Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v23.2.x] gha: update to use aws sm #19472

Merged
merged 13 commits into from
Jun 11, 2024
Merged

[v23.2.x] gha: update to use aws sm #19472

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
069eefa
gha: update to actions/checkout@v4
andrewhsu Jun 7, 2024
1fd6678
gha: update backport-command to use aws sm
andrewhsu Jun 7, 2024
81be12c
gha: remove old-backports.yml
andrewhsu Jun 7, 2024
2495fce
gha: remove unused packages-created.yml
andrewhsu Jun 7, 2024
5b73e0e
gha: remove unused render-draft-release-notes.yml
andrewhsu Jun 7, 2024
2e065a9
gha: remove unused slack-messages.yml
andrewhsu Jun 7, 2024
ab6ce78
gha: update backport-on-merge to use aws sm
andrewhsu Jun 7, 2024
2da249c
gha: update buildkite-slash-commands to use aws sm
andrewhsu Jun 7, 2024
5329e13
gha: update cloud-installpack-bk-trigger to use aws sm
andrewhsu Jun 7, 2024
dc8b53a
gha: update promote to use aws sm
andrewhsu Jun 7, 2024
4d06eed
gha: update slash-commands to use aws sm
andrewhsu Jun 7, 2024
7055b14
gha: update to actions/labeler@v5
andrewhsu Jun 7, 2024
5b49d50
removes kics
wreet Dec 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 31 additions & 17 deletions .github/workflows/backport-command.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,25 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_SM_READONLY_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SM_READONLY_SECRET_ACCESS_KEY }}
aws-region: us-west-2

- name: get secrets from aws sm
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
secret-ids: |
,sdlc/prod/github/actions_bot_token
parse-json-secrets: true

- name: Get type of backport (issue or PR)
env:
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
CLIENT_PAYLOAD: ${{ toJson(github.event.client_payload) }}
id: get_backport_type
run: $SCRIPT_DIR/get_backport_type.sh
Expand All @@ -39,7 +53,7 @@ jobs:
uses: peter-evans/create-or-update-comment@v1
if: failure()
with:
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
token: ${{ env.ACTIONS_BOT_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
comment-id: ${{ github.event.client_payload.github.payload.comment.id }}
reaction-type: "-1"
Expand All @@ -48,7 +62,7 @@ jobs:
if: failure()
env:
COMMENTED_ON: ${{ steps.get_backport_type.outputs.commented_on }}
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
run: $SCRIPT_DIR/post_error.sh
shell: bash

Expand All @@ -62,11 +76,11 @@ jobs:
BACKPORT_BRANCH: ${{ needs.backport-type.outputs.backport_branch }}
steps:
- name: checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Get user
env:
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
id: user
run: |
username=$(gh api user --jq .login)
Expand All @@ -82,7 +96,7 @@ jobs:

- name: Discover and create milestone
env:
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
TARGET_MILESTONE: ${{ needs.backport-type.outputs.target_milestone }}
id: create_milestone
run: $SCRIPT_DIR/create_milestone.sh
Expand All @@ -91,7 +105,7 @@ jobs:
- name: Create issue
if: needs.backport-type.outputs.commented_on == 'issue'
env:
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
TARGET_MILESTONE: ${{ steps.create_milestone.outputs.milestone }}
ORIG_TITLE: ${{ github.event.client_payload.github.payload.issue.title }}
ORIG_LABELS: ${{ toJson(github.event.client_payload.github.payload.issue.labels) }}
Expand All @@ -111,23 +125,23 @@ jobs:
if: needs.backport-type.outputs.commented_on == 'pr'
env:
BACKPORT_PR_NUMBER: ${{ github.event.client_payload.pull_request.number }}
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
id: backport_commits
run: |
backport_commits=$(gh api "repos/$TARGET_FULL_REPO/pulls/$BACKPORT_PR_NUMBER/commits" --jq .[].sha | paste -s -d ' ' -)
echo ::set-output name=backport_commits::$backport_commits

- uses: actions/checkout@v3
- uses: actions/checkout@v4
if: needs.backport-type.outputs.commented_on == 'pr'
with:
repository: ${{ steps.user.outputs.username }}/${{ steps.user.outputs.repo }}
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
token: ${{ env.ACTIONS_BOT_TOKEN }}
path: ./fork

- name: Backport commits and get details
if: needs.backport-type.outputs.commented_on == 'pr'
env:
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
ORIG_TITLE: ${{ github.event.client_payload.github.payload.issue.title }}
BACKPORT_COMMITS: ${{ steps.backport_commits.outputs.backport_commits }}
IS_MERGED: ${{ github.event.client_payload.pull_request.merged }}
Expand All @@ -142,7 +156,7 @@ jobs:
- name: Create pull request
if: needs.backport-type.outputs.commented_on == 'pr'
env:
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
TARGET_MILESTONE: ${{ steps.create_milestone.outputs.milestone }}
ORIG_TITLE: ${{ github.event.client_payload.github.payload.issue.title }}
ORIG_REVIEWERS: ${{ steps.reviewers.outputs.reviewers }}
Expand All @@ -158,7 +172,7 @@ jobs:
- name: Add reaction
uses: peter-evans/create-or-update-comment@v1
with:
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
token: ${{ env.ACTIONS_BOT_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
comment-id: ${{ github.event.client_payload.github.payload.comment.id }}
reaction-type: hooray
Expand All @@ -167,7 +181,7 @@ jobs:
uses: peter-evans/create-or-update-comment@v1
if: failure()
with:
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
token: ${{ env.ACTIONS_BOT_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
comment-id: ${{ github.event.client_payload.github.payload.comment.id }}
reaction-type: "-1"
Expand All @@ -176,14 +190,14 @@ jobs:
if: failure()
env:
COMMENTED_ON: ${{ needs.backport-type.outputs.commented_on }}
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
run: $SCRIPT_DIR/post_error.sh
shell: bash

- name: Create Issue On Error
if: failure()
env:
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
TARGET_MILESTONE: ${{ steps.create_milestone.outputs.milestone }}
ORIG_TITLE: ${{ github.event.client_payload.github.payload.issue.title }}
ORIG_LABELS: ${{ toJson(github.event.client_payload.github.payload.issue.labels) }}
Expand Down
17 changes: 14 additions & 3 deletions .github/workflows/backport-on-merge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:

steps:
- name: checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

# Find the PR associated with this push, if there is one.
- uses: jwalton/gh-find-current-pr@v1
Expand All @@ -29,10 +29,21 @@ jobs:
if: success() && steps.findPr.outputs.number
env:
PR: ${{ steps.findPr.outputs.pr }}

- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_SM_READONLY_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SM_READONLY_SECRET_ACCESS_KEY }}
aws-region: us-west-2
- name: get secrets from aws sm
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
secret-ids: |
,sdlc/prod/github/actions_bot_token
parse-json-secrets: true
- name: Backport On Merge
env:
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
id: extract_required_backports_from_pr_body
run: $SCRIPT_DIR/backport_on_merge.sh
shell: bash
27 changes: 21 additions & 6 deletions .github/workflows/buildkite-slash-commands.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,31 +10,46 @@ jobs:
run-build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_SM_READONLY_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SM_READONLY_SECRET_ACCESS_KEY }}
aws-region: us-west-2

- name: get secrets from aws sm
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
secret-ids: |
,sdlc/prod/github/actions_bot_token
,sdlc/prod/github/buildkite_token
parse-json-secrets: true

- uses: actions/checkout@v4
with:
repository: redpanda-data/sparse-checkout
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
token: ${{ env.ACTIONS_BOT_TOKEN }}
path: sparse-checkout

- uses: ./sparse-checkout
with:
repository: redpanda-data/vtools
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
token: ${{ env.ACTIONS_BOT_TOKEN }}
patterns: actions
path: ghca

- name: Buildkite slash command action
uses: ./ghca/actions/buildkite-slash-commands
with:
buildkite_token: ${{ secrets.BUILDKITE_TOKEN }}
buildkite_token: ${{ env.BUILDKITE_TOKEN }}
buildkite_org: redpanda
buildkite_pipeline: redpanda
command: ${{ github.event.client_payload.slash_command.command }}

- name: Success reaction
uses: peter-evans/create-or-update-comment@v2
with:
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
token: ${{ env.ACTIONS_BOT_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
comment-id: ${{ github.event.client_payload.github.payload.comment.id }}
reaction-type: hooray
Expand All @@ -43,5 +58,5 @@ jobs:
if: failure()
uses: ./ghca/actions/slash-command-error
with:
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
token: ${{ env.ACTIONS_BOT_TOKEN }}
body: ${{ env.ERROR_MSG }}
23 changes: 19 additions & 4 deletions .github/workflows/cloud-installpack-bk-trigger.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,23 +8,38 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_SM_READONLY_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SM_READONLY_SECRET_ACCESS_KEY }}
aws-region: us-west-2

- name: get secrets from aws sm
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
secret-ids: |
,sdlc/prod/github/actions_bot_token
,sdlc/prod/github/buildkite_token
parse-json-secrets: true

- uses: actions/checkout@v4
with:
repository: redpanda-data/sparse-checkout
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
token: ${{ env.ACTIONS_BOT_TOKEN }}
path: sparse-checkout

- uses: ./sparse-checkout
with:
repository: redpanda-data/vtools
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
token: ${{ env.ACTIONS_BOT_TOKEN }}
patterns: actions
path: ghca

- name: Trigger Versions Bump Buildkite Job
uses: ./ghca/actions/buildkite-pipeline-trigger
with:
buildkite_token: ${{ secrets.BUILDKITE_TOKEN }}
buildkite_token: ${{ env.BUILDKITE_TOKEN }}
buildkite_org: redpanda
buildkite_pipeline: ${{ vars.CLOUD_PIPELINE }}
commit: HEAD
Expand Down
30 changes: 0 additions & 30 deletions .github/workflows/kics-iac.yml
View file
Open in desktop

This file was deleted.

25 changes: 0 additions & 25 deletions .github/workflows/old-backports.yml
View file
Open in desktop

This file was deleted.

20 changes: 0 additions & 20 deletions .github/workflows/packages-created.yml
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion .github/workflows/pr-labeler.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,6 @@ jobs:
pull-requests: write
runs-on: ubuntu-latest
steps:
- uses: actions/labeler@v4
- uses: actions/labeler@v5
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
14 changes: 13 additions & 1 deletion .github/workflows/promote.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,22 @@ jobs:
trigger-promote:
runs-on: ubuntu-latest
steps:
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_SM_READONLY_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SM_READONLY_SECRET_ACCESS_KEY }}
aws-region: us-west-2
- name: get secrets from aws sm
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
secret-ids: |
,sdlc/prod/github/buildkite_token
parse-json-secrets: true
- name: trigger redpanda promote pipeline
uses: "buildkite/trigger-pipeline-action@v2.0.0"
with:
buildkite_api_access_token: ${{ secrets.BUILDKITE_TOKEN }}
buildkite_api_access_token: ${{ env.BUILDKITE_TOKEN }}
pipeline: "redpanda/redpanda"
branch: dev
message: ":github: Promote redpanda packages"
Expand Down
Loading
Loading