remove eager pet service account creation #1068
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: rawls-build-tag-publish-and-run-tests | |
on: | |
pull_request: | |
paths-ignore: ['**.md'] | |
push: | |
branches: | |
- develop | |
paths-ignore: ['**.md'] | |
env: | |
RAWLS_BUILD_RUN_NAME: 'rawls-build-${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt }}' | |
RAWLS_SWAT_TESTS_RUN_NAME: 'rawls-swat-tests-${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt }}' | |
BEE_NAME: '${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt}}' | |
BEE_CREATE_RUN_NAME: 'bee-create-${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt }}' | |
BEE_DESTROY_RUN_NAME: 'bee-destroy-${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt }}' | |
jobs: | |
# Attempt to bump the app version. | |
tag-job: | |
uses: ./.github/workflows/tag.yml | |
with: | |
release-branches: develop | |
secrets: inherit | |
# Set the test-context: is this a merge to `develop` or is this a PR? Extract branch accordingly | |
init-github-context: | |
runs-on: ubuntu-latest | |
outputs: | |
log-results: ${{ steps.set-test-context.outputs.log-results }} | |
test-context: ${{ steps.set-test-context.outputs.test-context }} | |
ref: ${{ steps.extract-branch.outputs.ref }} | |
steps: | |
- name: Get test context | |
id: set-test-context | |
run: |- | |
echo 'log-results=true' >> $GITHUB_OUTPUT | |
if ${{ github.ref_name == 'develop' }}; then | |
echo 'test-context=dev-merge' >> $GITHUB_OUTPUT | |
else | |
echo 'test-context=pr-test' >> $GITHUB_OUTPUT | |
fi | |
- name: Extract branch | |
id: extract-branch | |
run: | | |
GITHUB_EVENT_NAME=${{ github.event_name }} | |
if [[ "$GITHUB_EVENT_NAME" == "push" ]]; then | |
GITHUB_REF=${{ github.ref }} | |
GITHUB_SHA=${{ github.sha }} | |
elif [[ "$GITHUB_EVENT_NAME" == "pull_request" ]]; then | |
GITHUB_REF=refs/heads/${{ github.head_ref }} | |
GITHUB_SHA=${{ github.event.pull_request.head.sha }} | |
else | |
echo "Failed to extract branch information" | |
exit 1 | |
fi | |
echo "ref=$GITHUB_REF" >> $GITHUB_OUTPUT | |
echo "name=$GITHUB_SHA" >> $GITHUB_OUTPUT | |
# Compile the Scala code to a jar. | |
# Build the docker image and push that image to GCR. | |
rawls-build-publish-job: | |
runs-on: ubuntu-latest | |
needs: | |
- tag-job | |
- init-github-context | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
outputs: | |
custom-version-json: ${{ steps.render-rawls-version.outputs.custom-version-json }} | |
steps: | |
- uses: 'actions/checkout@v4' | |
- name: dispatch build to terra-github-workflows | |
uses: broadinstitute/[email protected] | |
with: | |
run-name: "${{ env.RAWLS_BUILD_RUN_NAME }}" | |
workflow: rawls-build | |
repo: broadinstitute/terra-github-workflows | |
ref: refs/heads/main | |
token: ${{ secrets.BROADBOT_TOKEN }} # github token for access to kick off a job in the private repo | |
inputs: '{ | |
"run-name": "${{ env.RAWLS_BUILD_RUN_NAME }}", | |
"repository": "${{ github.event.repository.full_name }}", | |
"ref": "${{ needs.init-github-context.outputs.ref }}", | |
"rawls-release-tag": "${{ needs.tag-job.outputs.tag }}" | |
}' | |
- name: Render Rawls version | |
id: render-rawls-version | |
env: | |
GITHUB_CONTEXT: ${{ toJSON(github) }} | |
run: | | |
echo "$GITHUB_CONTEXT" | |
echo "custom-version-json={\\\"rawls\\\":{\\\"appVersion\\\":\\\"${{ needs.tag-job.outputs.tag }}\\\"}}" >> $GITHUB_OUTPUT | |
# Tell Broad DevOps Sherlock about the build version we just created. | |
report-to-sherlock: | |
uses: broadinstitute/sherlock/.github/workflows/client-report-app-version.yaml@main | |
needs: [tag-job, rawls-build-publish-job] | |
with: | |
new-version: ${{ needs.tag-job.outputs.tag }} | |
chart-name: 'rawls' | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
# Put new Rawls version in Broad dev environment | |
set-version-in-dev: | |
uses: broadinstitute/sherlock/.github/workflows/client-set-environment-app-version.yaml@main | |
needs: [tag-job, rawls-build-publish-job, report-to-sherlock] | |
if: ${{ github.ref_name == 'develop' }} | |
with: | |
new-version: ${{ needs.tag-job.outputs.tag }} | |
chart-name: 'rawls' | |
environment-name: 'dev' | |
secrets: | |
sync-git-token: ${{ secrets.BROADBOT_TOKEN }} | |
permissions: | |
id-token: 'write' | |
# Create a BEE to be used by swat tests. | |
create-bee-workflow: | |
strategy: | |
matrix: | |
terra-env: [ dev ] # what versions of apps do we use to emulate types of environments | |
runs-on: ubuntu-latest | |
needs: | |
- rawls-build-publish-job | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
steps: | |
- name: Echo Rawls version | |
run: | | |
echo '${{ needs.rawls-build-publish-job.outputs.custom-version-json }}' | |
- name: dispatch to terra-github-workflows | |
uses: broadinstitute/[email protected] | |
with: | |
run-name: "${{ env.BEE_CREATE_RUN_NAME }}-${{ matrix.terra-env }}" | |
workflow: bee-create | |
repo: broadinstitute/terra-github-workflows | |
ref: refs/heads/main | |
token: ${{ secrets.BROADBOT_TOKEN }} # github token for access to kick off a job in the private repo | |
# manually recalculate b/c env context is broken https://github.com/actions/runner/issues/480 | |
inputs: '{ | |
"run-name": "${{ env.BEE_CREATE_RUN_NAME }}-${{ matrix.terra-env }}", | |
"bee-name": "${{ env.BEE_NAME }}-${{ matrix.terra-env }}", | |
"version-template": "${{ matrix.terra-env }}", | |
"custom-version-json": "${{ needs.rawls-build-publish-job.outputs.custom-version-json }}" | |
}' | |
# Run swat tests. This kicks off multiple parallel jobs for Workflows and Workspaces tests, which run against the BEE | |
# we just created. | |
rawls-swat-test-job: | |
strategy: | |
# set fail-fast: false. We want all test jobs to complete, so we can see their results. If fail-fast were true, | |
# the first test jobs failure would cancel the other test jobs. | |
fail-fast: false | |
matrix: | |
terra-env: [ dev ] # what versions of apps do we use to emulate types of environments | |
testing-env: [ qa ] # what env resources to use, e.g. SA keys | |
test-group: [ | |
{ group_name: workspaces, tag: "-n org.broadinstitute.dsde.test.api.BillingsTest -n org.broadinstitute.dsde.test.api.WorkspacesTest" }, | |
{ group_name: workspacesAuthDomains, tag: "-n org.broadinstitute.dsde.test.api.AuthDomainsTest" }, | |
{ group_name: workflows, tag: "-n org.broadinstitute.dsde.test.api.MethodsTest" } | |
# The Analysis Journeys swat tests (DataRepoSnapshotsTest) are all disabled, so the following matrix value | |
# will run zero tests. Instead of running a noop test job, skip it altogether. We are leaving this value | |
# here, commented out, to make it easy to re-instate if/when Analysis Journeys does have some tests to run. | |
# { group_name: analysis_journeys, tag: "-n org.broadinstitute.dsde.test.api.DataRepoSnapshotsTest" } | |
] # Rawls test groups | |
name: ${{ matrix.test-group.group_name }}-owned tests | |
runs-on: ubuntu-latest | |
needs: | |
- create-bee-workflow | |
- init-github-context | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
steps: | |
- name: dispatch to terra-github-workflows | |
env: | |
rawls_base_test_entrypoint: "testOnly -- -l ProdTest -l NotebooksCanaryTest" | |
test-context: ${{ needs.init-github-context.outputs.test-context }} | |
uses: broadinstitute/[email protected] | |
with: | |
run-name: "${{ env.RAWLS_SWAT_TESTS_RUN_NAME }}-${{ matrix.terra-env }}-${{ matrix.testing-env }}-${{ matrix.test-group.group_name }}" | |
workflow: .github/workflows/rawls-swat-tests.yaml | |
repo: broadinstitute/terra-github-workflows | |
ref: refs/heads/main | |
token: ${{ secrets.BROADBOT_TOKEN }} # github token for access to kick off a job in the private repo | |
# manually recalculate b/c env context is broken https://github.com/actions/runner/issues/480 | |
inputs: '{ | |
"additional-args": "{\"logging\":\"true\",\"java-version\":\"17\",\"billing-project\":\"\"}", | |
"run-name": "${{ env.RAWLS_SWAT_TESTS_RUN_NAME }}-${{ matrix.terra-env }}-${{ matrix.testing-env }}-${{ matrix.test-group.group_name }}", | |
"bee-name": "${{ env.BEE_NAME }}-${{ matrix.terra-env }}", | |
"ENV": "${{ matrix.testing-env }}", | |
"test-group-name": "${{ matrix.test-group.group_name }}", | |
"test-command": "${{ env.rawls_base_test_entrypoint }} ${{ matrix.test-group.tag }}", | |
"test-context": "${{ env.test-context }}", | |
"ref": "${{ needs.init-github-context.outputs.ref }}" | |
}' | |
# Delete the BEE, now that swat tests are done. | |
destroy-bee-workflow: | |
strategy: | |
matrix: | |
terra-env: [ dev ] # what versions of apps do we use to emulate types of environments | |
runs-on: ubuntu-latest | |
needs: | |
- rawls-swat-test-job | |
if: always() # always run to confirm bee is destroyed | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
steps: | |
- name: dispatch to terra-github-workflows | |
uses: broadinstitute/[email protected] | |
with: | |
run-name: "${{ env.BEE_DESTROY_RUN_NAME }}-${{ matrix.terra-env }}" | |
workflow: bee-destroy | |
repo: broadinstitute/terra-github-workflows | |
ref: refs/heads/main | |
token: ${{ secrets.BROADBOT_TOKEN }} # github token for access to kick off a job in the private repo | |
# manually recalculate b/c env context is broken https://github.com/actions/runner/issues/480 | |
inputs: '{ | |
"run-name": "${{ env.BEE_DESTROY_RUN_NAME }}-${{ matrix.terra-env }}", | |
"bee-name": "${{ env.BEE_NAME }}-${{ matrix.terra-env }}" | |
}' |