From 960a0bd31396b09599d73d4743846ef169f3542c Mon Sep 17 00:00:00 2001 From: Adrian Riobo Lorenzo Date: Fri, 17 Feb 2023 09:30:02 +0100 Subject: [PATCH] added short-lived credentials from assume-rol to the container execution --- .github/workflows/crc-cloud.yml | 99 +++++++++++++++++++++------------ 1 file changed, 63 insertions(+), 36 deletions(-) diff --git a/.github/workflows/crc-cloud.yml b/.github/workflows/crc-cloud.yml index 7f1ffff..19fe552 100644 --- a/.github/workflows/crc-cloud.yml +++ b/.github/workflows/crc-cloud.yml @@ -16,39 +16,66 @@ jobs: contents: write steps: - - name: Write pullsecret - env: - PULLSECRET_BASE64: ${{ secrets.PS_64 }} - run: | - echo $PULLSECRET_BASE64 | base64 --decode > pullsecret.txt - - - name: Write boot key - run: echo "${{ secrets.KEY }}" > key.txt - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - role-to-assume: ${{ secrets.ROLE }} - aws-region: eu-west-2 - - - run: | - docker run \ - -v ${PWD}:/workspace:z \ - -e AWS_DEFAULT_REGION=eu-west-2 quay.io/crcont/crc-cloud:v0.0.2 \ - create aws \ - --project-name "crc-ocp412" \ - --backed-url "file:///workspace" \ - --output "/workspace" \ - --aws-ami-id "ami-019669c0960dbcf14" \ - --pullsecret-filepath /workspace/pullsecret.txt \ - --key-filepath /workspace/key.txt - - - run: | - docker run \ - -v ${PWD}:/workspace:z \ - -e AWS_DEFAULT_REGION=eu-west-2 \ - quay.io/crcont/crc-cloud:v0.0.2 \ - destroy \ - --project-name "crc-ocp412" \ - --backed-url "file:///workspace" \ - --provider "aws" + - name: Write pullsecret + env: + PULLSECRET_BASE64: ${{ secrets.PS_64 }} + run: | + echo $PULLSECRET_BASE64 | base64 --decode > pullsecret.txt + + - name: Write boot key + run: | + echo "${{ secrets.ID_ECDSA }}" > key.txt + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + role-to-assume: ${{ secrets.ROLE }} + aws-region: eu-west-2 + + - name: Create cluster + run: | + docker run -d --name crc-cloud-create --rm \ + -v ${PWD}:/workspace:z \ + -e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \ + -e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \ + -e AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN} \ + -e AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION} \ + quay.io/crcont/crc-cloud:v0.0.2 \ + create aws \ + --project-name "crc-ocp412" \ + --backed-url "file:///workspace" \ + --output "/workspace" \ + --aws-ami-id "ami-019669c0960dbcf14" \ + --pullsecret-filepath /workspace/pullsecret.txt \ + --key-filepath /workspace/key.txt + + - name: View cluster creation logs + continue-on-error: true + run: | + docker logs -f crc-cloud-create + + - name: Check cluster config + continue-on-error: true + run: | + ls -al /tmp + pwd + ls -al + ssh -i id_rsa core@$(cat host) "cat /opt/kubeconfig" + + - name: Destroy cluster + run: | + docker run -d --name crccloud-destroy --rm \ + -v ${PWD}:/workspace:z \ + -e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \ + -e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \ + -e AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN} \ + -e AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION} \ + quay.io/crcont/crc-cloud:v0.0.2 \ + destroy \ + --project-name "crc-ocp412" \ + --backed-url "file:///workspace" \ + --provider "aws" + + - name: View cluster destroy logs + run: | + docker logs -f crccloud-destroy