From dbea5c5d3b6d961f27447abb8d2c4f53577ea872 Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Wed, 9 Nov 2022 16:43:44 -0400 Subject: [PATCH 01/17] feat(ssh): enable OS Login for GCP test instances --- .github/workflows/deploy-gcp-tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-gcp-tests.yml b/.github/workflows/deploy-gcp-tests.yml index 73aaa5022c2..6362ec2484c 100644 --- a/.github/workflows/deploy-gcp-tests.yml +++ b/.github/workflows/deploy-gcp-tests.yml @@ -146,7 +146,7 @@ jobs: --container-restart-policy=never \ --machine-type ${{ env.MACHINE_TYPE }} \ --scopes cloud-platform \ - --metadata=google-monitoring-enabled=true,google-logging-enabled=true \ + --metadata=google-monitoring-enabled=TRUE,google-logging-enabled=TRUE,enable-oslogin=TRUE \ --metadata-from-file=startup-script=.github/workflows/scripts/gcp-vm-startup-script.sh \ --tags ${{ inputs.app_name }} \ --zone ${{ env.ZONE }} @@ -368,7 +368,7 @@ jobs: --container-restart-policy=never \ --machine-type ${{ env.MACHINE_TYPE }} \ --scopes cloud-platform \ - --metadata=google-monitoring-enabled=true,google-logging-enabled=true \ + --metadata=google-monitoring-enabled=TRUE,google-logging-enabled=TRUE,enable-oslogin=TRUE \ --metadata-from-file=startup-script=.github/workflows/scripts/gcp-vm-startup-script.sh \ --tags ${{ inputs.app_name }} \ --zone ${{ env.ZONE }} From d8e8184236645ec8625a6a26c4199c69b887e780 Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Wed, 9 Nov 2022 17:43:36 -0400 Subject: [PATCH 02/17] fix(ssh): force service account impersonation for OS Login --- .github/workflows/deploy-gcp-tests.yml | 100 +++++++++---------------- 1 file changed, 34 insertions(+), 66 deletions(-) diff --git a/.github/workflows/deploy-gcp-tests.yml b/.github/workflows/deploy-gcp-tests.yml index 6362ec2484c..4a7d5ba0681 100644 --- a/.github/workflows/deploy-gcp-tests.yml +++ b/.github/workflows/deploy-gcp-tests.yml @@ -157,8 +157,8 @@ jobs: # SSH into the just created VM, and create a docker volume with the newly created disk. - name: Create ${{ inputs.test_id }} Docker volume run: | - gcloud compute ssh \ - github-service-account@${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --zone ${{ env.ZONE }} \ --quiet \ --ssh-flag="-o ServerAliveInterval=5" \ @@ -211,10 +211,8 @@ jobs: # Launch the test without any cached state - name: Launch ${{ inputs.test_id }} test run: | - gcloud compute ssh \ - github-service-account@${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ - --quiet \ + gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -381,10 +379,8 @@ jobs: # but the cached state can be smaller if we just increased the disk size.) - name: Create ${{ inputs.test_id }} Docker volume run: | - gcloud compute ssh \ - github-service-account@${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ - --quiet \ + gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -453,10 +449,8 @@ jobs: # TODO: we should find a better logic for this use cases if: ${{ (inputs.needs_zebra_state && !inputs.needs_lwd_state) && inputs.test_id != 'lwd-full-sync' }} run: | - gcloud compute ssh \ - github-service-account@${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ - --quiet \ + gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -503,10 +497,8 @@ jobs: # TODO: we should find a better logic for this use cases if: ${{ (inputs.needs_zebra_state && inputs.needs_lwd_state) || inputs.test_id == 'lwd-full-sync' }} run: | - gcloud compute ssh \ - github-service-account@${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ - --quiet \ + gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -570,10 +562,8 @@ jobs: # Errors in the tests are caught by the final test status job. - name: Show logs for ${{ inputs.test_id }} test (sprout) run: | - gcloud compute ssh \ - github-service-account@${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ - --quiet \ + gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -632,10 +622,8 @@ jobs: # Show recent logs, following until Canopy activation (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (heartwood) run: | - gcloud compute ssh \ - github-service-account@${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ - --quiet \ + gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -691,10 +679,8 @@ jobs: # Show recent logs, following until NU5 activation (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (canopy) run: | - gcloud compute ssh \ - github-service-account@${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ - --quiet \ + gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -752,10 +738,8 @@ jobs: # Show recent logs, following until block 1,740,000 (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (1740k) run: | - gcloud compute ssh \ - github-service-account@${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ - --quiet \ + gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -815,10 +799,8 @@ jobs: # Show recent logs, following until block 1,760,000 (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (1760k) run: | - gcloud compute ssh \ - github-service-account@${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ - --quiet \ + gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -878,10 +860,8 @@ jobs: # Show recent logs, following until block 1,780,000 (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (1780k) run: | - gcloud compute ssh \ - github-service-account@${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ - --quiet \ + gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -942,10 +922,8 @@ jobs: # Show recent logs, following until block 1,800,000 (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (1800k) run: | - gcloud compute ssh \ - github-service-account@${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ - --quiet \ + gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -1005,10 +983,8 @@ jobs: # Show recent logs, following until block 1,820,000 (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (1820k) run: | - gcloud compute ssh \ - github-service-account@${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ - --quiet \ + gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -1067,10 +1043,8 @@ jobs: # TODO: when doing obtain/extend tips, log the verifier in use, and check for full verification here - name: Show logs for ${{ inputs.test_id }} test (checkpoint) run: | - gcloud compute ssh \ - github-service-account@${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ - --quiet \ + gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -1125,10 +1099,8 @@ jobs: # Show recent logs, following until the test finishes - name: Show logs for ${{ inputs.test_id }} test (end) run: | - gcloud compute ssh \ - github-service-account@${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ - --quiet \ + gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -1194,10 +1166,8 @@ jobs: # (`docker wait` can also wait for multiple containers, but we only ever wait for a single container.) - name: Result of ${{ inputs.test_id }} test run: | - gcloud compute ssh \ - github-service-account@${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ - --quiet \ + gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -1317,10 +1287,8 @@ jobs: SYNC_HEIGHT="" DOCKER_LOGS=$( \ - gcloud compute ssh \ - github-service-account@${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ - --quiet \ + gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ From c0037b40bd3dc46dcc7ad50e13d5679cddf12b56 Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Wed, 9 Nov 2022 18:26:58 -0400 Subject: [PATCH 03/17] debug: show actual user trying to impersonate SA --- .github/workflows/deploy-gcp-tests.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/deploy-gcp-tests.yml b/.github/workflows/deploy-gcp-tests.yml index e75b7de30a4..159c422279c 100644 --- a/.github/workflows/deploy-gcp-tests.yml +++ b/.github/workflows/deploy-gcp-tests.yml @@ -158,6 +158,8 @@ jobs: # SSH into the just created VM, and create a docker volume with the newly created disk. - name: Create ${{ inputs.test_id }} Docker volume run: | + gcloud auth list + gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --zone ${{ env.ZONE }} \ @@ -375,6 +377,8 @@ jobs: # but the cached state can be smaller if we just increased the disk size.) - name: Create ${{ inputs.test_id }} Docker volume run: | + gcloud auth list + gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ From 059346ed7bdb32ac43e1c4a8165d72adcafc5cdb Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Wed, 9 Nov 2022 19:25:15 -0400 Subject: [PATCH 04/17] fix(glcloud): configure gcloud before running commands --- .github/workflows/deploy-gcp-tests.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-gcp-tests.yml b/.github/workflows/deploy-gcp-tests.yml index 159c422279c..e39d80cba07 100644 --- a/.github/workflows/deploy-gcp-tests.yml +++ b/.github/workflows/deploy-gcp-tests.yml @@ -133,7 +133,9 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - token_format: 'access_token' + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v1.0.0 # Create a Compute Engine virtual machine - name: Create ${{ inputs.test_id }} GCP compute instance @@ -261,7 +263,9 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - token_format: 'access_token' + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v1.0.0 # Find a cached state disk for this job, matching all of: # - disk cached state (lwd_state_dir/zebra_state_dir or disk_prefix) - zebrad-cache or lwd-cache From 6c70e108d1c95a1ce05fabdaabe97acd0406bf65 Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Thu, 10 Nov 2022 12:09:44 -0400 Subject: [PATCH 05/17] fix(ssh): add VM zone to ssh command --- .github/workflows/deploy-gcp-tests.yml | 77 +++++++++++--------------- 1 file changed, 33 insertions(+), 44 deletions(-) diff --git a/.github/workflows/deploy-gcp-tests.yml b/.github/workflows/deploy-gcp-tests.yml index e44401fed4c..51c0542a14c 100644 --- a/.github/workflows/deploy-gcp-tests.yml +++ b/.github/workflows/deploy-gcp-tests.yml @@ -160,11 +160,12 @@ jobs: # SSH into the just created VM, and create a docker volume with the newly created disk. - name: Create ${{ inputs.test_id }} Docker volume run: | + gcloud info gcloud auth list gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --zone ${{ env.ZONE }} \ + --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --quiet \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -206,14 +207,13 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + token_format: 'access_token' # Launch the test without any cached state - name: Launch ${{ inputs.test_id }} test run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --zone ${{ env.ZONE }} \ --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -383,9 +383,11 @@ jobs: # but the cached state can be smaller if we just increased the disk size.) - name: Create ${{ inputs.test_id }} Docker volume run: | + gcloud info gcloud auth list gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --zone ${{ env.ZONE }} \ --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -425,9 +427,7 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + token_format: 'access_token' # Launch the test with the previously created Zebra-only cached state. # Each test runs one of the "Launch test" steps, and skips the other. @@ -453,6 +453,7 @@ jobs: if: ${{ (inputs.needs_zebra_state && !inputs.needs_lwd_state) && inputs.test_id != 'lwd-full-sync' }} run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --zone ${{ env.ZONE }} \ --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -501,6 +502,7 @@ jobs: if: ${{ (inputs.needs_zebra_state && inputs.needs_lwd_state) || inputs.test_id == 'lwd-full-sync' }} run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --zone ${{ env.ZONE }} \ --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -550,9 +552,7 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + token_format: 'access_token' # Show all the logs since the container launched, # following until Sapling activation (or the test finishes). @@ -565,6 +565,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (sprout) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --zone ${{ env.ZONE }} \ --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -614,14 +615,13 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + token_format: 'access_token' # Show recent logs, following until Canopy activation (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (heartwood) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --zone ${{ env.ZONE }} \ --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -668,14 +668,13 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + token_format: 'access_token' # Show recent logs, following until NU5 activation (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (canopy) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --zone ${{ env.ZONE }} \ --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -724,14 +723,13 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + token_format: 'access_token' # Show recent logs, following until block 1,740,000 (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (1740k) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --zone ${{ env.ZONE }} \ --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -782,14 +780,13 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + token_format: 'access_token' # Show recent logs, following until block 1,760,000 (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (1760k) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --zone ${{ env.ZONE }} \ --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -840,14 +837,13 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + token_format: 'access_token' # Show recent logs, following until block 1,780,000 (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (1780k) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --zone ${{ env.ZONE }} \ --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -899,14 +895,13 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + token_format: 'access_token' # Show recent logs, following until block 1,800,000 (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (1800k) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --zone ${{ env.ZONE }} \ --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -952,19 +947,18 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v0.8.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + token_format: 'access_token' # Show recent logs, following until block 1,820,000 (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (1820k) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --zone ${{ env.ZONE }} \ --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -1012,9 +1006,7 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + token_format: 'access_token' # Show recent logs, following until the last checkpoint (or the test finishes) # @@ -1022,6 +1014,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (checkpoint) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --zone ${{ env.ZONE }} \ --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -1073,9 +1066,7 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + token_format: 'access_token' # Check that the container executed at least 1 Rust test harness test, and that all tests passed. # Then wait for the container to finish, and exit with the test's exit status. @@ -1090,6 +1081,7 @@ jobs: - name: Result of ${{ inputs.test_id }} test run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --zone ${{ env.ZONE }} \ --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -1160,9 +1152,7 @@ jobs: with: workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + token_format: 'access_token' # Get the state version from the local constants.rs file to be used in the image creation, # as the state version is part of the disk image name. @@ -1214,6 +1204,7 @@ jobs: DOCKER_LOGS=$( \ gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --zone ${{ env.ZONE }} \ --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -1335,9 +1326,7 @@ jobs: with: workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + token_format: 'access_token' # Deletes the instances that has been recently deployed in the actual commit after all # previous jobs have run, no matter the outcome of the job. From fcaa8245681b009e3dc46d1e025ec8daf35371e6 Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Thu, 10 Nov 2022 12:22:42 -0400 Subject: [PATCH 06/17] fix(auth): bringing changes from #5614 --- .github/workflows/continous-delivery.yml | 4 ++-- .github/workflows/continous-integration-docker.yml | 2 +- .github/workflows/delete-gcp-resources.yml | 2 +- .github/workflows/deploy-gcp-tests.yml | 4 ++-- .github/workflows/zcash-lightwalletd.yml | 2 +- .github/workflows/zcashd-manual-deploy.yml | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/continous-delivery.yml b/.github/workflows/continous-delivery.yml index 3ecfb5e1187..744f934f4a9 100644 --- a/.github/workflows/continous-delivery.yml +++ b/.github/workflows/continous-delivery.yml @@ -114,7 +114,7 @@ jobs: service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 - name: Create instance template run: | @@ -188,7 +188,7 @@ jobs: service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 # Create instance template from container image - name: Manual deploy of a single instance running zebrad diff --git a/.github/workflows/continous-integration-docker.yml b/.github/workflows/continous-integration-docker.yml index 3a4597a4b99..f5ee2d9e87b 100644 --- a/.github/workflows/continous-integration-docker.yml +++ b/.github/workflows/continous-integration-docker.yml @@ -113,7 +113,7 @@ jobs: service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 # Disk images in GCP are required to be in lowercase, but the blockchain network # uses sentence case, so we need to downcase ${{ env.NETWORK or github.event.inputs.network }} diff --git a/.github/workflows/delete-gcp-resources.yml b/.github/workflows/delete-gcp-resources.yml index 884ef26c30d..39f5f7a3bb4 100644 --- a/.github/workflows/delete-gcp-resources.yml +++ b/.github/workflows/delete-gcp-resources.yml @@ -40,7 +40,7 @@ jobs: service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 # Deletes all instances older than $DELETE_INSTANCE_DAYS days. # diff --git a/.github/workflows/deploy-gcp-tests.yml b/.github/workflows/deploy-gcp-tests.yml index 51c0542a14c..ba31ded5c7b 100644 --- a/.github/workflows/deploy-gcp-tests.yml +++ b/.github/workflows/deploy-gcp-tests.yml @@ -135,7 +135,7 @@ jobs: service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 # Create a Compute Engine virtual machine - name: Create ${{ inputs.test_id }} GCP compute instance @@ -267,7 +267,7 @@ jobs: service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 # Find a cached state disk for this job, matching all of: # - disk cached state (lwd_state_dir/zebra_state_dir or disk_prefix) - zebrad-cache or lwd-cache diff --git a/.github/workflows/zcash-lightwalletd.yml b/.github/workflows/zcash-lightwalletd.yml index e8f5a8986cc..021d245af11 100644 --- a/.github/workflows/zcash-lightwalletd.yml +++ b/.github/workflows/zcash-lightwalletd.yml @@ -114,7 +114,7 @@ jobs: token_format: 'access_token' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 - name: Login to Google Artifact Registry uses: docker/login-action@v2.1.0 diff --git a/.github/workflows/zcashd-manual-deploy.yml b/.github/workflows/zcashd-manual-deploy.yml index a6e69ce5ed1..c7482935e5e 100644 --- a/.github/workflows/zcashd-manual-deploy.yml +++ b/.github/workflows/zcashd-manual-deploy.yml @@ -47,7 +47,7 @@ jobs: service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 # Create instance template from container image - name: Create instance template From 89df8af559b3afd45c9d0a53f470920941fac8d2 Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Thu, 10 Nov 2022 13:13:47 -0400 Subject: [PATCH 07/17] fix(auth): impersonation is working as expected now --- .github/workflows/deploy-gcp-tests.yml | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/.github/workflows/deploy-gcp-tests.yml b/.github/workflows/deploy-gcp-tests.yml index ba31ded5c7b..8e1c70cb7e1 100644 --- a/.github/workflows/deploy-gcp-tests.yml +++ b/.github/workflows/deploy-gcp-tests.yml @@ -165,8 +165,6 @@ jobs: gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ --zone ${{ env.ZONE }} \ - --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ - --quiet \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -214,7 +212,6 @@ jobs: run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ --zone ${{ env.ZONE }} \ - --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -388,7 +385,6 @@ jobs: gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ --zone ${{ env.ZONE }} \ - --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -454,7 +450,6 @@ jobs: run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ --zone ${{ env.ZONE }} \ - --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -503,7 +498,6 @@ jobs: run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ --zone ${{ env.ZONE }} \ - --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -566,7 +560,6 @@ jobs: run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ --zone ${{ env.ZONE }} \ - --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -622,7 +615,6 @@ jobs: run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ --zone ${{ env.ZONE }} \ - --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -675,7 +667,6 @@ jobs: run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ --zone ${{ env.ZONE }} \ - --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -730,7 +721,6 @@ jobs: run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ --zone ${{ env.ZONE }} \ - --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -787,7 +777,6 @@ jobs: run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ --zone ${{ env.ZONE }} \ - --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -844,7 +833,6 @@ jobs: run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ --zone ${{ env.ZONE }} \ - --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -902,7 +890,6 @@ jobs: run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ --zone ${{ env.ZONE }} \ - --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -959,7 +946,6 @@ jobs: run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ --zone ${{ env.ZONE }} \ - --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -1015,7 +1001,6 @@ jobs: run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ --zone ${{ env.ZONE }} \ - --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -1082,7 +1067,6 @@ jobs: run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ --zone ${{ env.ZONE }} \ - --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -1205,7 +1189,6 @@ jobs: DOCKER_LOGS=$( \ gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ --zone ${{ env.ZONE }} \ - --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ From 19505142fbd51190a661f8730989a5f80f240311 Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Thu, 10 Nov 2022 02:32:21 -0400 Subject: [PATCH 08/17] fix(gcloud): setup the GCP CLI after authenticating (#5606) Previous behavior: `gcloud` commands have been running without an appropiate authentication as the `auth` auction was sucessfully executed, but the actual gcloud CLI being used in further jobs was not using the correct configuration nor credentials Expected behavior: All `gcloud` commands should be properly configured and authenticated. Solution: Add the `google-github-actions/setup-gcloud` action after each `google-github-actions/auth` invocation, and before running any `gcloud` command. Remove the need of an OAuth Access token when not required by following steps --- .github/workflows/deploy-gcp-tests.yml | 56 +++++++++++++++++++------- 1 file changed, 42 insertions(+), 14 deletions(-) diff --git a/.github/workflows/deploy-gcp-tests.yml b/.github/workflows/deploy-gcp-tests.yml index 8e1c70cb7e1..805f6ea213b 100644 --- a/.github/workflows/deploy-gcp-tests.yml +++ b/.github/workflows/deploy-gcp-tests.yml @@ -205,7 +205,9 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - token_format: 'access_token' + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v1.0.0 # Launch the test without any cached state - name: Launch ${{ inputs.test_id }} test @@ -423,7 +425,9 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - token_format: 'access_token' + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v1.0.0 # Launch the test with the previously created Zebra-only cached state. # Each test runs one of the "Launch test" steps, and skips the other. @@ -546,7 +550,9 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - token_format: 'access_token' + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v1.0.0 # Show all the logs since the container launched, # following until Sapling activation (or the test finishes). @@ -608,7 +614,9 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - token_format: 'access_token' + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v1.0.0 # Show recent logs, following until Canopy activation (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (heartwood) @@ -660,7 +668,9 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - token_format: 'access_token' + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v1.0.0 # Show recent logs, following until NU5 activation (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (canopy) @@ -714,7 +724,9 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - token_format: 'access_token' + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v1.0.0 # Show recent logs, following until block 1,740,000 (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (1740k) @@ -770,7 +782,9 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - token_format: 'access_token' + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v1.0.0 # Show recent logs, following until block 1,760,000 (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (1760k) @@ -826,7 +840,9 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - token_format: 'access_token' + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v1.0.0 # Show recent logs, following until block 1,780,000 (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (1780k) @@ -883,7 +899,9 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - token_format: 'access_token' + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v1.0.0 # Show recent logs, following until block 1,800,000 (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (1800k) @@ -939,7 +957,9 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - token_format: 'access_token' + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v1.0.0 # Show recent logs, following until block 1,820,000 (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (1820k) @@ -992,7 +1012,9 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - token_format: 'access_token' + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v1.0.0 # Show recent logs, following until the last checkpoint (or the test finishes) # @@ -1051,7 +1073,9 @@ jobs: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - token_format: 'access_token' + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v1.0.0 # Check that the container executed at least 1 Rust test harness test, and that all tests passed. # Then wait for the container to finish, and exit with the test's exit status. @@ -1136,7 +1160,9 @@ jobs: with: workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - token_format: 'access_token' + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v1.0.0 # Get the state version from the local constants.rs file to be used in the image creation, # as the state version is part of the disk image name. @@ -1309,7 +1335,9 @@ jobs: with: workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - token_format: 'access_token' + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v1.0.0 # Deletes the instances that has been recently deployed in the actual commit after all # previous jobs have run, no matter the outcome of the job. From e318a20ab80c8114ef5b8827263500567c066739 Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Thu, 10 Nov 2022 13:19:27 -0400 Subject: [PATCH 09/17] fix(auth): revert to latest version --- .github/workflows/build-docker-image.yml | 2 +- .github/workflows/continous-delivery.yml | 4 +-- .../continous-integration-docker.yml | 2 +- .github/workflows/delete-gcp-resources.yml | 2 +- .github/workflows/deploy-gcp-tests.yml | 30 +++++++++---------- .github/workflows/zcash-lightwalletd.yml | 2 +- .github/workflows/zcashd-manual-deploy.yml | 2 +- 7 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml index 0d23cda087b..315498c2034 100644 --- a/.github/workflows/build-docker-image.yml +++ b/.github/workflows/build-docker-image.yml @@ -94,7 +94,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' diff --git a/.github/workflows/continous-delivery.yml b/.github/workflows/continous-delivery.yml index 744f934f4a9..bff5a941e85 100644 --- a/.github/workflows/continous-delivery.yml +++ b/.github/workflows/continous-delivery.yml @@ -107,7 +107,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' @@ -181,7 +181,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' diff --git a/.github/workflows/continous-integration-docker.yml b/.github/workflows/continous-integration-docker.yml index f5ee2d9e87b..8add28f47cd 100644 --- a/.github/workflows/continous-integration-docker.yml +++ b/.github/workflows/continous-integration-docker.yml @@ -106,7 +106,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' diff --git a/.github/workflows/delete-gcp-resources.yml b/.github/workflows/delete-gcp-resources.yml index 39f5f7a3bb4..1b4e30e7447 100644 --- a/.github/workflows/delete-gcp-resources.yml +++ b/.github/workflows/delete-gcp-resources.yml @@ -33,7 +33,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' diff --git a/.github/workflows/deploy-gcp-tests.yml b/.github/workflows/deploy-gcp-tests.yml index 805f6ea213b..7671662cb8f 100644 --- a/.github/workflows/deploy-gcp-tests.yml +++ b/.github/workflows/deploy-gcp-tests.yml @@ -128,7 +128,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' @@ -200,7 +200,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' @@ -259,7 +259,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' @@ -420,7 +420,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' @@ -545,7 +545,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' @@ -609,7 +609,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' @@ -663,7 +663,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' @@ -719,7 +719,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' @@ -777,7 +777,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' @@ -835,7 +835,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' @@ -894,7 +894,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' @@ -1007,7 +1007,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' @@ -1068,7 +1068,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' @@ -1156,7 +1156,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' @@ -1331,7 +1331,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' diff --git a/.github/workflows/zcash-lightwalletd.yml b/.github/workflows/zcash-lightwalletd.yml index 021d245af11..1db3ddbc3f4 100644 --- a/.github/workflows/zcash-lightwalletd.yml +++ b/.github/workflows/zcash-lightwalletd.yml @@ -106,7 +106,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' diff --git a/.github/workflows/zcashd-manual-deploy.yml b/.github/workflows/zcashd-manual-deploy.yml index c7482935e5e..b784a7ed337 100644 --- a/.github/workflows/zcashd-manual-deploy.yml +++ b/.github/workflows/zcashd-manual-deploy.yml @@ -40,7 +40,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.0 + uses: google-github-actions/auth@v1.0.1 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' From 6405fd18cd21176f4c454dfd2054d4004f624b05 Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Thu, 10 Nov 2022 13:21:52 -0400 Subject: [PATCH 10/17] fix: wrong replace --- .github/workflows/build-docker-image.yml | 2 +- .github/workflows/continous-delivery.yml | 4 +- .../continous-integration-docker.yml | 2 +- .github/workflows/delete-gcp-resources.yml | 2 +- .github/workflows/deploy-gcp-tests.yml | 58 +++++++++---------- .github/workflows/zcash-lightwalletd.yml | 2 +- .github/workflows/zcashd-manual-deploy.yml | 2 +- 7 files changed, 36 insertions(+), 36 deletions(-) diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml index 315498c2034..0d23cda087b 100644 --- a/.github/workflows/build-docker-image.yml +++ b/.github/workflows/build-docker-image.yml @@ -94,7 +94,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' diff --git a/.github/workflows/continous-delivery.yml b/.github/workflows/continous-delivery.yml index bff5a941e85..744f934f4a9 100644 --- a/.github/workflows/continous-delivery.yml +++ b/.github/workflows/continous-delivery.yml @@ -107,7 +107,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' @@ -181,7 +181,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' diff --git a/.github/workflows/continous-integration-docker.yml b/.github/workflows/continous-integration-docker.yml index 8add28f47cd..f5ee2d9e87b 100644 --- a/.github/workflows/continous-integration-docker.yml +++ b/.github/workflows/continous-integration-docker.yml @@ -106,7 +106,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' diff --git a/.github/workflows/delete-gcp-resources.yml b/.github/workflows/delete-gcp-resources.yml index 1b4e30e7447..39f5f7a3bb4 100644 --- a/.github/workflows/delete-gcp-resources.yml +++ b/.github/workflows/delete-gcp-resources.yml @@ -33,7 +33,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' diff --git a/.github/workflows/deploy-gcp-tests.yml b/.github/workflows/deploy-gcp-tests.yml index 7671662cb8f..93206f0c735 100644 --- a/.github/workflows/deploy-gcp-tests.yml +++ b/.github/workflows/deploy-gcp-tests.yml @@ -128,7 +128,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' @@ -200,14 +200,14 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 # Launch the test without any cached state - name: Launch ${{ inputs.test_id }} test @@ -259,7 +259,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' @@ -420,14 +420,14 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 # Launch the test with the previously created Zebra-only cached state. # Each test runs one of the "Launch test" steps, and skips the other. @@ -545,14 +545,14 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 # Show all the logs since the container launched, # following until Sapling activation (or the test finishes). @@ -609,14 +609,14 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 # Show recent logs, following until Canopy activation (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (heartwood) @@ -663,14 +663,14 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 # Show recent logs, following until NU5 activation (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (canopy) @@ -719,14 +719,14 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 # Show recent logs, following until block 1,740,000 (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (1740k) @@ -777,14 +777,14 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 # Show recent logs, following until block 1,760,000 (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (1760k) @@ -835,14 +835,14 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 # Show recent logs, following until block 1,780,000 (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (1780k) @@ -894,14 +894,14 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 # Show recent logs, following until block 1,800,000 (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (1800k) @@ -959,7 +959,7 @@ jobs: service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 # Show recent logs, following until block 1,820,000 (or the test finishes) - name: Show logs for ${{ inputs.test_id }} test (1820k) @@ -1007,14 +1007,14 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 # Show recent logs, following until the last checkpoint (or the test finishes) # @@ -1068,14 +1068,14 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 # Check that the container executed at least 1 Rust test harness test, and that all tests passed. # Then wait for the container to finish, and exit with the test's exit status. @@ -1156,13 +1156,13 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 # Get the state version from the local constants.rs file to be used in the image creation, # as the state version is part of the disk image name. @@ -1331,13 +1331,13 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1.0.0 + uses: google-github-actions/setup-gcloud@v1.0.1 # Deletes the instances that has been recently deployed in the actual commit after all # previous jobs have run, no matter the outcome of the job. diff --git a/.github/workflows/zcash-lightwalletd.yml b/.github/workflows/zcash-lightwalletd.yml index 1db3ddbc3f4..021d245af11 100644 --- a/.github/workflows/zcash-lightwalletd.yml +++ b/.github/workflows/zcash-lightwalletd.yml @@ -106,7 +106,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' diff --git a/.github/workflows/zcashd-manual-deploy.yml b/.github/workflows/zcashd-manual-deploy.yml index b784a7ed337..c7482935e5e 100644 --- a/.github/workflows/zcashd-manual-deploy.yml +++ b/.github/workflows/zcashd-manual-deploy.yml @@ -40,7 +40,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.0.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' From 1125f7c62b6557e407344abd7e77510346839020 Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Thu, 10 Nov 2022 13:55:32 -0400 Subject: [PATCH 11/17] fix(ci): use a specific debian image for VM containers --- .github/workflows/deploy-gcp-tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-gcp-tests.yml b/.github/workflows/deploy-gcp-tests.yml index 93206f0c735..0633d559adc 100644 --- a/.github/workflows/deploy-gcp-tests.yml +++ b/.github/workflows/deploy-gcp-tests.yml @@ -145,7 +145,7 @@ jobs: --boot-disk-size 300GB \ --boot-disk-type pd-ssd \ --create-disk name="${{ inputs.test_id }}-${{ env.GITHUB_SHA_SHORT }}",device-name="${{ inputs.test_id }}-${{ env.GITHUB_SHA_SHORT }}",size=300GB,type=pd-ssd \ - --container-image debian-11 \ + --container-image debian-11-bullseye-v20221102 \ --container-restart-policy=never \ --machine-type ${{ env.MACHINE_TYPE }} \ --scopes cloud-platform \ @@ -365,7 +365,7 @@ jobs: --boot-disk-size 300GB \ --boot-disk-type pd-ssd \ --create-disk image=${{ env.CACHED_DISK_NAME }},name="${{ inputs.test_id }}-${{ env.GITHUB_SHA_SHORT }}",device-name="${{ inputs.test_id }}-${{ env.GITHUB_SHA_SHORT }}",size=300GB,type=pd-ssd \ - --container-image debian-11 \ + --container-image debian-11-bullseye-v20221102 \ --container-restart-policy=never \ --machine-type ${{ env.MACHINE_TYPE }} \ --scopes cloud-platform \ From 552bcaf59f014aa74d6fae1d79eb6e57e555e5e7 Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Thu, 10 Nov 2022 14:40:10 -0400 Subject: [PATCH 12/17] fix(ssh): delete generated SSH keys by CI after 30 seconds --- .github/workflows/deploy-gcp-tests.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/deploy-gcp-tests.yml b/.github/workflows/deploy-gcp-tests.yml index 0633d559adc..426fe6b7d73 100644 --- a/.github/workflows/deploy-gcp-tests.yml +++ b/.github/workflows/deploy-gcp-tests.yml @@ -164,6 +164,7 @@ jobs: gcloud auth list gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --ssh-key-expire-after=30s \ --zone ${{ env.ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -213,6 +214,7 @@ jobs: - name: Launch ${{ inputs.test_id }} test run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --ssh-key-expire-after=30s \ --zone ${{ env.ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -386,6 +388,7 @@ jobs: gcloud auth list gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --ssh-key-expire-after=30s \ --zone ${{ env.ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -453,6 +456,7 @@ jobs: if: ${{ (inputs.needs_zebra_state && !inputs.needs_lwd_state) && inputs.test_id != 'lwd-full-sync' }} run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --ssh-key-expire-after=30s \ --zone ${{ env.ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -501,6 +505,7 @@ jobs: if: ${{ (inputs.needs_zebra_state && inputs.needs_lwd_state) || inputs.test_id == 'lwd-full-sync' }} run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --ssh-key-expire-after=30s \ --zone ${{ env.ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -565,6 +570,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (sprout) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --ssh-key-expire-after=30s \ --zone ${{ env.ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -622,6 +628,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (heartwood) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --ssh-key-expire-after=30s \ --zone ${{ env.ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -676,6 +683,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (canopy) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --ssh-key-expire-after=30s \ --zone ${{ env.ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -732,6 +740,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (1740k) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --ssh-key-expire-after=30s \ --zone ${{ env.ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -790,6 +799,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (1760k) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --ssh-key-expire-after=30s \ --zone ${{ env.ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -848,6 +858,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (1780k) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --ssh-key-expire-after=30s \ --zone ${{ env.ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -907,6 +918,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (1800k) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --ssh-key-expire-after=30s \ --zone ${{ env.ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -965,6 +977,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (1820k) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --ssh-key-expire-after=30s \ --zone ${{ env.ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -1022,6 +1035,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (checkpoint) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --ssh-key-expire-after=30s \ --zone ${{ env.ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -1090,6 +1104,7 @@ jobs: - name: Result of ${{ inputs.test_id }} test run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --ssh-key-expire-after=30s \ --zone ${{ env.ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ @@ -1214,6 +1229,7 @@ jobs: DOCKER_LOGS=$( \ gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ + --ssh-key-expire-after=30s \ --zone ${{ env.ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ From 78cec48af5fe1134eaf3c88e2c54e70fe65afda1 Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Thu, 10 Nov 2022 14:52:08 -0400 Subject: [PATCH 13/17] debug: remove debug commands --- .github/workflows/deploy-gcp-tests.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/deploy-gcp-tests.yml b/.github/workflows/deploy-gcp-tests.yml index 426fe6b7d73..409cb1458e5 100644 --- a/.github/workflows/deploy-gcp-tests.yml +++ b/.github/workflows/deploy-gcp-tests.yml @@ -160,9 +160,6 @@ jobs: # SSH into the just created VM, and create a docker volume with the newly created disk. - name: Create ${{ inputs.test_id }} Docker volume run: | - gcloud info - gcloud auth list - gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ --ssh-key-expire-after=30s \ --zone ${{ env.ZONE }} \ @@ -384,9 +381,6 @@ jobs: # but the cached state can be smaller if we just increased the disk size.) - name: Create ${{ inputs.test_id }} Docker volume run: | - gcloud info - gcloud auth list - gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ --ssh-key-expire-after=30s \ --zone ${{ env.ZONE }} \ From 52062839ed671fa83aa577d76a051ac268bf5bdb Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Thu, 10 Nov 2022 16:42:22 -0400 Subject: [PATCH 14/17] fix(compute): use a lightweight container image --- .github/workflows/deploy-gcp-tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-gcp-tests.yml b/.github/workflows/deploy-gcp-tests.yml index 409cb1458e5..77771017ffb 100644 --- a/.github/workflows/deploy-gcp-tests.yml +++ b/.github/workflows/deploy-gcp-tests.yml @@ -145,7 +145,7 @@ jobs: --boot-disk-size 300GB \ --boot-disk-type pd-ssd \ --create-disk name="${{ inputs.test_id }}-${{ env.GITHUB_SHA_SHORT }}",device-name="${{ inputs.test_id }}-${{ env.GITHUB_SHA_SHORT }}",size=300GB,type=pd-ssd \ - --container-image debian-11-bullseye-v20221102 \ + --container-image gcr.io/google-containers/busybox \ --container-restart-policy=never \ --machine-type ${{ env.MACHINE_TYPE }} \ --scopes cloud-platform \ @@ -364,7 +364,7 @@ jobs: --boot-disk-size 300GB \ --boot-disk-type pd-ssd \ --create-disk image=${{ env.CACHED_DISK_NAME }},name="${{ inputs.test_id }}-${{ env.GITHUB_SHA_SHORT }}",device-name="${{ inputs.test_id }}-${{ env.GITHUB_SHA_SHORT }}",size=300GB,type=pd-ssd \ - --container-image debian-11-bullseye-v20221102 \ + --container-image gcr.io/google-containers/busybox \ --container-restart-policy=never \ --machine-type ${{ env.MACHINE_TYPE }} \ --scopes cloud-platform \ From d12328ad58f366b75b20d6c7ac8cc3e667ab7960 Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Thu, 10 Nov 2022 17:00:57 -0400 Subject: [PATCH 15/17] fix(ci): add missing sudo to docker command --- .github/workflows/deploy-gcp-tests.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy-gcp-tests.yml b/.github/workflows/deploy-gcp-tests.yml index 77771017ffb..68b80d65f4a 100644 --- a/.github/workflows/deploy-gcp-tests.yml +++ b/.github/workflows/deploy-gcp-tests.yml @@ -1229,7 +1229,7 @@ jobs: --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ --command=" \ - docker logs ${{ inputs.test_id }} --tail 200 \ + sudo docker logs ${{ inputs.test_id }} --tail 200 \ ") SYNC_HEIGHT=$( \ @@ -1360,3 +1360,15 @@ jobs: else gcloud compute instances delete "${INSTANCE}" --zone "${{ env.ZONE }}" --delete-disks all --quiet fi + + # Deletes SSH keys generated during this workflow run, as GCP has a limit of SSH keys + # that can exist at the same time in the OS Login metadata. Not deleting this keys + # could cause the following error: + # `Login profile size exceeds 32 KiB. Delete profile values to make additional space` + - name: Delete temporal SSH keys + continue-on-error: true + run: | + for i in $(gcloud compute os-login ssh-keys list --format="table[no-heading](value.fingerprint)"); do + echo "$i"; + gcloud compute os-login ssh-keys remove --key "$i" || true; + done From eb73226dc33bbfefdf126074ef3184b2b6161623 Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Sat, 12 Nov 2022 06:23:13 -0400 Subject: [PATCH 16/17] Update .github/workflows/deploy-gcp-tests.yml Co-authored-by: Deirdre Connolly --- .github/workflows/deploy-gcp-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-gcp-tests.yml b/.github/workflows/deploy-gcp-tests.yml index 68b80d65f4a..f51197c9ab8 100644 --- a/.github/workflows/deploy-gcp-tests.yml +++ b/.github/workflows/deploy-gcp-tests.yml @@ -958,7 +958,7 @@ jobs: # Setup gcloud CLI - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v0.8.1 + uses: google-github-actions/auth@v1.0.0 with: retries: '3' workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' From ef541eee8c137ec3e390acd430b575c77cf95a12 Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Tue, 15 Nov 2022 17:29:15 -0400 Subject: [PATCH 17/17] fix(ssh): delete ssh-keys for the specific GHA service account --- .github/workflows/deploy-gcp-tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-gcp-tests.yml b/.github/workflows/deploy-gcp-tests.yml index f51197c9ab8..ecd9f10fce7 100644 --- a/.github/workflows/deploy-gcp-tests.yml +++ b/.github/workflows/deploy-gcp-tests.yml @@ -1368,7 +1368,7 @@ jobs: - name: Delete temporal SSH keys continue-on-error: true run: | - for i in $(gcloud compute os-login ssh-keys list --format="table[no-heading](value.fingerprint)"); do + for i in $(gcloud compute os-login ssh-keys list --format="table[no-heading](value.fingerprint)") --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com; do echo "$i"; - gcloud compute os-login ssh-keys remove --key "$i" || true; + gcloud compute os-login ssh-keys remove --key "$i" --impersonate-service-account=github-service-account@zealous-zebra.iam.gserviceaccount.com || true; done