
- test_TestOneBasic
207-
- test_TestProdBasic
208207
if: needs.release.outputs.release_pr
209208
runs-on: ubuntu-latest
210209
steps:
@@ -216,7 +215,7 @@ jobs:
216215
uses: aws-actions/configure-aws-credentials@v4
217216
with:
218217
role-to-assume: ${{env.AWS_ROLE}}
219-
role-session-name: ${{github.run_id}}
218+
role-session-name: ${{github.run_id}}-TestDownstreamBasic
220219
aws-region: ${{env.AWS_REGION}}
221220
role-duration-seconds: 14400 # 4 hours
222221
output-credentials: true
@@ -236,7 +235,7 @@ jobs:
236235
AWS_RETRY_MODE: adaptive
237236
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
238237
GITHUB_OWNER: rancher
239-
IDENTIFIER: ${{github.run_id}}
238+
IDENTIFIER: ${{github.run_id}}-TestDownstreamBasic
240239
ZONE: ${{secrets.ZONE}}
241240
ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory
242241
RANCHER_INSECURE: false
@@ -247,9 +246,6 @@ jobs:
247246
needs:
248247
- release
249248
- test_TestOneBasic
250-
- test_TestProdBasic
251-
- test_TestThreeBasic
252-
- test_TestDownstreamBasic
253249
if: needs.release.outputs.release_pr
254250
runs-on: ubuntu-latest
255251
steps:
@@ -261,7 +257,7 @@ jobs:
261257
uses: aws-actions/configure-aws-credentials@v4
262258
with:
263259
role-to-assume: ${{env.AWS_ROLE}}
264-
role-session-name: ${{github.run_id}}
260+
role-session-name: ${{github.run_id}}-TestDownstreamSplitrole
265261
aws-region: ${{env.AWS_REGION}}
266262
role-duration-seconds: 14400 # 4 hours
267263
output-credentials: true
@@ -281,7 +277,7 @@ jobs:
281277
AWS_RETRY_MODE: adaptive
282278
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
283279
GITHUB_OWNER: rancher
284-
IDENTIFIER: ${{github.run_id}}
280+
IDENTIFIER: ${{github.run_id}}-TestDownstreamSplitrole
285281
ZONE: ${{secrets.ZONE}}
286282
ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory
287283
RANCHER_INSECURE: false
@@ -307,7 +303,7 @@ jobs:
307303
uses: aws-actions/configure-aws-credentials@v4
308304
with:
309305
role-to-assume: ${{env.AWS_ROLE}}
310-
role-session-name: ${{github.run_id}}
306+
role-session-name: ${{github.run_id}}-cleanup
311307
aws-region: ${{env.AWS_REGION}}
312308
role-duration-seconds: 3600 # 1 hour
313309
output-credentials: true
@@ -317,19 +313,54 @@ jobs:
317313
source /home/runner/.nix-profile/etc/profile.d/nix.sh
318314
nix --version
319315
which nix
320-
- name: cleanup
316+
- name: cleanupTestOneBasic
321317
shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}'
322318
env:
323319
AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }}
324320
AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }}
325321
AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }}
326322
AWS_MAX_ATTEMPTS: 100
327-
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
328-
GITHUB_OWNER: rancher
329-
IDENTIFIER: ${{github.run_id}}
330-
ZONE: ${{secrets.ZONE}}
331-
ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory
332-
RANCHER_INSECURE: false
323+
IDENTIFIER: ${{github.run_id}}-TestOneBasic
324+
run: |
325+
./run_tests.sh -c $IDENTIFIER
326+
- name: cleanupTestProdBasic
327+
shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}'
328+
env:
329+
AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }}
330+
AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }}
331+
AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }}
332+
AWS_MAX_ATTEMPTS: 100
333+
IDENTIFIER: ${{github.run_id}}-TestProdBasic
334+
run: |
335+
./run_tests.sh -c $IDENTIFIER
336+
- name: cleanupTestThreeBasic
337+
shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}'
338+
env:
339+
AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }}
340+
AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }}
341+
AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }}
342+
AWS_MAX_ATTEMPTS: 100
343+
IDENTIFIER: ${{github.run_id}}-TestThreeBasic
344+
run: |
345+
./run_tests.sh -c $IDENTIFIER
346+
- name: cleanupTestDownstreamBasic
347+
shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}'
348+
env:
349+
AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }}
350+
AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }}
351+
AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }}
352+
AWS_MAX_ATTEMPTS: 100
353+
IDENTIFIER: ${{github.run_id}}-TestDownstreamBasic
354+
run: |
355+
./run_tests.sh -c $IDENTIFIER
356+
- name: cleanupTestDownstreamSplitrole
357+
shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}'
358+
env:
359+
AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }}
360+
AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }}
361+
AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }}
362+
AWS_MAX_ATTEMPTS: 100
363+
IDENTIFIER: ${{github.run_id}}-TestDownstreamSplitrole
333364
run: |
334365
./run_tests.sh -c $IDENTIFIER
335366

0 commit comments

Comments
 (0)