Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v24.2.x] gha: use oidc #23439

Merged
merged 14 commits into from
Sep 26, 2024
Merged

[v24.2.x] gha: use oidc #23439

merged 14 commits into from
Sep 26, 2024

Conversation

andrewhsu
Copy link
Member

@andrewhsu andrewhsu commented Sep 23, 2024
edited
Loading

Backport of PR #23423
Fixes #23438
jira: PESDLC-1736

This PR updates the workflow files triggered from the v24.2.x branch that use action aws-actions/configure-aws-credentials to run with OIDC tokens.

There were many conflicts when I first attempted to cherry-pick all the commits from PR #23423 that were unrelated to OIDC tokens and/or changed workflow files that wouldn't run on this v24.2.x branch, so I only cherry-picked a subset of the commits that are needed. This reduced the changeset to just these files:

  1. cloud-installpack-bk-trigger.yml
  2. promote.yml
  3. release-rp-storage-tool.yml
  4. transform-sdk-release.yml

EDIT: also backported changes from PRs #23036 and #23045 to fix rust build errors on PR checks. see comment. cherry-picked changes to this workflow to verify rust builds:

  1. transform-sdk-build.yml

Backports Required

  • none - not a bug fix
  • none - this is a backport
  • none - issue does not exist in previous branches
  • none - papercut/not impactful enough to backport
  • v24.2.x
  • v24.1.x
  • v23.3.x

Release Notes

  • none

@andrewhsu andrewhsu force-pushed the PESDLC-1736-v24.2.x-gh-oidc branch from 9b7a73f to 892f3b3 Compare September 23, 2024 19:59
@andrewhsu andrewhsu force-pushed the PESDLC-1736-v24.2.x-gh-oidc branch from 892f3b3 to 92cbb43 Compare September 23, 2024 20:01
@andrewhsu andrewhsu marked this pull request as ready for review September 23, 2024 20:07
@andrewhsu andrewhsu requested a review from a team as a code owner September 23, 2024 20:07
@andrewhsu andrewhsu requested review from hobbseltoff and ivotron and removed request for a team and hobbseltoff September 23, 2024 20:07
@andrewhsu andrewhsu changed the title [v24.2.x] use oidc [v24.2.x] gha: use oidc Sep 23, 2024
@andrewhsu
Copy link
Member Author

commits to use oidc are missing. i'm putting this PR into draft to re-evaluate the cherry-pick command i ran.

@andrewhsu andrewhsu marked this pull request as draft September 23, 2024 20:53
@andrewhsu andrewhsu marked this pull request as ready for review September 24, 2024 07:37
@andrewhsu
Copy link
Member Author

added missing commits. see fix in PR #23451 to get all commits. ready for review.

@andrewhsu
Copy link
Member Author

requesting @WillemKauf as reviewer for backport commit 6dfc362

@andrewhsu
Copy link
Member Author

putting this PR into draft to reduce its scope. backporting all of the commits from original PR forces carry-on changes from other PRs that also need to be backport, so i'll just limit to the ones that will affect oidc tokens on events that would be triggered on v24.2.x branch.

@andrewhsu andrewhsu marked this pull request as draft September 24, 2024 14:15
@andrewhsu
add .yamllint configuration file
0020a8a
@andrewhsu
gha: fix yamllint cloud-installpack-bk-trigger.yml
937ba13 
(cherry picked from commit 78d6a61)
@andrewhsu
gha: update cloud-installpack-bk-trigger.yml to use oidc
bae43f8 
(cherry picked from commit 0ad5e1c)
@andrewhsu
gha: fix yamllint promote.yml
7fc7f7e 
(cherry picked from commit 58cf73d)
@andrewhsu
gha: update promote.yml to use oidc
26884ab 
(cherry picked from commit eb7121b)
@andrewhsu
gha: fix yamllint release-rp-storage-tool.yml
24eaa53 
(cherry picked from commit 7c9526e)
@andrewhsu
gha: rm unnecessary if expr in release-rp-storage-tool
e0ec767 
These expressions will not guard against anything with the workflow only
triggering on tags with "v*".

(cherry picked from commit f504034)
@andrewhsu
gha: update release-rp-storage-tool.yml to use oidc
658956d 
(cherry picked from commit 951682a)
@andrewhsu
gha: fix yamllint transform-sdk-release.yml
c958892 
(cherry picked from commit dc61009)
@andrewhsu
gha: update transform-sdk-release.yml to use oidc
989c454 
Conflicts:
	.github/workflows/transform-sdk-release.yml

resolved step name conflict
@andrewhsu andrewhsu force-pushed the PESDLC-1736-v24.2.x-gh-oidc branch from 6dfc362 to 989c454 Compare September 25, 2024 15:47
@WillemKauf
Copy link
Contributor

Since you pulled in 6dfc362, make sure you also pull in 0f84ab4, or else ducktape will fail everytime due to incompatible rustc versions.

WillemKauf and others added 4 commits September 25, 2024 11:16
@WillemKauf @andrewhsu
tools/rp_storage_tool: bump dependencies
2f9e7d8 
Rust `1.80.0` broke backwards compatibility with older versions of the
`time` crate: rust-lang/rust#127343

Users with an updated compiler will be unable to build `rp-storage-tool`
with the previous dependency versions.

Update `Cargo.lock` with updated dependencies generated from
`cargo build --release` and Rust compiler version
`rustc 1.80.1 (3f5fd8dd4 2024-08-06)`.

(cherry picked from commit c58e277)
@WillemKauf @andrewhsu
docker: bump rust version
234bafd 
After bumping dependencies in #23036,
we must update the rust version from `1.70.0` to `1.80.1`.

(cherry picked from commit 0f84ab4)
@andrewhsu
gha: fix yamllint transform-sdk-build.yml
f3dc0c4 
(cherry picked from commit f4f785d)
@andrewhsu
gha: only run transform-sdk-build on push to dev and release branches
39ac9be 
Without this change, PR checks will run twice:
1. transform-sdk-build / Build integration tests (pull_request)
2. transform-sdk-build / Build integration tests (push)

(cherry picked from commit 3aaf695)
@andrewhsu andrewhsu marked this pull request as ready for review September 25, 2024 16:37
@andrewhsu
Copy link
Member Author

Since you pulled in 6dfc362, make sure you also pull in 0f84ab4, or else ducktape will fail everytime due to incompatible rustc versions.

@WillemKauf thanks for the guidance. i backported the commits from the original PRs #23036 and #23045. cherry-picks were clean (no conflicts).

@andrewhsu andrewhsu mentioned this pull request Sep 25, 2024
Merged
7 tasks
ivotron
ivotron approved these changes Sep 25, 2024
View reviewed changes
Copy link
Member

@ivotron ivotron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm on the gha workflows

@andrewhsu andrewhsu merged commit 8200e76 into v24.2.x Sep 26, 2024
29 checks passed
@andrewhsu andrewhsu deleted the PESDLC-1736-v24.2.x-gh-oidc branch September 26, 2024 17:59
@BenPope BenPope added this to the v24.2.6 milestone Oct 8, 2024
@BenPope BenPope mentioned this pull request Oct 8, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ivotron ivotron ivotron approved these changes

@WillemKauf WillemKauf Awaiting requested review from WillemKauf

Assignees
No one assigned
Labels
area/build area/redpanda area/rpk
Projects
None yet
Milestone
v24.2.6
Development

Successfully merging this pull request may close these issues.
4 participants
@andrewhsu @WillemKauf @ivotron @BenPope