Skip to content

fix: give each job its own session #107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
matttrach merged 1 commit into from
Jul 9, 2025
Merged

fix: give each job its own session #107

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
75 changes: 53 additions & 22 deletions .github/workflows/release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ jobs:
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{env.AWS_ROLE}}
role-session-name: ${{github.run_id}}
role-session-name: ${{github.run_id}}-TestOneBasic
aws-region: ${{env.AWS_REGION}}
role-duration-seconds: 14400 # 4 hours
output-credentials: true
Expand All @@ -108,7 +108,7 @@ jobs:
AWS_RETRY_MODE: adaptive
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
GITHUB_OWNER: rancher
IDENTIFIER: ${{github.run_id}}
IDENTIFIER: ${{github.run_id}}-TestOneBasic
ZONE: ${{secrets.ZONE}}
ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory
RANCHER_INSECURE: false
Expand All @@ -130,7 +130,7 @@ jobs:
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{env.AWS_ROLE}}
role-session-name: ${{github.run_id}}
role-session-name: ${{github.run_id}}-TestProdBasic
aws-region: ${{env.AWS_REGION}}
role-duration-seconds: 14400 # 4 hours
output-credentials: true
Expand All @@ -150,7 +150,7 @@ jobs:
AWS_RETRY_MODE: adaptive
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
GITHUB_OWNER: rancher
IDENTIFIER: ${{github.run_id}}
IDENTIFIER: ${{github.run_id}}-TestProdBasic
ZONE: ${{secrets.ZONE}}
ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory
RANCHER_INSECURE: false
Expand All @@ -172,7 +172,7 @@ jobs:
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{env.AWS_ROLE}}
role-session-name: ${{github.run_id}}
role-session-name: ${{github.run_id}}-TestThreeBasic
aws-region: ${{env.AWS_REGION}}
role-duration-seconds: 14400 # 4 hours
output-credentials: true
Expand All @@ -192,7 +192,7 @@ jobs:
AWS_RETRY_MODE: adaptive
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
GITHUB_OWNER: rancher
IDENTIFIER: ${{github.run_id}}
IDENTIFIER: ${{github.run_id}}-TestThreeBasic
ZONE: ${{secrets.ZONE}}
ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory
RANCHER_INSECURE: false
Expand All @@ -204,7 +204,6 @@ jobs:
needs:
- release
- test_TestOneBasic
- test_TestProdBasic
if: needs.release.outputs.release_pr
runs-on: ubuntu-latest
steps:
Expand All @@ -216,7 +215,7 @@ jobs:
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{env.AWS_ROLE}}
role-session-name: ${{github.run_id}}
role-session-name: ${{github.run_id}}-TestDownstreamBasic
aws-region: ${{env.AWS_REGION}}
role-duration-seconds: 14400 # 4 hours
output-credentials: true
Expand All @@ -236,7 +235,7 @@ jobs:
AWS_RETRY_MODE: adaptive
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
GITHUB_OWNER: rancher
IDENTIFIER: ${{github.run_id}}
IDENTIFIER: ${{github.run_id}}-TestDownstreamBasic
ZONE: ${{secrets.ZONE}}
ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory
RANCHER_INSECURE: false
Expand All @@ -247,9 +246,6 @@ jobs:
needs:
- release
- test_TestOneBasic
- test_TestProdBasic
- test_TestThreeBasic
- test_TestDownstreamBasic
if: needs.release.outputs.release_pr
runs-on: ubuntu-latest
steps:
Expand All @@ -261,7 +257,7 @@ jobs:
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{env.AWS_ROLE}}
role-session-name: ${{github.run_id}}
role-session-name: ${{github.run_id}}-TestDownstreamSplitrole
aws-region: ${{env.AWS_REGION}}
role-duration-seconds: 14400 # 4 hours
output-credentials: true
Expand All @@ -281,7 +277,7 @@ jobs:
AWS_RETRY_MODE: adaptive
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
GITHUB_OWNER: rancher
IDENTIFIER: ${{github.run_id}}
IDENTIFIER: ${{github.run_id}}-TestDownstreamSplitrole
ZONE: ${{secrets.ZONE}}
ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory
RANCHER_INSECURE: false
Expand All @@ -307,7 +303,7 @@ jobs:
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{env.AWS_ROLE}}
role-session-name: ${{github.run_id}}
role-session-name: ${{github.run_id}}-cleanup
aws-region: ${{env.AWS_REGION}}
role-duration-seconds: 3600 # 1 hour
output-credentials: true
Expand All @@ -317,19 +313,54 @@ jobs:
source /home/runner/.nix-profile/etc/profile.d/nix.sh
nix --version
which nix
- name: cleanup
- name: cleanupTestOneBasic
shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}'
env:
AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }}
AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }}
AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }}
AWS_MAX_ATTEMPTS: 100
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
GITHUB_OWNER: rancher
IDENTIFIER: ${{github.run_id}}
ZONE: ${{secrets.ZONE}}
ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory
RANCHER_INSECURE: false
IDENTIFIER: ${{github.run_id}}-TestOneBasic
run: |
./run_tests.sh -c $IDENTIFIER
- name: cleanupTestProdBasic
shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}'
env:
AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }}
AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }}
AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }}
AWS_MAX_ATTEMPTS: 100
IDENTIFIER: ${{github.run_id}}-TestProdBasic
run: |
./run_tests.sh -c $IDENTIFIER
- name: cleanupTestThreeBasic
shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}'
env:
AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }}
AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }}
AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }}
AWS_MAX_ATTEMPTS: 100
IDENTIFIER: ${{github.run_id}}-TestThreeBasic
run: |
./run_tests.sh -c $IDENTIFIER
- name: cleanupTestDownstreamBasic
shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}'
env:
AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }}
AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }}
AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }}
AWS_MAX_ATTEMPTS: 100
IDENTIFIER: ${{github.run_id}}-TestDownstreamBasic
run: |
./run_tests.sh -c $IDENTIFIER
- name: cleanupTestDownstreamSplitrole
shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}'
env:
AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }}
AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }}
AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }}
AWS_MAX_ATTEMPTS: 100
IDENTIFIER: ${{github.run_id}}-TestDownstreamSplitrole
run: |
./run_tests.sh -c $IDENTIFIER

Expand Down