Skip to content

ROX-22354: autorotate DP secrets if data has changed #2443

ROX-22354: autorotate DP secrets if data has changed

ROX-22354: autorotate DP secrets if data has changed #2443

# This runs tests that check the AWS integartion (RDS,KMS) of fleetshard-sync
name: AWS integration tests
on:
push:
branches:
- main
paths-ignore:
- '*.md'
- '*.sh'
- '.github/*.md'
- '.github/workflows/openapi_update.yaml'
- '.github/CODEOWNERS'
- 'templates/**'
- '.openapi-generator-ignore'
- 'openapi/**'
- 'docs/**'
- 'pkg/api/openapi/docs/**'
- 'pkg/api/openapi/.openapi-generator-ignore'
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
paths-ignore:
- '*.md'
- '*.sh'
- '.github/*.md'
- '.github/workflows/openapi_update.yaml'
- '.github/CODEOWNERS'
- 'templates/**'
- '.openapi-generator-ignore'
- 'openapi/**'
- 'docs/**'
- 'pkg/api/openapi/docs/**'
- 'pkg/api/openapi/.openapi-generator-ignore'
- 'dp-terraform/**'
jobs:
verify-test:
name: "Test AWS Integration"
runs-on: ubuntu-latest
if: ${{ !github.event.pull_request.head.repo.fork }} # do not run for PRs from forks
permissions:
id-token: write
contents: read
environment: development
steps:
- name: Set up Go 1.21
uses: actions/setup-go@v5
with:
go-version: "1.21"
- name: Check out code into the Go module directory
uses: actions/checkout@v4
- name: Cache go module
uses: actions/cache@v4
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Configure AWS credentials
uses: aws-actions/[email protected]
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github
- name: Verify & Test
env:
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_AUTH_HELPER: "none"
FLEETSHARD_SYNC_SECRET_NAME: "aws-integration-tests" # pragma: allowlist secret
run: |
./dev/env/scripts/exec_fleetshard_sync.sh make test/aws
timeout-minutes: 50