remove scripts

abcxyz · Apr 6, 2023 · 38f82e7 · 38f82e7
1 parent 0022b0a
commit 38f82e7
Show file tree

Hide file tree

Showing 8 changed files with 49 additions and 183 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -65,18 +65,6 @@ jobs:
         run: |-
           mvn clean test --no-transfer-progress -f client-lib/java
 
-  # lint_and_unit is a virtual job that is used as dependencies for later jobs.
-  lint_and_unit:
-    runs-on: 'ubuntu-latest'
-    needs:
-      - 'terraform_lint'
-      - 'go_lint'
-      - 'java_lint'
-      - 'go_test'
-      - 'java_test'
-    steps:
-      - run: 'echo prechecks complete'
-
   integration:
     env:
       PROJECT_ID: 'jvs-ci-test'

diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
@@ -2,7 +2,14 @@
 name: 'integration'
 
 on:
+  push:
+    branches:
+      - 'main'
+  pull_request:
+    branches:
+      - 'main'
   workflow_dispatch:
+  workflow_call:
 
 env:
   REGISTRY_HOST: 'us-docker.pkg.dev'
@@ -111,7 +118,7 @@ jobs:
         uses: 'goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b' # ratchet:goreleaser/goreleaser-action@v4
         with:
           version: 'v1.16.2' # Manually pinned
-          args: 'release -f .goreleaser.docker.yaml --rm-dist --skip-validate'
+          args: 'release -f .goreleaser.docker.yaml --clean --skip-validate'
 
   # Deploy integration test infrastructure and run integration tests
   integration:
@@ -121,6 +128,14 @@ jobs:
     permissions:
       contents: 'read'
       id-token: 'write'
+    env:
+      TF_MODULE_DIR: "./terraform/modules/jvs-services"
+      INTEG_TEST_PROJECT_ID: "jvs-ci-test"
+      INTEG_TEST_API_SA: "jvs-api@jvs-ci-test.iam.gserviceaccount.com"
+      INTEG_TEST_UI_SA: "jvs-ui@jvs-ci-test.iam.gserviceaccount.com"
+      INTEG_TEST_CERT_ROTATOR_SA: "jvs-cert-rotator@jvs-ci-test.iam.gserviceaccount.com"
+      INTEG_TEST_PUBLIC_KEY_SA: "jvs-public-key@jvs-ci-test.iam.gserviceaccount.com"
+      INTEG_TEST_KMS_KEYRING_ID: "projects/jvs-ci-test/locations/global/keyRings/jvs-keyring-156a"
     steps:
       - uses: 'actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3' # ratchet:actions/checkout@v3
       - id: 'auth'
@@ -138,21 +153,38 @@ jobs:
       - uses: 'hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1' # ratchet:hashicorp/setup-terraform@v2
         with:
           terraform_wrapper: false
+      - name: 'Write tfvars file'
+        run: |-
+          VAR_FILE=/tmp/jvs_ci.tfvars
+
+          touch /tmp/jvs_ci.tfvars
+          echo project_id=\"${{ env.INTEG_TEST_PROJECT_ID }}\" >> ${VAR_FILE};
+          echo jvs_api_service_account=\"${{ env.INTEG_TEST_API_SA }}\" >> ${VAR_FILE};
+          echo jvs_ui_service_account=\"${{ env.INTEG_TEST_UI_SA }}\" >> ${VAR_FILE};
+          echo jvs_cert_rotator_service_account=\"${{ env.INTEG_TEST_CERT_ROTATOR_SA}}\" >> ${VAR_FILE};
+          echo jvs_public_key_service_account=\"${{ env.INTEG_TEST_PUBLIC_KEY_SA }}\" >> ${VAR_FILE};
+          echo jvs_api_service_image=\"${{ env.REGISTRY }}/jvs-justification:${{ env.DOCKER_TAG }}-amd64\" >> ${VAR_FILE};
+          echo jvs_ui_service_image=\"${{ env.REGISTRY }}/jvs-ui:${{ env.DOCKER_TAG }}-amd64\" >> ${VAR_FILE};
+          echo jvs_cert_rotator_service_image=\"${{ env.REGISTRY }}/jvs-cert-rotation:${{ env.DOCKER_TAG }}-amd64\" >> ${VAR_FILE};
+          echo jvs_public_key_service_image=\"${{ env.REGISTRY }}/jvs-public-key:${{ env.DOCKER_TAG }}-amd64\">> ${VAR_FILE};
+          echo kms_keyring_id=\"${{ env.INTEG_TEST_KMS_KEYRING_ID }}\" >> ${VAR_FILE};
+          echo kms_key_name=\"jvs-key-$RANDOM\" >> ${VAR_FILE};
+          echo kms_key_rotation_minutes=0 >> ${VAR_FILE};
+
+          cat ${VAR_FILE};
+          echo "TFVAR_FILE=${VAR_FILE}" >> $GITHUB_ENV;
+      - name: 'Init the terraform infrastructure'
+        run: terraform -chdir=${{ env.TF_MODULE_DIR }} init
+      - name: 'Apply the infrastructure updates'
+        id: 'tf_apply'
+        run: |-
+          terraform -chdir=${{ env.TF_MODULE_DIR}} apply -auto-approve -var-file=${{ env.TFVAR_FILE }};
       - name: 'Setup Go'
         uses: 'actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9' # ratchet:actions/setup-go@v4
         with:
           go-version: '1.20'
-      - name: 'Deploy and Run integration tests'
-        env:
-          BUILD_COMMON: false
-          PROJECT_ID: "jvs-ci-test"
-          API_SA: "jvs-api@jvs-ci-test.iam.gserviceaccount.com"
-          UI_SA: "jvs-ui@jvs-ci-test.iam.gserviceaccount.com"
-          CERT_ROTATOR_SA: "jvs-cert-rotator@jvs-ci-test.iam.gserviceaccount.com"
-          PUBLIC_KEY_SA: "jvs-public-key@jvs-ci-test.iam.gserviceaccount.com"
-          KMS_KEYRING_ID: "projects/jvs-ci-test/locations/global/keyRings/jvs-keyring-156a"
-          API_IMAGE: "${{env.REGISTRY}}/jvs-justification:${{env.DOCKER_TAG}}-amd64"
-          UI_IMAGE: "${{env.REGISTRY}}/jvs-ui:${{env.DOCKER_TAG}}-amd64"
-          CERT_ROTATOR_IMAGE: "${{env.REGISTRY}}/jvs-cert-rotation:${{env.DOCKER_TAG}}-amd64"
-          PUBLIC_KEY_IMAGE: "${{env.REGISTRY}}/jvs-public-key:${{env.DOCKER_TAG}}-amd64"
-        run: ./scripts/integration.sh
+      # TODO(#158): add integration test
+      - name: 'Cleanup the infrastructure'
+        if: always()
+        run: |-
+          terraform -chdir=${{ env.TF_MODULE_DIR}} apply -destroy -auto-approve -var-file=${{ env.TFVAR_FILE }};
diff --git a/docs/release.md b/docs/release.md
@@ -43,5 +43,5 @@ git tag -f -a v0.0.0-$(git rev-parse --short HEAD)
 # Use goreleaser to build the images.
 # It should in the end push all the images to the given container registry.
 # All the images will be tagged with the git tag given earlier.
-goreleaser release -f .goreleaser.docker.yaml --rm-dist
+goreleaser release -f .goreleaser.docker.yaml --clean
 ```
diff --git a/scripts/build.sh b/scripts/build.sh
diff --git a/scripts/integration.sh b/scripts/integration.sh
diff --git a/scripts/local_test.sh b/scripts/local_test.sh
diff --git a/terraform/modules/jvs-services/public-key.tf b/terraform/modules/jvs-services/public-key.tf
@@ -26,7 +26,7 @@ module "public_key_cloud_run" {
     admins     = []
     developers = []
     # Public key service is meant to be public.
-    invokers = var.public_key_invokers
+    invokers = ["allUsers"]
   }
   envvars = merge({ "KEY_NAMES" : google_kms_crypto_key.signing_key.id }, var.public_key_envvars)
 }
diff --git a/terraform/modules/jvs-services/variables.tf b/terraform/modules/jvs-services/variables.tf
@@ -116,9 +116,3 @@ variable "ui_envvars" {
     "ALLOWLIST" = "*",
   }
 }
-
-variable "public_key_invokers" {
-  description = "Public key service invokers. It is meant to be public, therefore it is allUsers by default."
-  type        = list(string)
-  default     = ["allUsers"]
-}