fix: workaround for ARGO_TOKEN (#107)

mkolasinski-splunk · web-flow · commit 792080822de4 · 2022-11-02T09:26:13.000+01:00
* fix: workaround for ARGO_TOKEN

New step update-argo-token added to assure ARGO_TOKEN is updated in case of credential rotation

* workaround applied for KO and modinput tests
diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml
@@ -642,12 +642,17 @@ jobs:
           addon-name: ${{ needs.setup.outputs.addon-name }}
           sc4s-version: ${{ matrix.sc4s.version }}
           sc4s-docker-registry: ${{ matrix.sc4s.docker_registry }}
+      - name: Read secrets from AWS Secrets Manager again into environment variables in case credential rotation
+        id: update-argo-token
+        run: |
+          ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString')
+          echo "::set-output name=argo-token::$ARGO_TOKEN"
       - name: Check if pod was deleted
         id: is-pod-deleted
         if: always()
         shell: bash
         env:
-          ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }}
+          ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }}
         run: |
           set -o xtrace
           if argo watch ${{ steps.run-tests.outputs.workflow-name }} -n workflows | grep "pod deleted"; then
@@ -657,7 +662,7 @@ jobs:
         id: retry-wf
         shell: bash
         env:
-          ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }}
+          ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }}
         if: always()
         run: |
           set -o xtrace
@@ -674,7 +679,7 @@ jobs:
           fi
       - name: check if workflow completed
         env:
-          ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }}
+          ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }}
         shell: bash
         if: always()
         run: |
@@ -813,12 +818,17 @@ jobs:
           addon-name: ${{ needs.setup.outputs.addon-name }}
           vendor-version: ${{ matrix.vendor-version.image }}
           sc4s-version: "No"
+      - name: Read secrets from AWS Secrets Manager again into environment variables in case credential rotation
+        id: update-argo-token
+        run: |
+          ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString')
+          echo "::set-output name=argo-token::$ARGO_TOKEN"
       - name: Check if pod was deleted
         id: is-pod-deleted
         if: always()
         shell: bash
         env:
-          ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }}
+          ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }}
         run: |
           set -o xtrace
           if argo watch ${{ steps.run-tests.outputs.workflow-name }} -n workflows | grep "pod deleted" ; then
@@ -828,7 +838,7 @@ jobs:
         id: retry-wf
         shell: bash
         env:
-          ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }}
+          ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }}
         if: always()
         run: |
           set -o xtrace
@@ -845,7 +855,7 @@ jobs:
           fi
       - name: check if workflow completed
         env:
-          ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }}
+          ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }}
         if: always()
         shell: bash
         run: |
@@ -983,12 +993,17 @@ jobs:
           addon-name: ${{ needs.setup.outputs.addon-name }}
           vendor-version: ${{ matrix.vendor-version.image }}
           sc4s-version: "No"
+      - name: Read secrets from AWS Secrets Manager again into environment variables in case credential rotation
+        id: update-argo-token
+        run: |
+          ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString')
+          echo "::set-output name=argo-token::$ARGO_TOKEN"
       - name: Check if pod was deleted
         id: is-pod-deleted
         if: always()
         shell: bash
         env:
-          ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }}
+          ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }}
         run: |
           set -o xtrace
           if argo watch ${{ steps.run-tests.outputs.workflow-name }} -n workflows | grep "pod deleted"; then
@@ -998,7 +1013,7 @@ jobs:
         id: retry-wf
         shell: bash
         env:
-          ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }}
+          ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }}
         if: always()
         run: |
           set -o xtrace
@@ -1015,7 +1030,7 @@ jobs:
           fi
       - name: check if workflow completed
         env:
-          ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }}
+          ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }}
         if: always()
         shell: bash
         run: |
