diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 5527230..1f440f3 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -6,10 +6,7 @@ on: - main env: - AWS_REGION: us-west-2 - AWS_ROLE: arn:aws:iam::270074865685:role/terraform-module-ci-test GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory permissions: write-all @@ -21,43 +18,6 @@ jobs: id: release-please with: release-type: terraform-module - - name: Install Let's Encrypt Roots and Intermediate Certificates - if: steps.release-please.outputs.pr - run: | - # https://letsencrypt.org/certificates/ - sudo apt-get update -y - sudo apt-get install -y ca-certificates wget openssl libssl-dev - wget https://letsencrypt.org/certs/isrgrootx1.pem # rsa - sudo cp isrgrootx1.pem /usr/local/share/ca-certificates/ - wget https://letsencrypt.org/certs/isrg-root-x2.pem # ecdsa - sudo cp isrg-root-x2.pem /usr/local/share/ca-certificates/ - wget https://letsencrypt.org/certs/2024/r11.pem - sudo cp r11.pem /usr/local/share/ca-certificates/ - wget https://letsencrypt.org/certs/2024/r10.pem - sudo cp r10.pem /usr/local/share/ca-certificates/ - wget https://letsencrypt.org/certs/2024/e5.pem - sudo cp e5.pem /usr/local/share/ca-certificates/ - wget https://letsencrypt.org/certs/2024/e6.pem - sudo cp e6.pem /usr/local/share/ca-certificates/ - sudo update-ca-certificates - - name: Verify Lets Encrypt CA Functionality - if: steps.release-please.outputs.pr - run: | - # Function to check if Let's Encrypt CA is effectively used by openssl - check_letsencrypt_ca() { - # Try to verify a known Let's Encrypt certificate (you can use any valid one) - if openssl s_client -showcerts -connect letsencrypt.org:443 < /dev/null | openssl x509 -noout -issuer | grep -q "Let's Encrypt"; then - return 0 # Success - else - return 1 # Failure - fi - } - if check_letsencrypt_ca; then - echo "Let's Encrypt CA is functioning correctly." - else - echo "Error: Let's Encrypt CA is not being used for verification." - exit 1 - fi - uses: actions/github-script@v7 if: steps.release-please.outputs.pr with: @@ -74,15 +34,6 @@ jobs: with: token: ${{secrets.GITHUB_TOKEN}} fetch-depth: 0 - - id: aws-creds - uses: aws-actions/configure-aws-credentials@v4 - if: steps.release-please.outputs.pr - with: - role-to-assume: ${{env.AWS_ROLE}} - role-session-name: ${{github.run_id}} - aws-region: ${{env.AWS_REGION}} - role-duration-seconds: 7200 # 2 hours - output-credentials: true - name: install-nix if: steps.release-please.outputs.pr run: | @@ -94,15 +45,9 @@ jobs: if: steps.release-please.outputs.pr shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}' env: - AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }} - AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }} - AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }} GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} GITHUB_OWNER: rancher IDENTIFIER: ${{github.run_id}} - ZONE: ${{secrets.ZONE}} - ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory - RANCHER_INSECURE: false run: | ./run_tests.sh - uses: actions/github-script@v7 diff --git a/run_tests.sh b/run_tests.sh index 89f97ab..9cc489b 100755 --- a/run_tests.sh +++ b/run_tests.sh @@ -103,35 +103,6 @@ if [ "$rerun_failed" = true ] && [ -f "/tmp/${IDENTIFIER}_failed_tests.txt" ]; t run_tests true fi -echo "Clearing leftovers with Id $IDENTIFIER in $AWS_REGION..." -sleep 60 - -if [ -n "$IDENTIFIER" ]; then - attempts=0 - # shellcheck disable=SC2143 - while [ -n "$(leftovers -d --iaas=aws --aws-region="$AWS_REGION" --filter="Id:$IDENTIFIER" | grep -v 'AccessDenied')" ] && [ $attempts -lt 3 ]; do - leftovers --iaas=aws --aws-region="$AWS_REGION" --filter="Id:$IDENTIFIER" --no-confirm | grep -v 'AccessDenied' || true - sleep 10 - attempts=$((attempts + 1)) - done - - if [ $attempts -eq 3 ]; then - echo "Warning: Failed to clear all resources after 3 attempts." - fi - - attempts=0 - # shellcheck disable=SC2143 - while [ -n "$(leftovers -d --iaas=aws --aws-region="$AWS_REGION" --type="ec2-key-pair" --filter="tf-$IDENTIFIER" | grep -v 'AccessDenied')" ] && [ $attempts -lt 3 ]; do - leftovers --iaas=aws --aws-region="$AWS_REGION" --type="ec2-key-pair" --filter="tf-$IDENTIFIER" --no-confirm | grep -v 'AccessDenied' || true - sleep 10 - attempts=$((attempts + 1)) - done - - if [ $attempts -eq 3 ]; then - echo "Warning: Failed to clear all EC2 key pairs after 3 attempts." - fi -fi - if [ -f "/tmp/${IDENTIFIER}_failed_tests.txt" ]; then echo "done, test failed" exit 1