From 733e5d7de512e8aa51606a8c37a3c81bf60d519f Mon Sep 17 00:00:00 2001 From: Aaron Chung Date: Thu, 23 Jan 2025 12:17:01 -0800 Subject: [PATCH] test - try add role-session-name, and output-credentials flag, and remove temp creds step --- .../workflows/mysql_advanced_performance.yml | 21 +++++------------- .github/workflows/mysql_performance.yml | 21 +++++------------- .github/workflows/pg_advanced_performance.yml | 21 +++++------------- .github/workflows/pg_performance.yml | 21 +++++------------- .github/workflows/run-autoscaling-tests.yml | 21 +++++------------- .../run-integration-tests-codebuild.yml | 21 +++++------------- .../run-integration-tests-default.yml | 22 +++++-------------- .../run-integration-tests-latest.yml | 21 +++++------------- 8 files changed, 41 insertions(+), 128 deletions(-) diff --git a/.github/workflows/mysql_advanced_performance.yml b/.github/workflows/mysql_advanced_performance.yml index 3be9441b3..018f65639 100644 --- a/.github/workflows/mysql_advanced_performance.yml +++ b/.github/workflows/mysql_advanced_performance.yml @@ -26,29 +26,18 @@ jobs: uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_DEPLOY_ROLE }} + role-session-name: run_adv_perf_test_mysql aws-region: ${{ secrets.AWS_DEFAULT_REGION }} - - name: 'Set up temp AWS credentials' - run: | - creds=($(aws sts get-session-token \ - --duration-seconds 21600 \ - --query 'Credentials.[AccessKeyId, SecretAccessKey, SessionToken]' \ - --output text \ - | xargs)); - echo "::add-mask::${creds[0]}" - echo "::add-mask::${creds[1]}" - echo "::add-mask::${creds[2]}" - echo "TEMP_AWS_ACCESS_KEY_ID=${creds[0]}" >> $GITHUB_ENV - echo "TEMP_AWS_SECRET_ACCESS_KEY=${creds[1]}" >> $GITHUB_ENV - echo "TEMP_AWS_SESSION_TOKEN=${creds[2]}" >> $GITHUB_ENV + output-credentials: true - name: 'Run performance tests (OpenJDK)' run: | ./gradlew --no-parallel --no-daemon test-aurora-mysql-advanced-performance env: AURORA_CLUSTER_DOMAIN: ${{ secrets.DB_CONN_SUFFIX }} RDS_DB_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_ACCESS_KEY_ID: ${{ env.TEMP_AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ env.TEMP_AWS_SECRET_ACCESS_KEY }} - AWS_SESSION_TOKEN: ${{ env.TEMP_AWS_SESSION_TOKEN }} + AWS_ACCESS_KEY_ID: ${{ steps.creds.outputs.aws-access-key-id }} + AWS_SECRET_ACCESS_KEY: ${{ steps.creds.outputs.aws-secret-access-key }} + AWS_SESSION_TOKEN: ${{ steps.creds.outputs.aws-session-token }} MYSQL_VERSION: "default" PG_VERSION: "default" - name: 'Archive Performance Results' diff --git a/.github/workflows/mysql_performance.yml b/.github/workflows/mysql_performance.yml index 310f4ba0a..3f6b0cbd2 100644 --- a/.github/workflows/mysql_performance.yml +++ b/.github/workflows/mysql_performance.yml @@ -26,29 +26,18 @@ jobs: uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_DEPLOY_ROLE }} + role-session-name: run_perf_test_mysql aws-region: ${{ secrets.AWS_DEFAULT_REGION }} - - name: 'Set up temp AWS credentials' - run: | - creds=($(aws sts get-session-token \ - --duration-seconds 21600 \ - --query 'Credentials.[AccessKeyId, SecretAccessKey, SessionToken]' \ - --output text \ - | xargs)); - echo "::add-mask::${creds[0]}" - echo "::add-mask::${creds[1]}" - echo "::add-mask::${creds[2]}" - echo "TEMP_AWS_ACCESS_KEY_ID=${creds[0]}" >> $GITHUB_ENV - echo "TEMP_AWS_SECRET_ACCESS_KEY=${creds[1]}" >> $GITHUB_ENV - echo "TEMP_AWS_SESSION_TOKEN=${creds[2]}" >> $GITHUB_ENV + output-credentials: true - name: 'Run performance tests (OpenJDK)' run: | ./gradlew --no-parallel --no-daemon test-aurora-mysql-performance env: AURORA_CLUSTER_DOMAIN: ${{ secrets.DB_CONN_SUFFIX }} RDS_DB_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_ACCESS_KEY_ID: ${{ env.TEMP_AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ env.TEMP_AWS_SECRET_ACCESS_KEY }} - AWS_SESSION_TOKEN: ${{ env.TEMP_AWS_SESSION_TOKEN }} + AWS_ACCESS_KEY_ID: ${{ steps.creds.outputs.aws-access-key-id }} + AWS_SECRET_ACCESS_KEY: ${{ steps.creds.outputs.aws-secret-access-key }} + AWS_SESSION_TOKEN: ${{ steps.creds.outputs.aws-session-token }} MYSQL_VERSION: "default" PG_VERSION: "default" - name: 'Archive Performance Results' diff --git a/.github/workflows/pg_advanced_performance.yml b/.github/workflows/pg_advanced_performance.yml index 5d9f1dea9..a85ead2ee 100644 --- a/.github/workflows/pg_advanced_performance.yml +++ b/.github/workflows/pg_advanced_performance.yml @@ -26,29 +26,18 @@ jobs: uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_DEPLOY_ROLE }} + role-session-name: run_adv_perf_test_pgsql aws-region: ${{ secrets.AWS_DEFAULT_REGION }} - - name: 'Set up temp AWS credentials' - run: | - creds=($(aws sts get-session-token \ - --duration-seconds 21600 \ - --query 'Credentials.[AccessKeyId, SecretAccessKey, SessionToken]' \ - --output text \ - | xargs)); - echo "::add-mask::${creds[0]}" - echo "::add-mask::${creds[1]}" - echo "::add-mask::${creds[2]}" - echo "TEMP_AWS_ACCESS_KEY_ID=${creds[0]}" >> $GITHUB_ENV - echo "TEMP_AWS_SECRET_ACCESS_KEY=${creds[1]}" >> $GITHUB_ENV - echo "TEMP_AWS_SESSION_TOKEN=${creds[2]}" >> $GITHUB_ENV + output-credentials: true - name: 'Run performance tests (OpenJDK)' run: | ./gradlew --no-parallel --no-daemon test-aurora-pg-advanced-performance env: AURORA_CLUSTER_DOMAIN: ${{ secrets.DB_CONN_SUFFIX }} RDS_DB_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_ACCESS_KEY_ID: ${{ env.TEMP_AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ env.TEMP_AWS_SECRET_ACCESS_KEY }} - AWS_SESSION_TOKEN: ${{ env.TEMP_AWS_SESSION_TOKEN }} + AWS_ACCESS_KEY_ID: ${{ steps.creds.outputs.aws-access-key-id }} + AWS_SECRET_ACCESS_KEY: ${{ steps.creds.outputs.aws-secret-access-key }} + AWS_SESSION_TOKEN: ${{ steps.creds.outputs.aws-session-token }} MYSQL_VERSION: "default" PG_VERSION: "default" - name: 'Archive Performance Results' diff --git a/.github/workflows/pg_performance.yml b/.github/workflows/pg_performance.yml index fe1a5afe3..dafb829a4 100644 --- a/.github/workflows/pg_performance.yml +++ b/.github/workflows/pg_performance.yml @@ -26,29 +26,18 @@ jobs: uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_DEPLOY_ROLE }} + role-session-name: run_perf_test_pgsql aws-region: ${{ secrets.AWS_DEFAULT_REGION }} - - name: 'Set up temp AWS credentials' - run: | - creds=($(aws sts get-session-token \ - --duration-seconds 21600 \ - --query 'Credentials.[AccessKeyId, SecretAccessKey, SessionToken]' \ - --output text \ - | xargs)); - echo "::add-mask::${creds[0]}" - echo "::add-mask::${creds[1]}" - echo "::add-mask::${creds[2]}" - echo "TEMP_AWS_ACCESS_KEY_ID=${creds[0]}" >> $GITHUB_ENV - echo "TEMP_AWS_SECRET_ACCESS_KEY=${creds[1]}" >> $GITHUB_ENV - echo "TEMP_AWS_SESSION_TOKEN=${creds[2]}" >> $GITHUB_ENV + output-credentials: true - name: 'Run performance tests (OpenJDK)' run: | ./gradlew --no-parallel --no-daemon test-aurora-pg-performance env: AURORA_CLUSTER_DOMAIN: ${{ secrets.DB_CONN_SUFFIX }} RDS_DB_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_ACCESS_KEY_ID: ${{ env.TEMP_AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ env.TEMP_AWS_SECRET_ACCESS_KEY }} - AWS_SESSION_TOKEN: ${{ env.TEMP_AWS_SESSION_TOKEN }} + AWS_ACCESS_KEY_ID: ${{ steps.creds.outputs.aws-access-key-id }} + AWS_SECRET_ACCESS_KEY: ${{ steps.creds.outputs.aws-secret-access-key }} + AWS_SESSION_TOKEN: ${{ steps.creds.outputs.aws-session-token }} MYSQL_VERSION: "default" PG_VERSION: "default" - name: 'Archive Performance Results' diff --git a/.github/workflows/run-autoscaling-tests.yml b/.github/workflows/run-autoscaling-tests.yml index 22ef72054..794c6867d 100644 --- a/.github/workflows/run-autoscaling-tests.yml +++ b/.github/workflows/run-autoscaling-tests.yml @@ -29,29 +29,18 @@ jobs: uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_DEPLOY_ROLE }} + role-session-name: run_autoscale_test aws-region: ${{ secrets.AWS_DEFAULT_REGION }} - - name: 'Set up temp AWS credentials' - run: | - creds=($(aws sts get-session-token \ - --duration-seconds 21600 \ - --query 'Credentials.[AccessKeyId, SecretAccessKey, SessionToken]' \ - --output text \ - | xargs)); - echo "::add-mask::${creds[0]}" - echo "::add-mask::${creds[1]}" - echo "::add-mask::${creds[2]}" - echo "TEMP_AWS_ACCESS_KEY_ID=${creds[0]}" >> $GITHUB_ENV - echo "TEMP_AWS_SECRET_ACCESS_KEY=${creds[1]}" >> $GITHUB_ENV - echo "TEMP_AWS_SESSION_TOKEN=${creds[2]}" >> $GITHUB_ENV + output-credentials: true - name: Run integration tests run: | ./gradlew --no-parallel --no-daemon test-autoscaling-only env: AURORA_CLUSTER_DOMAIN: ${{ secrets.DB_CONN_SUFFIX }} AURORA_DB_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_ACCESS_KEY_ID: ${{ env.TEMP_AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ env.TEMP_AWS_SECRET_ACCESS_KEY }} - AWS_SESSION_TOKEN: ${{ env.TEMP_AWS_SESSION_TOKEN }} + AWS_ACCESS_KEY_ID: ${{ steps.creds.outputs.aws-access-key-id }} + AWS_SECRET_ACCESS_KEY: ${{ steps.creds.outputs.aws-secret-access-key }} + AWS_SESSION_TOKEN: ${{ steps.creds.outputs.aws-session-token }} MYSQL_VERSION: "default" PG_VERSION: "default" - name: Mask data diff --git a/.github/workflows/run-integration-tests-codebuild.yml b/.github/workflows/run-integration-tests-codebuild.yml index 9b2ef00f2..007b3a753 100644 --- a/.github/workflows/run-integration-tests-codebuild.yml +++ b/.github/workflows/run-integration-tests-codebuild.yml @@ -33,29 +33,18 @@ jobs: uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_DEPLOY_ROLE }} + role-session-name: run_integration_test_codebuild aws-region: ${{ secrets.AWS_DEFAULT_REGION }} - - name: 'Set up temp AWS credentials' - run: | - creds=($(aws sts get-session-token \ - --duration-seconds 21600 \ - --query 'Credentials.[AccessKeyId, SecretAccessKey, SessionToken]' \ - --output text \ - | xargs)); - echo "::add-mask::${creds[0]}" - echo "::add-mask::${creds[1]}" - echo "::add-mask::${creds[2]}" - echo "TEMP_AWS_ACCESS_KEY_ID=${creds[0]}" >> $GITHUB_ENV - echo "TEMP_AWS_SECRET_ACCESS_KEY=${creds[1]}" >> $GITHUB_ENV - echo "TEMP_AWS_SESSION_TOKEN=${creds[2]}" >> $GITHUB_ENV + output-credentials: true - name: Run integration tests run: | ./gradlew --no-parallel --no-daemon test-all-${{ matrix.environment }}-aurora env: AURORA_CLUSTER_DOMAIN: ${{ secrets.DB_CONN_SUFFIX }} RDS_DB_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_ACCESS_KEY_ID: ${{ env.TEMP_AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ env.TEMP_AWS_SECRET_ACCESS_KEY }} - AWS_SESSION_TOKEN: ${{ env.TEMP_AWS_SESSION_TOKEN }} + AWS_ACCESS_KEY_ID: ${{ steps.creds.outputs.aws-access-key-id }} + AWS_SECRET_ACCESS_KEY: ${{ steps.creds.outputs.aws-secret-access-key }} + AWS_SESSION_TOKEN: ${{ steps.creds.outputs.aws-session-token }} RDS_ENDPOINT: ${{ secrets.RDS_ENDPOINT }} MYSQL_VERSION: "latest" PG_VERSION: "latest" diff --git a/.github/workflows/run-integration-tests-default.yml b/.github/workflows/run-integration-tests-default.yml index 8eb172fd9..690cd6754 100644 --- a/.github/workflows/run-integration-tests-default.yml +++ b/.github/workflows/run-integration-tests-default.yml @@ -29,32 +29,22 @@ jobs: distribution: 'corretto' java-version: 8 - name: 'Configure AWS credentials' + id: creds uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_DEPLOY_ROLE }} + role-session-name: run_integration_test_default aws-region: ${{ secrets.AWS_DEFAULT_REGION }} - - name: 'Set up temp AWS credentials' - run: | - creds=($(aws sts get-session-token \ - --duration-seconds 21600 \ - --query 'Credentials.[AccessKeyId, SecretAccessKey, SessionToken]' \ - --output text \ - | xargs)); - echo "::add-mask::${creds[0]}" - echo "::add-mask::${creds[1]}" - echo "::add-mask::${creds[2]}" - echo "TEMP_AWS_ACCESS_KEY_ID=${creds[0]}" >> $GITHUB_ENV - echo "TEMP_AWS_SECRET_ACCESS_KEY=${creds[1]}" >> $GITHUB_ENV - echo "TEMP_AWS_SESSION_TOKEN=${creds[2]}" >> $GITHUB_ENV + output-credentials: true - name: Run integration tests run: | ./gradlew --no-parallel --no-daemon test-all-${{ matrix.dbEngine }} env: AURORA_CLUSTER_DOMAIN: ${{ secrets.DB_CONN_SUFFIX }} RDS_DB_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_ACCESS_KEY_ID: ${{ env.TEMP_AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ env.TEMP_AWS_SECRET_ACCESS_KEY }} - AWS_SESSION_TOKEN: ${{ env.TEMP_AWS_SESSION_TOKEN }} + AWS_ACCESS_KEY_ID: ${{ steps.creds.outputs.aws-access-key-id }} + AWS_SECRET_ACCESS_KEY: ${{ steps.creds.outputs.aws-secret-access-key }} + AWS_SESSION_TOKEN: ${{ steps.creds.outputs.aws-session-token }} MYSQL_VERSION: "default" PG_VERSION: "default" - name: Mask data diff --git a/.github/workflows/run-integration-tests-latest.yml b/.github/workflows/run-integration-tests-latest.yml index 06295b8ee..11136bfc7 100644 --- a/.github/workflows/run-integration-tests-latest.yml +++ b/.github/workflows/run-integration-tests-latest.yml @@ -32,29 +32,18 @@ jobs: uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_DEPLOY_ROLE }} + role-session-name: run_integration_test_latest aws-region: ${{ secrets.AWS_DEFAULT_REGION }} - - name: 'Set up temp AWS credentials' - run: | - creds=($(aws sts get-session-token \ - --duration-seconds 21600 \ - --query 'Credentials.[AccessKeyId, SecretAccessKey, SessionToken]' \ - --output text \ - | xargs)); - echo "::add-mask::${creds[0]}" - echo "::add-mask::${creds[1]}" - echo "::add-mask::${creds[2]}" - echo "TEMP_AWS_ACCESS_KEY_ID=${creds[0]}" >> $GITHUB_ENV - echo "TEMP_AWS_SECRET_ACCESS_KEY=${creds[1]}" >> $GITHUB_ENV - echo "TEMP_AWS_SESSION_TOKEN=${creds[2]}" >> $GITHUB_ENV + output-credentials: true - name: Run integration tests run: | ./gradlew --no-parallel --no-daemon test-all-${{ matrix.dbEngine }} env: AURORA_CLUSTER_DOMAIN: ${{ secrets.DB_CONN_SUFFIX }} RDS_DB_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_ACCESS_KEY_ID: ${{ env.TEMP_AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ env.TEMP_AWS_SECRET_ACCESS_KEY }} - AWS_SESSION_TOKEN: ${{ env.TEMP_AWS_SESSION_TOKEN }} + AWS_ACCESS_KEY_ID: ${{ steps.creds.outputs.aws-access-key-id }} + AWS_SECRET_ACCESS_KEY: ${{ steps.creds.outputs.aws-secret-access-key }} + AWS_SESSION_TOKEN: ${{ steps.creds.outputs.aws-session-token }} MYSQL_VERSION: "latest" PG_VERSION: "latest" - name: Mask data