Skip to content
This repository has been archived by the owner on Nov 20, 2024. It is now read-only.

WM-2582: Unset dedicated ingest SA flag #2771

WM-2582: Unset dedicated ingest SA flag

WM-2582: Unset dedicated ingest SA flag #2771

Workflow file for this run

# This workflow triggers tests on PRs
name: Tests on Pull Requests
on:
pull_request:
paths:
- api/**
- database/**
jobs:
build:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:11
# Provide the password for postgres
env:
POSTGRES_PASSWORD: postgres
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
# Maps tcp port 5432 on service container to the host
- 5432:5432
env:
MODULES: api functions/aou functions/sg
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Java
uses: actions/setup-java@v1
with:
java-version: '11'
- name: Setup Clojure
uses: DeLaGuardo/setup-clojure@e73bf2b6435244b2c9c5c226ae5022d91d0ce702
with:
cli: '1.10.1.739'
- name: Setup Python3
uses: actions/setup-python@v2
with:
python-version: '3.8' # Version range or exact version of a Python version to use, using SemVer's version range syntax
# Get secret from vault
- name: Authenticate to GCloud
id: gcloud
env:
ROLE_ID: ${{ secrets.ROLE_ID }}
SECRET_ID: ${{ secrets.SECRET_ID }}
VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
run: |
# get vault token using role-id and secret-id
VAULT_TOKEN=$(curl \
--request POST \
--data "{\"role_id\":\"${ROLE_ID}\",\"secret_id\":\"${SECRET_ID}\"}" \
${VAULT_ADDR}/v1/auth/approle/login | jq -r .auth.client_token)
if [ -z "${VAULT_TOKEN}" ] ; then
echo "Vault authentication failed!"
exit 1
fi
echo ::add-mask::${VAULT_TOKEN}
echo "VAULT_TOKEN=${VAULT_TOKEN}" >> $GITHUB_ENV
echo ${VAULT_TOKEN} > ~/.vault-token
# use vault token to read secret - service account json
curl --silent -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET \
${VAULT_ADDR}/v1/secret/dsde/gotc/dev/wfl/wfl-non-prod-service-account.json \
| jq .data > sa.json
if [ ! -s sa.json ] ; then
echo "Retrieval of Gcloud SA credentials failed"
exit 1
fi
# auth as service account
gcloud auth activate-service-account --key-file=sa.json
if [ $? -ne 0 ] ; then
echo "Gcloud auth failed!"
exit 1
fi
# get bearer token and set it to a specific env var that
# subsequent steps expect. bearer token good for 1 hour
GOOGLE_OAUTH_ACCESS_TOKEN=$(gcloud auth print-access-token)
if [ -z "${GOOGLE_OAUTH_ACCESS_TOKEN}" ] ; then
echo "Generating Gcloud access token failed"
exit 1
fi
echo ::add-mask::${GOOGLE_OAUTH_ACCESS_TOKEN}
echo "GOOGLE_OAUTH_ACCESS_TOKEN=${GOOGLE_OAUTH_ACCESS_TOKEN}" >> $GITHUB_ENV
echo "GOOGLE_APPLICATION_CREDENTIALS=$(find `pwd` -maxdepth 1 -name sa.json)" >> $GITHUB_ENV
- name: Fetch Dependency Cache
uses: actions/cache@v2
with:
key: ${{ runner.os }}-depedency-cache
path: ~/.m2
- name: Pre-Build
run: make ${MODULES} TARGET=prebuild
- name: Lint
run: make ${MODULES} TARGET=lint
- name: Build
run: make ${MODULES} TARGET=build
- name: Unit Test
run: make ${MODULES} TARGET=unit
- name: Integration Test
env:
WFL_POSTGRES_USERNAME: postgres
WFL_POSTGRES_PASSWORD: postgres
#
# Assign env variables from Atlantis-managed GitHub Secrets:
# https://github.com/broadinstitute/terraform-ap-deployments/blob/master/github/tfvars/broadinstitute-wfl.tfvars
#
WFL_SLACK_TOKEN: ${{ secrets.WFL_SLACK_TOKEN }}
run: make ${MODULES} TARGET=integration