github-actions: use ec github secret (#13441) (#13442)

* github-actions: use ec github secret

* vault free

* typo

(cherry picked from commit 9cc9984)

# Conflicts:
#	.github/workflows/generate-smoke-tests-list/action.yml
#	.github/workflows/setup-cluster-env/action.yml
#	.github/workflows/smoke-tests-ess.yml
#	.github/workflows/smoke-tests-os.yml

Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com>

.github/workflows/benchmarks.yml

@@ -49,6 +49,10 @@ jobs:
       GOBENCH_PASSWORD: ${{ secrets.GOBENCH_PASSWORD }}
       GOBENCH_USERNAME: ${{ secrets.GOBENCH_USERNAME }}
       GOBENCH_HOST: ${{ secrets.GOBENCH_HOST }}
+      # TODO: use keyless
+      EC_API_KEY: ${{ secrets.OBSERVABILITY_EC_API_KEY }}
+      AWS_ACCESS_KEY_ID: ${{ secrets.OBSERVABILITY_AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.OBSERVABILITY_AWS_SECRET_ACCESS_KEY }}
     steps:
       - uses: actions/checkout@v4
 
@@ -73,20 +77,6 @@ jobs:
             echo "BENCHMARK_RUN=${{ inputs.benchmarkRun }}" >> "$GITHUB_ENV"
           fi
 
-      - uses: hashicorp/vault-action@v3.0.0
-        env:
-          AWS_CREDENTIALS_PATH: secret/observability-team/ci/elastic-observability-aws-account-auth
-          EC_CREDENTIALS_PATH: secret/observability-team/ci/elastic-cloud/observability-team-pro
-        with:
-          url: ${{ secrets.VAULT_ADDR }}
-          roleId: ${{ secrets.VAULT_ROLE_ID }}
-          secretId: ${{ secrets.VAULT_SECRET_ID }}
-          method: approle
-          secrets: |
-            ${{ env.AWS_CREDENTIALS_PATH }} access_key | AWS_ACCESS_KEY_ID ;
-            ${{ env.AWS_CREDENTIALS_PATH }} secret_key | AWS_SECRET_ACCESS_KEY ;
-            ${{ env.EC_CREDENTIALS_PATH }} apiKey | EC_API_KEY ;
-
       - name: Log in to the Elastic Container registry
         uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
         with:

.github/workflows/generate-smoke-tests-list/action.yml

@@ -0,0 +1,35 @@
+---
+
+name: generate-smoke-tests-list
+description: Generate smoke tests list
+
+inputs:
+  aws-csv-file:
+    description: 'Content with the AWS csv file'
+    required: true
+  aws-profile:
+    description: 'aws profile'
+    required: true
+outputs:
+  tests:
+    description: "List of smoke tests"
+    value: ${{ steps.generate.outputs.tests }}
+  date:
+    description: "Current date"
+    value: ${{ steps.generate.outputs.date }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Setup cluster env
+      uses: ./.github/workflows/setup-cluster-env
+      with:
+        aws-csv-file: ${{ inputs.aws-csv-file }}
+        aws-profile: ${{ inputs.aws-profile }}
+    - id: generate
+      name: Generate matrix and date
+      run: |
+        # remove the full path and use a relative path instead to be github runner agnostic
+        echo "tests=$(make smoketest/discover | sed "s#${GITHUB_WORKSPACE}/#./#g")" >> "${GITHUB_OUTPUT}"
+        echo "date=$(date +%s)" >> "${GITHUB_OUTPUT}"
+      shell: 'bash'

.github/workflows/setup-cluster-env/action.yml

@@ -0,0 +1,33 @@
+---
+
+name: setup-cluster-env
+description: Setup cluster env
+
+inputs:
+  aws-csv-file:
+    description: 'Content with the AWS csv file'
+    required: true
+  aws-profile:
+    description: 'aws profile'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - uses: actions/setup-go@v5
+      with:
+        go-version-file: go.mod
+        cache-dependency-path: |
+          go.sum
+          tools/go.sum
+    - name: Configure AWS account
+      run: |
+        echo "${AWS_ACCOUNT_IMPORT}" > ${{ runner.temp }}/account.csv;
+        sed -i 's/User name/User Name/g' ${{ runner.temp }}/account.csv;
+        aws configure import --csv file://${{ runner.temp }}/account.csv;
+        echo 'AWS_ACCOUNT_IMPORT=' >> ${GITHUB_ENV};
+        rm -f ${{ runner.temp }}/account.csv;
+      shell: 'bash'
+      env:
+        AWS_ACCOUNT_IMPORT: ${{ inputs.aws-csv-file }}
+        AWS_PROFILE: ${{ inputs.aws-profile }}

.github/workflows/smoke-tests-ess.yml

@@ -0,0 +1,66 @@
+name: smoke-tests-ess
+run-name: Smoke Tests ESS
+
+on:
+  workflow_call:
+    inputs:
+      branch:
+        required: true
+        type: string
+
+
+# limit the access of the generated GITHUB_TOKEN
+permissions:
+  contents: read
+
+jobs:
+  prepare:
+    name: Generate smoke tests list
+    runs-on: ubuntu-latest
+    outputs:
+      tests: ${{ steps.generate.outputs.tests }}
+      date: ${{ steps.generate.outputs.date }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.branch }}
+      - id: generate
+        name: Generate matrix and date
+        uses: ./.github/workflows/generate-smoke-tests-list
+        with:
+          aws-csv-file: ${{ secrets.OBSERVABILITY_AWS_CSV_FILE }}
+          aws-profile: ${{ secrets.OBSERVABILITY_AWS_PROFILE }}
+
+  smoke-tests-ess:
+    name: Run smoke tests ${{ matrix.test }} for ${{ matrix.version }}
+    runs-on: ubuntu-latest
+    needs: prepare
+    env:
+      TF_VAR_BUILD_ID: ${{ github.run_id }}
+      TF_VAR_ENVIRONMENT: 'ci'
+      TF_VAR_BRANCH: ${{ github.ref_name }}
+      TF_VAR_REPO: ${{ github.repository }}
+      TF_VAR_CREATED_DATE: ${{ needs.prepare.outputs.date }}
+      # TODO: use keyless
+      EC_API_KEY: ${{ secrets.OBSERVABILITY_EC_API_KEY }}
+    strategy:
+      fail-fast: false
+      matrix:
+        test: ${{ fromJSON(needs.prepare.outputs.tests) }}
+        version:
+          - '7.17'
+          - 'latest'
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.branch }}
+      - name: Setup cluster env
+        uses: ./.github/workflows/setup-cluster-env
+        with:
+          aws-csv-file: ${{ secrets.OBSERVABILITY_AWS_CSV_FILE }}
+          aws-profile: ${{ secrets.OBSERVABILITY_AWS_PROFILE }}
+      - name: Run smoke tests ${{ matrix.test }} for ${{ matrix.version }}
+        run: make smoketest/run-version TEST_DIR=${{ matrix.test }} SMOKETEST_VERSION=${{ matrix.version }}
+      - if: always()
+        name: Teardown smoke test infra
+        run: make smoketest/cleanup TEST_DIR=${{ matrix.test }}

.github/workflows/smoke-tests-os.yml

@@ -0,0 +1,58 @@
+name: smoke-tests-os
+run-name: Smoke Tests OS
+
+on:
+  workflow_call:
+    inputs:
+      branch:
+        required: true
+        type: string
+
+# limit the access of the generated GITHUB_TOKEN
+permissions:
+  contents: read
+
+jobs:
+  prepare:
+    name: Generate smoke tests list
+    runs-on: ubuntu-latest
+    outputs:
+      tests: ${{ steps.generate.outputs.tests }}
+      date: ${{ steps.generate.outputs.date }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.branch }}
+      - id: generate
+        name: Generate matrix and date
+        uses: ./.github/workflows/generate-smoke-tests-list
+        with:
+          aws-csv-file: ${{ secrets.OBSERVABILITY_AWS_CSV_FILE }}
+          aws-profile: ${{ secrets.OBSERVABILITY_AWS_PROFILE }}
+
+  smoke-tests-os:
+    name: Run smoke tests OS
+    runs-on: ubuntu-latest
+    needs: prepare
+    env:
+      TF_VAR_BUILD_ID: ${{ github.run_id }}
+      TF_VAR_ENVIRONMENT: 'ci'
+      TF_VAR_BRANCH: ${{ github.ref_name }}
+      TF_VAR_REPO: ${{ github.repository }}
+      TF_VAR_CREATED_DATE: ${{ needs.prepare.outputs.date }}
+      # TODO: use keyless
+      EC_API_KEY: ${{ secrets.OBSERVABILITY_EC_API_KEY }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.branch }}
+      - name: Get version
+        run: echo "VERSION=$(make get-version)" >> "${GITHUB_ENV}"
+      - name: Setup cluster env
+        uses: ./.github/workflows/setup-cluster-env
+        with:
+          aws-csv-file: ${{ secrets.OBSERVABILITY_AWS_CSV_FILE }}
+          aws-profile: ${{ secrets.OBSERVABILITY_AWS_PROFILE }}
+      - name: Run smoke tests OS
+        working-directory: ${{ github.workspace }}/testing/smoke/supported-os
+        run: ./test.sh ${VERSION}-SNAPSHOT