added assume role

aws · Feb 5, 2025 · 3e9511c · 3e9511c
1 parent 6d1f3bb
commit 3e9511c
Show file tree

Hide file tree

Showing 2 changed files with 162 additions and 156 deletions.
diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml
@@ -176,39 +176,39 @@ jobs:
       github_sha: ${{github.sha}}
       s3_integration_bucket: ${{ vars.S3_INTEGRATION_BUCKET }}
 
-  StartLocalStackITAR:
-    name: 'StartLocalStackITAR'
-    needs: [OutputEnvVariables]
-    uses: ./.github/workflows/start-localstack.yml
-    secrets: inherit
-    permissions:
-      id-token: write
-      contents: read
-    with:
-      region: us-gov-east-1
-      test_repo_name: ${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_NAME }}
-      test_repo_branch: ${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_BRANCH }}
-      terraform_assume_role: ${{ vars.TERRAFORM_AWS_ASSUME_ROLE_ITAR }}
-      test_repo_url: ${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_URL }}
-      github_sha: ${{github.sha}}
-      s3_integration_bucket: ${{ vars.S3_INTEGRATION_BUCKET_ITAR }}
-
-  StartLocalStackCN:
-    name: 'StartLocalStackCN'
-    needs: [ OutputEnvVariables ]
-    uses: ./.github/workflows/start-localstack.yml
-    secrets: inherit
-    permissions:
-      id-token: write
-      contents: read
-    with:
-      region: cn-north-1
-      test_repo_name: ${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_NAME }}
-      test_repo_branch: ${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_BRANCH }}
-      terraform_assume_role: ${{ vars.TERRAFORM_AWS_ASSUME_ROLE_CN }}
-      test_repo_url: ${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_URL }}
-      github_sha: ${{github.sha}}
-      s3_integration_bucket: ${{ vars.S3_INTEGRATION_BUCKET_CN }}
+  # StartLocalStackITAR:
+  #   name: 'StartLocalStackITAR'
+  #   needs: [OutputEnvVariables]
+  #   uses: ./.github/workflows/start-localstack.yml
+  #   secrets: inherit
+  #   permissions:
+  #     id-token: write
+  #     contents: read
+  #   with:
+  #     region: us-gov-east-1
+  #     test_repo_name: ${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_NAME }}
+  #     test_repo_branch: ${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_BRANCH }}
+  #     terraform_assume_role: ${{ vars.TERRAFORM_AWS_ASSUME_ROLE_ITAR }}
+  #     test_repo_url: ${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_URL }}
+  #     github_sha: ${{github.sha}}
+  #     s3_integration_bucket: ${{ vars.S3_INTEGRATION_BUCKET_ITAR }}
+
+  # StartLocalStackCN:
+  #   name: 'StartLocalStackCN'
+  #   needs: [ OutputEnvVariables ]
+  #   uses: ./.github/workflows/start-localstack.yml
+  #   secrets: inherit
+  #   permissions:
+  #     id-token: write
+  #     contents: read
+  #   with:
+  #     region: cn-north-1
+  #     test_repo_name: ${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_NAME }}
+  #     test_repo_branch: ${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_BRANCH }}
+  #     terraform_assume_role: ${{ vars.TERRAFORM_AWS_ASSUME_ROLE_CN }}
+  #     test_repo_url: ${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_URL }}
+  #     github_sha: ${{github.sha}}
+  #     s3_integration_bucket: ${{ vars.S3_INTEGRATION_BUCKET_CN }}
 
   LinuxOnPremIntegrationTest:
     needs: [StartLocalStack, GenerateTestMatrix, OutputEnvVariables]
@@ -372,101 +372,103 @@ jobs:
   EC2LinuxIntegrationTest:
     needs: [StartLocalStack, GenerateTestMatrix]
     uses: ./.github/workflows/terraform-test-execution.yml
+    secrets: inherit
     with:
+      terraform_assume_role: ${{ vars.TERRAFORM_AWS_ASSUME_ROLE }}
       terraform_vars: ${{needs.GenerateTestMatrix.outputs.ec2_linux_matrix}}
       terraform_dir: 'terraform/ec2/linux'
       needs_ecr: false
       timeout_minutes: 30
 
-  EC2WindowsIntegrationTest:
-    needs: [GenerateTestMatrix]
-    uses: ./.github/workflows/terraform-test-execution.yml
-    with:
-      terraform_vars: ${{needs.GenerateTestMatrix.outputs.ec2_windows_matrix}}
-      terraform_dir: 'terraform/ec2/win'
-      needs_ecr: false
-      timeout_minutes: 30
-
-  EC2DarwinIntegrationTest:
-    needs: [GenerateTestMatrix]
-    uses: ./.github/workflows/terraform-test-execution.yml
-    with:
-      terraform_vars: ${{needs.GenerateTestMatrix.outputs.ec2_mac_matrix}}
-      terraform_dir: 'terraform/ec2/mac'
-      needs_ecr: false
-      timeout_minutes: 30
-
-  ECSEC2IntegrationTest:
-    needs: [GenerateTestMatrix]
-    uses: ./.github/workflows/terraform-test-execution.yml
-    with:
-      terraform_vars: ${{needs.GenerateTestMatrix.outputs.ecs_ec2_launch_daemon_matrix}}
-      terraform_dir: 'terraform/ecs_ec2/daemon'
-      needs_ecr: true
-      timeout_minutes: 15
-
-  ECSFargateIntegrationTest:
-    needs: [GenerateTestMatrix]
-    uses: ./.github/workflows/terraform-test-execution.yml
-    with:
-      terraform_vars: ${{needs.GenerateTestMatrix.outputs.ecs_fargate_matrix}}
-      terraform_dir: 'terraform/ecs_fargate/linux'
-      needs_ecr: true
-      timeout_minutes: 15
-
-  EC2LinuxIntegrationTestITAR:
-    needs: [StartLocalStackITAR, GenerateTestMatrix]
-    uses: ./.github/workflows/terraform-test-execution.yml
-    with:
-      terraform_vars: ${{needs.GenerateTestMatrix.outputs.ec2_linux_itar_matrix}}
-      terraform_dir: 'terraform/ec2/linux'
-      needs_ecr: false
-      timeout_minutes: 30
-
-  EC2LinuxIntegrationTestCN:
-    needs: [StartLocalStackCN, GenerateTestMatrix]
-    uses: ./.github/workflows/terraform-test-execution.yml
-    with:
-      terraform_vars: ${{needs.GenerateTestMatrix.outputs.ec2_linux_china_matrix}}
-      terraform_dir: 'terraform/ec2/linux'
-      needs_ecr: false
-      timeout_minutes: 30
-
-  PerformanceTrackingTest:
-    needs: [GenerateTestMatrix]
-    uses: ./.github/workflows/terraform-test-execution.yml
-    with:
-      terraform_vars: ${{needs.GenerateTestMatrix.outputs.ec2_performance_matrix}}
-      terraform_dir: 'terraform/performance'
-      needs_ecr: false
-      timeout_minutes: 60
-
-  EC2WinPerformanceTest:
-    needs: [GenerateTestMatrix]
-    uses: ./.github/workflows/terraform-test-execution.yml
-    with:
-      terraform_vars: ${{needs.GenerateTestMatrix.outputs.ec2_windows_performance_matrix}}
-      terraform_dir: 'terraform/performance'
-      needs_ecr: false
-      timeout_minutes: 60
-
-  StressTrackingTest:
-    needs: [GenerateTestMatrix]
-    uses: ./.github/workflows/terraform-test-execution.yml
-    with:
-      terraform_vars: ${{needs.GenerateTestMatrix.outputs.ec2_stress_matrix}}
-      terraform_dir: 'terraform/stress'
-      needs_ecr: false
-      timeout_minutes: 60
-
-  EC2WinStressTrackingTest:
-    needs: [GenerateTestMatrix]
-    uses: ./.github/workflows/terraform-test-execution.yml
-    with:
-      terraform_vars: ${{needs.GenerateTestMatrix.outputs.ec2_windows_stress_matrix}}
-      terraform_dir: 'terraform/stress'
-      needs_ecr: false
-      timeout_minutes: 60
+  # EC2WindowsIntegrationTest:
+  #   needs: [GenerateTestMatrix]
+  #   uses: ./.github/workflows/terraform-test-execution.yml
+  #   with:
+  #     terraform_vars: ${{needs.GenerateTestMatrix.outputs.ec2_windows_matrix}}
+  #     terraform_dir: 'terraform/ec2/win'
+  #     needs_ecr: false
+  #     timeout_minutes: 30
+
+  # EC2DarwinIntegrationTest:
+  #   needs: [GenerateTestMatrix]
+  #   uses: ./.github/workflows/terraform-test-execution.yml
+  #   with:
+  #     terraform_vars: ${{needs.GenerateTestMatrix.outputs.ec2_mac_matrix}}
+  #     terraform_dir: 'terraform/ec2/mac'
+  #     needs_ecr: false
+  #     timeout_minutes: 30
+
+  # ECSEC2IntegrationTest:
+  #   needs: [GenerateTestMatrix]
+  #   uses: ./.github/workflows/terraform-test-execution.yml
+  #   with:
+  #     terraform_vars: ${{needs.GenerateTestMatrix.outputs.ecs_ec2_launch_daemon_matrix}}
+  #     terraform_dir: 'terraform/ecs_ec2/daemon'
+  #     needs_ecr: true
+  #     timeout_minutes: 15
+
+  # ECSFargateIntegrationTest:
+  #   needs: [GenerateTestMatrix]
+  #   uses: ./.github/workflows/terraform-test-execution.yml
+  #   with:
+  #     terraform_vars: ${{needs.GenerateTestMatrix.outputs.ecs_fargate_matrix}}
+  #     terraform_dir: 'terraform/ecs_fargate/linux'
+  #     needs_ecr: true
+  #     timeout_minutes: 15
+
+  # EC2LinuxIntegrationTestITAR:
+  #   needs: [StartLocalStackITAR, GenerateTestMatrix]
+  #   uses: ./.github/workflows/terraform-test-execution.yml
+  #   with:
+  #     terraform_vars: ${{needs.GenerateTestMatrix.outputs.ec2_linux_itar_matrix}}
+  #     terraform_dir: 'terraform/ec2/linux'
+  #     needs_ecr: false
+  #     timeout_minutes: 30
+
+  # EC2LinuxIntegrationTestCN:
+  #   needs: [StartLocalStackCN, GenerateTestMatrix]
+  #   uses: ./.github/workflows/terraform-test-execution.yml
+  #   with:
+  #     terraform_vars: ${{needs.GenerateTestMatrix.outputs.ec2_linux_china_matrix}}
+  #     terraform_dir: 'terraform/ec2/linux'
+  #     needs_ecr: false
+  #     timeout_minutes: 30
+
+  # PerformanceTrackingTest:
+  #   needs: [GenerateTestMatrix]
+  #   uses: ./.github/workflows/terraform-test-execution.yml
+  #   with:
+  #     terraform_vars: ${{needs.GenerateTestMatrix.outputs.ec2_performance_matrix}}
+  #     terraform_dir: 'terraform/performance'
+  #     needs_ecr: false
+  #     timeout_minutes: 60
+
+  # EC2WinPerformanceTest:
+  #   needs: [GenerateTestMatrix]
+  #   uses: ./.github/workflows/terraform-test-execution.yml
+  #   with:
+  #     terraform_vars: ${{needs.GenerateTestMatrix.outputs.ec2_windows_performance_matrix}}
+  #     terraform_dir: 'terraform/performance'
+  #     needs_ecr: false
+  #     timeout_minutes: 60
+
+  # StressTrackingTest:
+  #   needs: [GenerateTestMatrix]
+  #   uses: ./.github/workflows/terraform-test-execution.yml
+  #   with:
+  #     terraform_vars: ${{needs.GenerateTestMatrix.outputs.ec2_stress_matrix}}
+  #     terraform_dir: 'terraform/stress'
+  #     needs_ecr: false
+  #     timeout_minutes: 60
+
+  # EC2WinStressTrackingTest:
+  #   needs: [GenerateTestMatrix]
+  #   uses: ./.github/workflows/terraform-test-execution.yml
+  #   with:
+  #     terraform_vars: ${{needs.GenerateTestMatrix.outputs.ec2_windows_stress_matrix}}
+  #     terraform_dir: 'terraform/stress'
+  #     needs_ecr: false
+  #     timeout_minutes: 60
 
   StopLocalStack:
     name: 'StopLocalStack'
@@ -485,39 +487,39 @@ jobs:
       github_sha: ${{github.sha}}
       s3_integration_bucket: ${{ vars.S3_INTEGRATION_BUCKET }}
 
-  StopLocalStackITAR:
-    name: 'StopLocalStackITAR'
-    if: ${{ always() && needs.StartLocalStackITAR.result == 'success' }}
-    needs: [ StartLocalStackITAR, EC2LinuxIntegrationTestITAR, OutputEnvVariables ]
-    uses: ./.github/workflows/stop-localstack.yml
-    secrets: inherit
-    permissions:
-      id-token: write
-      contents: read
-    with:
-      region: us-gov-east-1
-      test_repo_name: ${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_NAME }}
-      test_repo_branch: ${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_BRANCH }}
-      terraform_assume_role: ${{ vars.TERRAFORM_AWS_ASSUME_ROLE_ITAR }}
-      github_sha: ${{github.sha}}
-      s3_integration_bucket: ${{ vars.S3_INTEGRATION_BUCKET_ITAR }}
-
-  StopLocalStackCN:
-    name: 'StopLocalStackCN'
-    if: ${{ always() && needs.StartLocalStackCN.result == 'success' }}
-    needs: [ StartLocalStackCN, EC2LinuxIntegrationTestCN ]
-    uses: ./.github/workflows/stop-localstack.yml
-    secrets: inherit
-    permissions:
-      id-token: write
-      contents: read
-    with:
-      region: cn-north-1
-      test_repo_name: ${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_NAME }}
-      test_repo_branch: ${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_BRANCH }}
-      terraform_assume_role: ${{ vars.TERRAFORM_AWS_ASSUME_ROLE_CN }}
-      github_sha: ${{github.sha}}
-      s3_integration_bucket: ${{ vars.S3_INTEGRATION_BUCKET_CN }}
+  # StopLocalStackITAR:
+  #   name: 'StopLocalStackITAR'
+  #   if: ${{ always() && needs.StartLocalStackITAR.result == 'success' }}
+  #   needs: [ StartLocalStackITAR, EC2LinuxIntegrationTestITAR, OutputEnvVariables ]
+  #   uses: ./.github/workflows/stop-localstack.yml
+  #   secrets: inherit
+  #   permissions:
+  #     id-token: write
+  #     contents: read
+  #   with:
+  #     region: us-gov-east-1
+  #     test_repo_name: ${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_NAME }}
+  #     test_repo_branch: ${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_BRANCH }}
+  #     terraform_assume_role: ${{ vars.TERRAFORM_AWS_ASSUME_ROLE_ITAR }}
+  #     github_sha: ${{github.sha}}
+  #     s3_integration_bucket: ${{ vars.S3_INTEGRATION_BUCKET_ITAR }}
+
+  # StopLocalStackCN:
+  #   name: 'StopLocalStackCN'
+  #   if: ${{ always() && needs.StartLocalStackCN.result == 'success' }}
+  #   needs: [ StartLocalStackCN, EC2LinuxIntegrationTestCN ]
+  #   uses: ./.github/workflows/stop-localstack.yml
+  #   secrets: inherit
+  #   permissions:
+  #     id-token: write
+  #     contents: read
+  #   with:
+  #     region: cn-north-1
+  #     test_repo_name: ${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_NAME }}
+  #     test_repo_branch: ${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_BRANCH }}
+  #     terraform_assume_role: ${{ vars.TERRAFORM_AWS_ASSUME_ROLE_CN }}
+  #     github_sha: ${{github.sha}}
+  #     s3_integration_bucket: ${{ vars.S3_INTEGRATION_BUCKET_CN }}
 
   GPUEndToEndTest:
     name: "GPU E2E Test"

diff --git a/.github/workflows/terraform-test-execution.yml b/.github/workflows/terraform-test-execution.yml
@@ -16,6 +16,10 @@ env:
 on:
   workflow_call:
     inputs:
+      terraform_assume_role:
+        required: true
+        type: string
+        description: 'Terraform assume role to configure creds'
       terraform_vars:
         required: true
         type: string
@@ -59,7 +63,7 @@ jobs:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v2
         with:
-          role-to-assume: ${{ env.TERRAFORM_AWS_ASSUME_ROLE }}
+          role-to-assume: ${{ inputs.terraform_assume_role }}
           aws-region: us-west-2
           role-duration-seconds: 14400