Skip to content

Commit

Permalink
Merge pull request redpanda-data#19472 from redpanda-data/PESDLC-1345…
Browse files Browse the repository at this point in the history 
…-v23.2.x-gha-aws-sm

[v23.2.x] gha: update to use aws sm
  • Loading branch information
@andrewhsu
andrewhsu authored Jun 11, 2024
2 parents a971411 + 5b49d50 commit b0ed98c
Show file tree
Hide file tree
Showing 13 changed files with 114 additions and 199 deletions.
48 changes: 31 additions & 17 deletions .github/workflows/backport-command.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,25 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_SM_READONLY_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SM_READONLY_SECRET_ACCESS_KEY }}
aws-region: us-west-2

- name: get secrets from aws sm
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
secret-ids: |
,sdlc/prod/github/actions_bot_token
parse-json-secrets: true

- name: Get type of backport (issue or PR)
env:
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
CLIENT_PAYLOAD: ${{ toJson(github.event.client_payload) }}
id: get_backport_type
run: $SCRIPT_DIR/get_backport_type.sh
Expand All @@ -39,7 +53,7 @@ jobs:
uses: peter-evans/create-or-update-comment@v1
if: failure()
with:
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
token: ${{ env.ACTIONS_BOT_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
comment-id: ${{ github.event.client_payload.github.payload.comment.id }}
reaction-type: "-1"
Expand All @@ -48,7 +62,7 @@ jobs:
if: failure()
env:
COMMENTED_ON: ${{ steps.get_backport_type.outputs.commented_on }}
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
run: $SCRIPT_DIR/post_error.sh
shell: bash

Expand All @@ -62,11 +76,11 @@ jobs:
BACKPORT_BRANCH: ${{ needs.backport-type.outputs.backport_branch }}
steps:
- name: checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Get user
env:
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
id: user
run: |
username=$(gh api user --jq .login)
Expand All @@ -82,7 +96,7 @@ jobs:

- name: Discover and create milestone
env:
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
TARGET_MILESTONE: ${{ needs.backport-type.outputs.target_milestone }}
id: create_milestone
run: $SCRIPT_DIR/create_milestone.sh
Expand All @@ -91,7 +105,7 @@ jobs:
- name: Create issue
if: needs.backport-type.outputs.commented_on == 'issue'
env:
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
TARGET_MILESTONE: ${{ steps.create_milestone.outputs.milestone }}
ORIG_TITLE: ${{ github.event.client_payload.github.payload.issue.title }}
ORIG_LABELS: ${{ toJson(github.event.client_payload.github.payload.issue.labels) }}
Expand All @@ -111,23 +125,23 @@ jobs:
if: needs.backport-type.outputs.commented_on == 'pr'
env:
BACKPORT_PR_NUMBER: ${{ github.event.client_payload.pull_request.number }}
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
id: backport_commits
run: |
backport_commits=$(gh api "repos/$TARGET_FULL_REPO/pulls/$BACKPORT_PR_NUMBER/commits" --jq .[].sha | paste -s -d ' ' -)
echo ::set-output name=backport_commits::$backport_commits
- uses: actions/checkout@v3
- uses: actions/checkout@v4
if: needs.backport-type.outputs.commented_on == 'pr'
with:
repository: ${{ steps.user.outputs.username }}/${{ steps.user.outputs.repo }}
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
token: ${{ env.ACTIONS_BOT_TOKEN }}
path: ./fork

- name: Backport commits and get details
if: needs.backport-type.outputs.commented_on == 'pr'
env:
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
ORIG_TITLE: ${{ github.event.client_payload.github.payload.issue.title }}
BACKPORT_COMMITS: ${{ steps.backport_commits.outputs.backport_commits }}
IS_MERGED: ${{ github.event.client_payload.pull_request.merged }}
Expand All @@ -142,7 +156,7 @@ jobs:
- name: Create pull request
if: needs.backport-type.outputs.commented_on == 'pr'
env:
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
TARGET_MILESTONE: ${{ steps.create_milestone.outputs.milestone }}
ORIG_TITLE: ${{ github.event.client_payload.github.payload.issue.title }}
ORIG_REVIEWERS: ${{ steps.reviewers.outputs.reviewers }}
Expand All @@ -158,7 +172,7 @@ jobs:
- name: Add reaction
uses: peter-evans/create-or-update-comment@v1
with:
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
token: ${{ env.ACTIONS_BOT_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
comment-id: ${{ github.event.client_payload.github.payload.comment.id }}
reaction-type: hooray
Expand All @@ -167,7 +181,7 @@ jobs:
uses: peter-evans/create-or-update-comment@v1
if: failure()
with:
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
token: ${{ env.ACTIONS_BOT_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
comment-id: ${{ github.event.client_payload.github.payload.comment.id }}
reaction-type: "-1"
Expand All @@ -176,14 +190,14 @@ jobs:
if: failure()
env:
COMMENTED_ON: ${{ needs.backport-type.outputs.commented_on }}
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
run: $SCRIPT_DIR/post_error.sh
shell: bash

- name: Create Issue On Error
if: failure()
env:
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
TARGET_MILESTONE: ${{ steps.create_milestone.outputs.milestone }}
ORIG_TITLE: ${{ github.event.client_payload.github.payload.issue.title }}
ORIG_LABELS: ${{ toJson(github.event.client_payload.github.payload.issue.labels) }}
Expand Down
17 changes: 14 additions & 3 deletions .github/workflows/backport-on-merge.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:

steps:
- name: checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

# Find the PR associated with this push, if there is one.
- uses: jwalton/gh-find-current-pr@v1
Expand All @@ -29,10 +29,21 @@ jobs:
if: success() && steps.findPr.outputs.number
env:
PR: ${{ steps.findPr.outputs.pr }}

- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_SM_READONLY_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SM_READONLY_SECRET_ACCESS_KEY }}
aws-region: us-west-2
- name: get secrets from aws sm
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
secret-ids: |
,sdlc/prod/github/actions_bot_token
parse-json-secrets: true
- name: Backport On Merge
env:
GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
id: extract_required_backports_from_pr_body
run: $SCRIPT_DIR/backport_on_merge.sh
shell: bash
27 changes: 21 additions & 6 deletions .github/workflows/buildkite-slash-commands.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,31 +10,46 @@ jobs:
run-build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_SM_READONLY_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SM_READONLY_SECRET_ACCESS_KEY }}
aws-region: us-west-2

- name: get secrets from aws sm
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
secret-ids: |
,sdlc/prod/github/actions_bot_token
,sdlc/prod/github/buildkite_token
parse-json-secrets: true

- uses: actions/checkout@v4
with:
repository: redpanda-data/sparse-checkout
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
token: ${{ env.ACTIONS_BOT_TOKEN }}
path: sparse-checkout

- uses: ./sparse-checkout
with:
repository: redpanda-data/vtools
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
token: ${{ env.ACTIONS_BOT_TOKEN }}
patterns: actions
path: ghca

- name: Buildkite slash command action
uses: ./ghca/actions/buildkite-slash-commands
with:
buildkite_token: ${{ secrets.BUILDKITE_TOKEN }}
buildkite_token: ${{ env.BUILDKITE_TOKEN }}
buildkite_org: redpanda
buildkite_pipeline: redpanda
command: ${{ github.event.client_payload.slash_command.command }}

- name: Success reaction
uses: peter-evans/create-or-update-comment@v2
with:
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
token: ${{ env.ACTIONS_BOT_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
comment-id: ${{ github.event.client_payload.github.payload.comment.id }}
reaction-type: hooray
Expand All @@ -43,5 +58,5 @@ jobs:
if: failure()
uses: ./ghca/actions/slash-command-error
with:
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
token: ${{ env.ACTIONS_BOT_TOKEN }}
body: ${{ env.ERROR_MSG }}
23 changes: 19 additions & 4 deletions .github/workflows/cloud-installpack-bk-trigger.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,23 +8,38 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_SM_READONLY_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SM_READONLY_SECRET_ACCESS_KEY }}
aws-region: us-west-2

- name: get secrets from aws sm
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
secret-ids: |
,sdlc/prod/github/actions_bot_token
,sdlc/prod/github/buildkite_token
parse-json-secrets: true

- uses: actions/checkout@v4
with:
repository: redpanda-data/sparse-checkout
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
token: ${{ env.ACTIONS_BOT_TOKEN }}
path: sparse-checkout

- uses: ./sparse-checkout
with:
repository: redpanda-data/vtools
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
token: ${{ env.ACTIONS_BOT_TOKEN }}
patterns: actions
path: ghca

- name: Trigger Versions Bump Buildkite Job
uses: ./ghca/actions/buildkite-pipeline-trigger
with:
buildkite_token: ${{ secrets.BUILDKITE_TOKEN }}
buildkite_token: ${{ env.BUILDKITE_TOKEN }}
buildkite_org: redpanda
buildkite_pipeline: ${{ vars.CLOUD_PIPELINE }}
commit: HEAD
Expand Down
30 changes: 0 additions & 30 deletions .github/workflows/kics-iac.yml
View file

This file was deleted.

25 changes: 0 additions & 25 deletions .github/workflows/old-backports.yml
View file

This file was deleted.

20 changes: 0 additions & 20 deletions .github/workflows/packages-created.yml
View file

This file was deleted.

2 changes: 1 addition & 1 deletion .github/workflows/pr-labeler.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,6 @@ jobs:
pull-requests: write
runs-on: ubuntu-latest
steps:
- uses: actions/labeler@v4
- uses: actions/labeler@v5
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
14 changes: 13 additions & 1 deletion .github/workflows/promote.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,22 @@ jobs:
trigger-promote:
runs-on: ubuntu-latest
steps:
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_SM_READONLY_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SM_READONLY_SECRET_ACCESS_KEY }}
aws-region: us-west-2
- name: get secrets from aws sm
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
secret-ids: |
,sdlc/prod/github/buildkite_token
parse-json-secrets: true
- name: trigger redpanda promote pipeline
uses: "buildkite/trigger-pipeline-action@v2.0.0"
with:
buildkite_api_access_token: ${{ secrets.BUILDKITE_TOKEN }}
buildkite_api_access_token: ${{ env.BUILDKITE_TOKEN }}
pipeline: "redpanda/redpanda"
branch: dev
message: ":github: Promote redpanda packages"
Expand Down
Loading

0 comments on commit b0ed98c

Please sign in to comment.