Skip to content

Commit

Permalink
Merge pull request #1413 from buildkite/oidc-to-tests
Browse files Browse the repository at this point in the history 
Assume an IAM role via OIDC when running integration tests
  • Loading branch information
@yob
yob authored Dec 16, 2024
2 parents f37669c + c04f3f7 commit aa02f5f
Showing 1 changed file with 42 additions and 0 deletions.
42 changes: 42 additions & 0 deletions .buildkite/pipeline.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,9 @@ steps:
- "fmt"
- "lint"
- "fixperms-tests"
plugins:
- aws-assume-role-with-web-identity#v1.1.0:
role-arn: arn:aws:iam::172840064832:role/pipeline-buildkite-aws-stack-buildkite-aws-stack

- id: "packer-windows-amd64"
name: ":packer: :windows:"
Expand All @@ -43,6 +46,9 @@ steps:
- "fmt"
- "lint"
- "fixperms-tests"
plugins:
- aws-assume-role-with-web-identity#v1.1.0:
role-arn: arn:aws:iam::172840064832:role/pipeline-buildkite-aws-stack-buildkite-aws-stack

- id: "launch-windows-amd64"
name: ":cloudformation: :windows: AMD64 Launch"
Expand All @@ -53,6 +59,9 @@ steps:
depends_on:
- "packer-windows-amd64"
- "deploy-service-role-stack"
plugins:
- aws-assume-role-with-web-identity#v1.1.0:
role-arn: arn:aws:iam::172840064832:role/pipeline-buildkite-aws-stack-buildkite-aws-stack

- id: "test-windows-amd64"
name: ":cloudformation: :windows: AMD64 Test"
Expand All @@ -75,6 +84,9 @@ steps:
queue: "${BUILDKITE_AGENT_META_DATA_QUEUE}"
depends_on:
- "test-windows-amd64"
plugins:
- aws-assume-role-with-web-identity#v1.1.0:
role-arn: arn:aws:iam::172840064832:role/pipeline-buildkite-aws-stack-buildkite-aws-stack

- id: "packer-linux-amd64"
name: ":packer: :linux: AMD64"
Expand All @@ -87,6 +99,9 @@ steps:
- "fmt"
- "lint"
- "fixperms-tests"
plugins:
- aws-assume-role-with-web-identity#v1.1.0:
role-arn: arn:aws:iam::172840064832:role/pipeline-buildkite-aws-stack-buildkite-aws-stack

- id: "launch-linux-amd64"
name: ":cloudformation: :linux: AMD64 Launch"
Expand All @@ -97,6 +112,9 @@ steps:
depends_on:
- "packer-linux-amd64"
- "deploy-service-role-stack"
plugins:
- aws-assume-role-with-web-identity#v1.1.0:
role-arn: arn:aws:iam::172840064832:role/pipeline-buildkite-aws-stack-buildkite-aws-stack

- id: "test-linux-amd64"
name: ":cloudformation: :linux: AMD64 Test"
Expand All @@ -118,6 +136,9 @@ steps:
queue: "${BUILDKITE_AGENT_META_DATA_QUEUE}"
depends_on:
- "test-linux-amd64"
plugins:
- aws-assume-role-with-web-identity#v1.1.0:
role-arn: arn:aws:iam::172840064832:role/pipeline-buildkite-aws-stack-buildkite-aws-stack

- id: "packer-linux-arm64"
name: ":packer: :linux: ARM64"
Expand All @@ -130,6 +151,9 @@ steps:
- "fmt"
- "lint"
- "fixperms-tests"
plugins:
- aws-assume-role-with-web-identity#v1.1.0:
role-arn: arn:aws:iam::172840064832:role/pipeline-buildkite-aws-stack-buildkite-aws-stack

- id: "launch-linux-arm64"
name: ":cloudformation: :linux: ARM64 Launch"
Expand All @@ -140,6 +164,9 @@ steps:
depends_on:
- "packer-linux-arm64"
- "deploy-service-role-stack"
plugins:
- aws-assume-role-with-web-identity#v1.1.0:
role-arn: arn:aws:iam::172840064832:role/pipeline-buildkite-aws-stack-buildkite-aws-stack

- id: "test-linux-arm64"
name: ":cloudformation: :linux: ARM64 Test"
Expand All @@ -161,6 +188,9 @@ steps:
queue: "${BUILDKITE_AGENT_META_DATA_QUEUE}"
depends_on:
- "test-linux-arm64"
plugins:
- aws-assume-role-with-web-identity#v1.1.0:
role-arn: arn:aws:iam::172840064832:role/pipeline-buildkite-aws-stack-buildkite-aws-stack

- id: "delete-service-role-stack"
name: ":aws-iam: :cloudformation: Delete"
Expand All @@ -171,6 +201,9 @@ steps:
- "delete-windows-amd64"
- "delete-linux-amd64"
- "delete-linux-arm64"
plugins:
- aws-assume-role-with-web-identity#v1.1.0:
role-arn: arn:aws:iam::172840064832:role/pipeline-buildkite-aws-stack-buildkite-aws-stack

- id: "copy-ami"
name: ":cloudformation: 🚚 🌎"
Expand All @@ -182,6 +215,9 @@ steps:
- "test-linux-amd64"
- "test-linux-arm64"
- "test-windows-amd64"
plugins:
- aws-assume-role-with-web-identity#v1.1.0:
role-arn: arn:aws:iam::172840064832:role/pipeline-buildkite-aws-stack-buildkite-aws-stack

- id: "publish"
name: ":cloudformation: :rocket:"
Expand All @@ -193,10 +229,16 @@ steps:
concurrency_method: eager
artifact_paths: "build/*.yml"
depends_on: "copy-ami"
plugins:
- aws-assume-role-with-web-identity#v1.1.0:
role-arn: arn:aws:iam::172840064832:role/pipeline-buildkite-aws-stack-buildkite-aws-stack

- id: cleanup
name: ":broom: Cleanup"
command: .buildkite/steps/cleanup.sh
agents:
queue: "${BUILDKITE_AGENT_META_DATA_QUEUE}"
depends_on: "publish"
plugins:
- aws-assume-role-with-web-identity#v1.1.0:
role-arn: arn:aws:iam::172840064832:role/pipeline-buildkite-aws-stack-buildkite-aws-stack

0 comments on commit aa02f5f

Please sign in to comment.