From 2024e08b20a052dbc6d1f7df7f4eef81632f9390 Mon Sep 17 00:00:00 2001 From: cahrens Date: Tue, 2 Jul 2024 10:26:31 -0400 Subject: [PATCH 01/17] Switch to writing credentials from secrets (WOR-1745). --- .github/actions/write-credentials/action.yml | 33 +++++++++++++++++++ .github/workflows/test.yml | 27 ++++----------- .../resources/application-integration.yml | 2 +- 3 files changed, 40 insertions(+), 22 deletions(-) create mode 100644 .github/actions/write-credentials/action.yml diff --git a/.github/actions/write-credentials/action.yml b/.github/actions/write-credentials/action.yml new file mode 100644 index 00000000..e5be29bc --- /dev/null +++ b/.github/actions/write-credentials/action.yml @@ -0,0 +1,33 @@ +name: 'write-credentials' +description: | + Collect the needed credentials for testing and place them in the + appropriate config directory. Note that all of these secrets are + assumed to be base64-encoded JSON service account keys. +inputs: + buffer-app-sa-b64: + description: 'Base64-encoded buffer (RBS) service account' + required: true + janitor-sa-b64: + description: 'Base64-encoded CRL Janitor service account' + required: true + +runs: + using: "composite" + steps: + - name: Write credentials + id: 'setup-user-delegated-creds' + run: | + mkdir -p rendered + + BUFFER_APP_SA_B64=${{ inputs.buffer-app-sa-b64 }} ? + echo ::add-mask::BUFFER_APP_SA_B64 ? + USER_DELEGATED_SA=$(echo BUFFER_APP_SA_B64 | base64 --decode) ? + echo ::add-mask::$BUFFER_APP_SA ? + echo $BUFFER_APP_SA > rendered/sa-account.json + + JANITOR_SA_B64=${{ inputs.janitor-sa-b64 }} + echo ::add-mask::$JANITOR_SA_B64 + JANITOR_SA=$(echo $JANITOR_SA_B64 | base64 --decode) + echo ::add-mask::$JANITOR_SA + echo $JANITOR_SA > rendered/janitor-client-sa-account.json + shell: bash diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c324d6aa..d0acf9e2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -39,28 +39,13 @@ jobs: uses: ./.github/actions/bump-skip with: event-name: ${{ github.event_name }} - - name: Pull Vault image + - name: Write credentials if: steps.skiptest.outputs.is-bump == 'no' - run: docker pull vault:1.1.0 - # Currently, there's no way to add capabilities to Docker actions on Git, and Vault needs IPC_LOCK to run. - - name: Get Vault token - if: steps.skiptest.outputs.is-bump == 'no' - id: vault-token-step - run: | - VAULT_TOKEN=$(docker run --rm --cap-add IPC_LOCK \ - -e "VAULT_ADDR=${VAULT_ADDR}" \ - vault:1.1.0 \ - vault write -field token \ - auth/approle/login role_id=${{ secrets.VAULT_APPROLE_ROLE_ID }} \ - secret_id=${{ secrets.VAULT_APPROLE_SECRET_ID }}) - echo ::add-mask::$VAULT_TOKEN - echo vault-token=$VAULT_TOKEN >> $GITHUB_OUTPUT - - name: Grant execute permission for render-config - if: steps.skiptest.outputs.is-bump == 'no' - run: chmod +x local-dev/render-config.sh - - name: Render configuration for tests - if: steps.skiptest.outputs.is-bump == 'no' - run: local-dev/render-config.sh ${{ steps.vault-token-step.outputs.vault-token }} + id: write-credentials + uses: ./.github/actions/write-credentials + with: + janitor-sa-b64: ${{ secrets.JANITOR_SA_DEV }} + buffer-app-sa-b64: ${{ secrets.BUFFER_APP_SA_DEV }} - name: Initialize Postgres DB if: steps.skiptest.outputs.is-bump == 'no' env: diff --git a/src/test/resources/application-integration.yml b/src/test/resources/application-integration.yml index 0aac1a62..fe30b5a2 100644 --- a/src/test/resources/application-integration.yml +++ b/src/test/resources/application-integration.yml @@ -3,7 +3,7 @@ buffer: # If CRL is used in testing mode. testing-mode: true # Use in test to clean up created cloud resource. - janitor-client-credential-file-path: src/test/resources/rendered/janitor-client-sa-account.json + janitor-client-credential-file-path: ../rendered/janitor-client-sa-account.json janitor-track-resource-project-id: terra-kernel-k8s janitor-track-resource-topic-id: crljanitor-tools-pubsub-topic pool: From c2ad9b4a189ee53f1a40ca4f9cfe90aae3ed7a5d Mon Sep 17 00:00:00 2001 From: cahrens Date: Tue, 2 Jul 2024 11:25:56 -0400 Subject: [PATCH 02/17] Fix issue. --- .github/actions/write-credentials/action.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/actions/write-credentials/action.yml b/.github/actions/write-credentials/action.yml index e5be29bc..beea3841 100644 --- a/.github/actions/write-credentials/action.yml +++ b/.github/actions/write-credentials/action.yml @@ -19,10 +19,10 @@ runs: run: | mkdir -p rendered - BUFFER_APP_SA_B64=${{ inputs.buffer-app-sa-b64 }} ? - echo ::add-mask::BUFFER_APP_SA_B64 ? - USER_DELEGATED_SA=$(echo BUFFER_APP_SA_B64 | base64 --decode) ? - echo ::add-mask::$BUFFER_APP_SA ? + BUFFER_APP_SA_B64=${{ inputs.buffer-app-sa-b64 }} + echo ::add-mask::BUFFER_APP_SA_B64 + USER_DELEGATED_SA=$(echo BUFFER_APP_SA_B64 | base64 --decode) + echo ::add-mask::$BUFFER_APP_SA echo $BUFFER_APP_SA > rendered/sa-account.json JANITOR_SA_B64=${{ inputs.janitor-sa-b64 }} From f1e439ba66b3c941b550d5f8f73faf8013db5a36 Mon Sep 17 00:00:00 2001 From: cahrens Date: Tue, 2 Jul 2024 11:37:48 -0400 Subject: [PATCH 03/17] Fix issue. --- .github/actions/write-credentials/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/write-credentials/action.yml b/.github/actions/write-credentials/action.yml index beea3841..c56698b7 100644 --- a/.github/actions/write-credentials/action.yml +++ b/.github/actions/write-credentials/action.yml @@ -21,7 +21,7 @@ runs: BUFFER_APP_SA_B64=${{ inputs.buffer-app-sa-b64 }} echo ::add-mask::BUFFER_APP_SA_B64 - USER_DELEGATED_SA=$(echo BUFFER_APP_SA_B64 | base64 --decode) + BUFFER_APP_SA=$(echo BUFFER_APP_SA_B64 | base64 --decode) echo ::add-mask::$BUFFER_APP_SA echo $BUFFER_APP_SA > rendered/sa-account.json From e8035436865a66b6d4e91f9b44bf456dc6679e47 Mon Sep 17 00:00:00 2001 From: cahrens Date: Tue, 2 Jul 2024 11:43:07 -0400 Subject: [PATCH 04/17] Try just janitor. --- .github/actions/write-credentials/action.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/actions/write-credentials/action.yml b/.github/actions/write-credentials/action.yml index c56698b7..f216acc5 100644 --- a/.github/actions/write-credentials/action.yml +++ b/.github/actions/write-credentials/action.yml @@ -18,13 +18,13 @@ runs: id: 'setup-user-delegated-creds' run: | mkdir -p rendered - - BUFFER_APP_SA_B64=${{ inputs.buffer-app-sa-b64 }} - echo ::add-mask::BUFFER_APP_SA_B64 - BUFFER_APP_SA=$(echo BUFFER_APP_SA_B64 | base64 --decode) - echo ::add-mask::$BUFFER_APP_SA - echo $BUFFER_APP_SA > rendered/sa-account.json - + +# BUFFER_APP_SA_B64=${{ inputs.buffer-app-sa-b64 }} +# echo ::add-mask::BUFFER_APP_SA_B64 +# BUFFER_APP_SA=$(echo BUFFER_APP_SA_B64 | base64 --decode) +# echo ::add-mask::$BUFFER_APP_SA +# echo $BUFFER_APP_SA > rendered/sa-account.json + JANITOR_SA_B64=${{ inputs.janitor-sa-b64 }} echo ::add-mask::$JANITOR_SA_B64 JANITOR_SA=$(echo $JANITOR_SA_B64 | base64 --decode) From 5da02405118c2ab9c945f1be4a584eb326d03e0b Mon Sep 17 00:00:00 2001 From: cahrens Date: Tue, 2 Jul 2024 11:44:39 -0400 Subject: [PATCH 05/17] Try just janitor. --- .github/actions/write-credentials/action.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/actions/write-credentials/action.yml b/.github/actions/write-credentials/action.yml index f216acc5..57ca58b0 100644 --- a/.github/actions/write-credentials/action.yml +++ b/.github/actions/write-credentials/action.yml @@ -18,13 +18,6 @@ runs: id: 'setup-user-delegated-creds' run: | mkdir -p rendered - -# BUFFER_APP_SA_B64=${{ inputs.buffer-app-sa-b64 }} -# echo ::add-mask::BUFFER_APP_SA_B64 -# BUFFER_APP_SA=$(echo BUFFER_APP_SA_B64 | base64 --decode) -# echo ::add-mask::$BUFFER_APP_SA -# echo $BUFFER_APP_SA > rendered/sa-account.json - JANITOR_SA_B64=${{ inputs.janitor-sa-b64 }} echo ::add-mask::$JANITOR_SA_B64 JANITOR_SA=$(echo $JANITOR_SA_B64 | base64 --decode) From 192b4f0b4833a03e5482caa1f41d8a05993b387b Mon Sep 17 00:00:00 2001 From: cahrens Date: Tue, 2 Jul 2024 12:23:27 -0400 Subject: [PATCH 06/17] fix --- .github/actions/write-credentials/action.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/actions/write-credentials/action.yml b/.github/actions/write-credentials/action.yml index 57ca58b0..9cc1d6df 100644 --- a/.github/actions/write-credentials/action.yml +++ b/.github/actions/write-credentials/action.yml @@ -18,6 +18,13 @@ runs: id: 'setup-user-delegated-creds' run: | mkdir -p rendered + + BUFFER_APP_SA_B64=${{ inputs.buffer-app-sa-b64 }} + echo ::add-mask::BUFFER_APP_SA_B64 + BUFFER_APP_SA=$(echo $BUFFER_APP_SA_B64 | base64 --decode) + echo ::add-mask::$BUFFER_APP_SA + echo $BUFFER_APP_SA > rendered/sa-account.json + JANITOR_SA_B64=${{ inputs.janitor-sa-b64 }} echo ::add-mask::$JANITOR_SA_B64 JANITOR_SA=$(echo $JANITOR_SA_B64 | base64 --decode) From 61586ac13d30637da63a78aef714f7fef258cd44 Mon Sep 17 00:00:00 2001 From: cahrens Date: Tue, 2 Jul 2024 13:55:21 -0400 Subject: [PATCH 07/17] Try giving full path --- .github/actions/write-credentials/action.yml | 2 ++ src/test/resources/application-integration.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/actions/write-credentials/action.yml b/.github/actions/write-credentials/action.yml index 9cc1d6df..04c09a3d 100644 --- a/.github/actions/write-credentials/action.yml +++ b/.github/actions/write-credentials/action.yml @@ -19,6 +19,8 @@ runs: run: | mkdir -p rendered + echo "$(dirname $0)" + BUFFER_APP_SA_B64=${{ inputs.buffer-app-sa-b64 }} echo ::add-mask::BUFFER_APP_SA_B64 BUFFER_APP_SA=$(echo $BUFFER_APP_SA_B64 | base64 --decode) diff --git a/src/test/resources/application-integration.yml b/src/test/resources/application-integration.yml index fe30b5a2..0aac1a62 100644 --- a/src/test/resources/application-integration.yml +++ b/src/test/resources/application-integration.yml @@ -3,7 +3,7 @@ buffer: # If CRL is used in testing mode. testing-mode: true # Use in test to clean up created cloud resource. - janitor-client-credential-file-path: ../rendered/janitor-client-sa-account.json + janitor-client-credential-file-path: src/test/resources/rendered/janitor-client-sa-account.json janitor-track-resource-project-id: terra-kernel-k8s janitor-track-resource-topic-id: crljanitor-tools-pubsub-topic pool: From f6319182d5ce761b348ce366c76aec966b7184e6 Mon Sep 17 00:00:00 2001 From: cahrens Date: Tue, 2 Jul 2024 14:12:44 -0400 Subject: [PATCH 08/17] More debugging --- .../bio/terra/buffer/app/configuration/CrlConfiguration.java | 4 ++-- src/test/resources/application-integration.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/bio/terra/buffer/app/configuration/CrlConfiguration.java b/src/main/java/bio/terra/buffer/app/configuration/CrlConfiguration.java index 20e21ea9..56a9f253 100644 --- a/src/main/java/bio/terra/buffer/app/configuration/CrlConfiguration.java +++ b/src/main/java/bio/terra/buffer/app/configuration/CrlConfiguration.java @@ -242,8 +242,8 @@ public ServiceAccountCredentials loadJanitorClientCredential() { new FileInputStream(janitorClientCredentialFilePath)); } catch (Exception e) { throw new RuntimeException( - "Unable to load Janitor GoogleCredentials from configuration" - + janitorClientCredentialFilePath, + "Unable to load Janitor GoogleCredentials from configuration: " + + janitorClientCredentialFilePath + " CWD: " + System.getProperty("user.dir"), e); } } diff --git a/src/test/resources/application-integration.yml b/src/test/resources/application-integration.yml index 0aac1a62..fe30b5a2 100644 --- a/src/test/resources/application-integration.yml +++ b/src/test/resources/application-integration.yml @@ -3,7 +3,7 @@ buffer: # If CRL is used in testing mode. testing-mode: true # Use in test to clean up created cloud resource. - janitor-client-credential-file-path: src/test/resources/rendered/janitor-client-sa-account.json + janitor-client-credential-file-path: ../rendered/janitor-client-sa-account.json janitor-track-resource-project-id: terra-kernel-k8s janitor-track-resource-topic-id: crljanitor-tools-pubsub-topic pool: From a7700f458e6b4c06a168007fee5c8a50a81a0942 Mon Sep 17 00:00:00 2001 From: cahrens Date: Tue, 2 Jul 2024 14:24:39 -0400 Subject: [PATCH 09/17] More debugging --- .../bio/terra/buffer/app/configuration/CrlConfiguration.java | 3 ++- src/test/resources/application-integration.yml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/main/java/bio/terra/buffer/app/configuration/CrlConfiguration.java b/src/main/java/bio/terra/buffer/app/configuration/CrlConfiguration.java index 56a9f253..bafc04ff 100644 --- a/src/main/java/bio/terra/buffer/app/configuration/CrlConfiguration.java +++ b/src/main/java/bio/terra/buffer/app/configuration/CrlConfiguration.java @@ -243,7 +243,8 @@ public ServiceAccountCredentials loadJanitorClientCredential() { } catch (Exception e) { throw new RuntimeException( "Unable to load Janitor GoogleCredentials from configuration: " - + janitorClientCredentialFilePath + " CWD: " + System.getProperty("user.dir"), + + janitorClientCredentialFilePath + " CWD: " + System.getProperty("user.dir") + " FILEPATH: " + + new java.io.File(janitorClientCredentialFilePath).getAbsolutePath(), e); } } diff --git a/src/test/resources/application-integration.yml b/src/test/resources/application-integration.yml index fe30b5a2..d81754b7 100644 --- a/src/test/resources/application-integration.yml +++ b/src/test/resources/application-integration.yml @@ -3,7 +3,7 @@ buffer: # If CRL is used in testing mode. testing-mode: true # Use in test to clean up created cloud resource. - janitor-client-credential-file-path: ../rendered/janitor-client-sa-account.json + janitor-client-credential-file-path: ../../../rendered/janitor-client-sa-account.json janitor-track-resource-project-id: terra-kernel-k8s janitor-track-resource-topic-id: crljanitor-tools-pubsub-topic pool: From 4d063b872c33f1790cd33647afe9be841fb044ed Mon Sep 17 00:00:00 2001 From: cahrens Date: Tue, 2 Jul 2024 14:31:18 -0400 Subject: [PATCH 10/17] More debugging --- src/test/resources/application-integration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/resources/application-integration.yml b/src/test/resources/application-integration.yml index d81754b7..77d1320b 100644 --- a/src/test/resources/application-integration.yml +++ b/src/test/resources/application-integration.yml @@ -3,7 +3,7 @@ buffer: # If CRL is used in testing mode. testing-mode: true # Use in test to clean up created cloud resource. - janitor-client-credential-file-path: ../../../rendered/janitor-client-sa-account.json + janitor-client-credential-file-path: ../../rendered/janitor-client-sa-account.json janitor-track-resource-project-id: terra-kernel-k8s janitor-track-resource-topic-id: crljanitor-tools-pubsub-topic pool: From 99633a62dfaae9241605880310377180d507ca42 Mon Sep 17 00:00:00 2001 From: cahrens Date: Tue, 2 Jul 2024 14:34:26 -0400 Subject: [PATCH 11/17] More debugging --- .../terra/buffer/app/configuration/CrlConfiguration.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/main/java/bio/terra/buffer/app/configuration/CrlConfiguration.java b/src/main/java/bio/terra/buffer/app/configuration/CrlConfiguration.java index bafc04ff..953a8ece 100644 --- a/src/main/java/bio/terra/buffer/app/configuration/CrlConfiguration.java +++ b/src/main/java/bio/terra/buffer/app/configuration/CrlConfiguration.java @@ -241,10 +241,16 @@ public ServiceAccountCredentials loadJanitorClientCredential() { return ServiceAccountCredentials.fromStream( new FileInputStream(janitorClientCredentialFilePath)); } catch (Exception e) { + String path = new java.io.File(janitorClientCredentialFilePath).getAbsolutePath(); + try { + path = new java.io.File(janitorClientCredentialFilePath).getCanonicalPath(); + } + catch (IOException ignored) { + } throw new RuntimeException( "Unable to load Janitor GoogleCredentials from configuration: " + janitorClientCredentialFilePath + " CWD: " + System.getProperty("user.dir") + " FILEPATH: " - + new java.io.File(janitorClientCredentialFilePath).getAbsolutePath(), + + path, e); } } From 13d67535897369852feffe8895270a7c0a3e8549 Mon Sep 17 00:00:00 2001 From: cahrens Date: Tue, 2 Jul 2024 14:42:27 -0400 Subject: [PATCH 12/17] More debugging --- .github/actions/write-credentials/action.yml | 2 ++ src/test/resources/application-integration.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/actions/write-credentials/action.yml b/.github/actions/write-credentials/action.yml index 04c09a3d..e45f89c6 100644 --- a/.github/actions/write-credentials/action.yml +++ b/.github/actions/write-credentials/action.yml @@ -32,4 +32,6 @@ runs: JANITOR_SA=$(echo $JANITOR_SA_B64 | base64 --decode) echo ::add-mask::$JANITOR_SA echo $JANITOR_SA > rendered/janitor-client-sa-account.json + + echo "$ls -l rendered" shell: bash diff --git a/src/test/resources/application-integration.yml b/src/test/resources/application-integration.yml index 77d1320b..a83b99c0 100644 --- a/src/test/resources/application-integration.yml +++ b/src/test/resources/application-integration.yml @@ -3,7 +3,7 @@ buffer: # If CRL is used in testing mode. testing-mode: true # Use in test to clean up created cloud resource. - janitor-client-credential-file-path: ../../rendered/janitor-client-sa-account.json + janitor-client-credential-file-path: ../../_temp/rendered/janitor-client-sa-account.json janitor-track-resource-project-id: terra-kernel-k8s janitor-track-resource-topic-id: crljanitor-tools-pubsub-topic pool: From 189f497f5c172d8cb4ec62d318b6a2ae231f839f Mon Sep 17 00:00:00 2001 From: cahrens Date: Tue, 2 Jul 2024 14:50:08 -0400 Subject: [PATCH 13/17] More debugging --- .github/actions/write-credentials/action.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/actions/write-credentials/action.yml b/.github/actions/write-credentials/action.yml index e45f89c6..35c9756f 100644 --- a/.github/actions/write-credentials/action.yml +++ b/.github/actions/write-credentials/action.yml @@ -33,5 +33,6 @@ runs: echo ::add-mask::$JANITOR_SA echo $JANITOR_SA > rendered/janitor-client-sa-account.json - echo "$ls -l rendered" + echo "$(ls -d $PWD*/)" + echo "$(ls -l rendered)" shell: bash From 6f90b7af7716c62910a6a26b6c2d7e623aab7d0d Mon Sep 17 00:00:00 2001 From: cahrens Date: Tue, 2 Jul 2024 15:00:07 -0400 Subject: [PATCH 14/17] More debugging --- .github/actions/write-credentials/action.yml | 2 -- src/test/resources/application-integration.yml | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/actions/write-credentials/action.yml b/.github/actions/write-credentials/action.yml index 35c9756f..cafe76e0 100644 --- a/.github/actions/write-credentials/action.yml +++ b/.github/actions/write-credentials/action.yml @@ -19,8 +19,6 @@ runs: run: | mkdir -p rendered - echo "$(dirname $0)" - BUFFER_APP_SA_B64=${{ inputs.buffer-app-sa-b64 }} echo ::add-mask::BUFFER_APP_SA_B64 BUFFER_APP_SA=$(echo $BUFFER_APP_SA_B64 | base64 --decode) diff --git a/src/test/resources/application-integration.yml b/src/test/resources/application-integration.yml index a83b99c0..6eb412f2 100644 --- a/src/test/resources/application-integration.yml +++ b/src/test/resources/application-integration.yml @@ -3,7 +3,7 @@ buffer: # If CRL is used in testing mode. testing-mode: true # Use in test to clean up created cloud resource. - janitor-client-credential-file-path: ../../_temp/rendered/janitor-client-sa-account.json + janitor-client-credential-file-path: rendered/janitor-client-sa-account.json janitor-track-resource-project-id: terra-kernel-k8s janitor-track-resource-topic-id: crljanitor-tools-pubsub-topic pool: From d21ed9a869f94d711e272114e0e08d36481c7bc2 Mon Sep 17 00:00:00 2001 From: cahrens Date: Tue, 2 Jul 2024 15:46:11 -0400 Subject: [PATCH 15/17] More debugging --- gradle/testing.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/testing.gradle b/gradle/testing.gradle index 382477ee..f45280e7 100644 --- a/gradle/testing.gradle +++ b/gradle/testing.gradle @@ -6,7 +6,7 @@ test { import org.gradle.api.tasks.testing.logging.TestExceptionFormat // This is the path to the default Google service account for the buffer service to run as. -def googleCredentialsFile = "${projectDir}/src/test/resources/rendered/sa-account.json" +def googleCredentialsFile = "${projectDir}/rendered/sa-account.json" tasks.withType(Test) { environment = [ 'GOOGLE_APPLICATION_CREDENTIALS': "${googleCredentialsFile}" From c5e878ae04ba385eb357effa6554ae7ef5a428fd Mon Sep 17 00:00:00 2001 From: cahrens Date: Tue, 2 Jul 2024 17:00:21 -0400 Subject: [PATCH 16/17] Cleanup --- .github/actions/write-credentials/action.yml | 7 ++----- .../buffer/app/configuration/CrlConfiguration.java | 11 ++--------- 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/.github/actions/write-credentials/action.yml b/.github/actions/write-credentials/action.yml index cafe76e0..021744cc 100644 --- a/.github/actions/write-credentials/action.yml +++ b/.github/actions/write-credentials/action.yml @@ -1,7 +1,7 @@ name: 'write-credentials' description: | - Collect the needed credentials for testing and place them in the - appropriate config directory. Note that all of these secrets are + Collect the needed credentials for integration testing and place them in a + directory named "rendered". Note that all of these secrets are assumed to be base64-encoded JSON service account keys. inputs: buffer-app-sa-b64: @@ -30,7 +30,4 @@ runs: JANITOR_SA=$(echo $JANITOR_SA_B64 | base64 --decode) echo ::add-mask::$JANITOR_SA echo $JANITOR_SA > rendered/janitor-client-sa-account.json - - echo "$(ls -d $PWD*/)" - echo "$(ls -l rendered)" shell: bash diff --git a/src/main/java/bio/terra/buffer/app/configuration/CrlConfiguration.java b/src/main/java/bio/terra/buffer/app/configuration/CrlConfiguration.java index 953a8ece..20e21ea9 100644 --- a/src/main/java/bio/terra/buffer/app/configuration/CrlConfiguration.java +++ b/src/main/java/bio/terra/buffer/app/configuration/CrlConfiguration.java @@ -241,16 +241,9 @@ public ServiceAccountCredentials loadJanitorClientCredential() { return ServiceAccountCredentials.fromStream( new FileInputStream(janitorClientCredentialFilePath)); } catch (Exception e) { - String path = new java.io.File(janitorClientCredentialFilePath).getAbsolutePath(); - try { - path = new java.io.File(janitorClientCredentialFilePath).getCanonicalPath(); - } - catch (IOException ignored) { - } throw new RuntimeException( - "Unable to load Janitor GoogleCredentials from configuration: " - + janitorClientCredentialFilePath + " CWD: " + System.getProperty("user.dir") + " FILEPATH: " - + path, + "Unable to load Janitor GoogleCredentials from configuration" + + janitorClientCredentialFilePath, e); } } From 6734656683307706defc480d6bdfbfd1e51aaa49 Mon Sep 17 00:00:00 2001 From: cahrens Date: Tue, 2 Jul 2024 17:01:51 -0400 Subject: [PATCH 17/17] Cleanup --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d0acf9e2..252c2b1b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -39,7 +39,7 @@ jobs: uses: ./.github/actions/bump-skip with: event-name: ${{ github.event_name }} - - name: Write credentials + - name: Write credentials for integration tests if: steps.skiptest.outputs.is-bump == 'no' id: write-credentials uses: ./.github/actions/write-credentials