diff --git a/.github/workflows/e2e_resource_cleanup.yml b/.github/workflows/e2e_resource_cleanup.yml index 8228837ed7..ff3e7554b7 100644 --- a/.github/workflows/e2e_resource_cleanup.yml +++ b/.github/workflows/e2e_resource_cleanup.yml @@ -18,6 +18,7 @@ jobs: fail-fast: false matrix: region: [us-west-2, us-east-1, ca-central-1, eu-central-1] + testAccount: ${{ fromJson(vars.E2E_TEST_ACCOUNTS) }} env: AWS_REGION: ${{ matrix.region }} steps: @@ -27,7 +28,7 @@ jobs: - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # version 4.0.2 with: - role-to-assume: ${{ secrets.E2E_RESOURCE_CLEANUP_ROLE_ARN }} + role-to-assume: arn:aws:iam::${{ matrix.testAccount }}:role/e2e-resource-cleanup aws-region: ${{ matrix.region }} - name: Run E2E resource cleanup run: npm run e2e:cleanup-resources diff --git a/.github/workflows/health_checks.yml b/.github/workflows/health_checks.yml index d7a26f4f7b..363dbe8375 100644 --- a/.github/workflows/health_checks.yml +++ b/.github/workflows/health_checks.yml @@ -204,16 +204,22 @@ jobs: uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # version 4.1.4 - uses: ./.github/actions/setup_node - uses: ./.github/actions/restore_build_cache + - name: Select E2E test account + id: selectE2EAccount + shell: bash + run: echo "e2e_test_account_number=$(npx tsx scripts/select_e2e_test_account.ts)" >> "$GITHUB_OUTPUT" + env: + E2E_TEST_ACCOUNTS: ${{ vars.E2E_TEST_ACCOUNTS }} - name: Configure test tooling credentials uses: ./.github/actions/setup_profile with: - role-to-assume: ${{ secrets.E2E_TOOLING_ROLE_ARN }} + role-to-assume: arn:aws:iam::${{ steps.selectE2EAccount.outputs.e2e_test_account_number }}:role/e2e-test-tooling aws-region: us-west-2 profile-name: e2e-tooling - name: Configure test execution credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # version 4.0.2 with: - role-to-assume: ${{ secrets.E2E_RUNNER_ROLE_ARN }} + role-to-assume: arn:aws:iam::${{ steps.selectE2EAccount.outputs.e2e_test_account_number }}:role/e2e-execution aws-region: us-west-2 - name: Run e2e iam access drift test run: npm run test:dir packages/integration-tests/lib/test-e2e/iam_access_drift.test.js @@ -249,16 +255,22 @@ jobs: node-version: ${{ matrix.node-version }} - uses: ./.github/actions/restore_build_cache - run: cd packages/cli && npm link + - name: Select E2E test account + id: selectE2EAccount + shell: bash + run: echo "e2e_test_account_number=$(npx tsx scripts/select_e2e_test_account.ts)" >> "$GITHUB_OUTPUT" + env: + E2E_TEST_ACCOUNTS: ${{ vars.E2E_TEST_ACCOUNTS }} - name: Configure test tooling credentials uses: ./.github/actions/setup_profile with: - role-to-assume: ${{ secrets.E2E_TOOLING_ROLE_ARN }} + role-to-assume: arn:aws:iam::${{ steps.selectE2EAccount.outputs.e2e_test_account_number }}:role/e2e-test-tooling aws-region: us-west-2 profile-name: e2e-tooling - name: Configure test execution credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # version 4.0.2 with: - role-to-assume: ${{ secrets.E2E_RUNNER_ROLE_ARN }} + role-to-assume: arn:aws:iam::${{ steps.selectE2EAccount.outputs.e2e_test_account_number }}:role/e2e-execution aws-region: us-west-2 - name: Run e2e deployment tests run: npm run test:dir packages/integration-tests/lib/test-e2e/deployment.test.js @@ -292,16 +304,22 @@ jobs: node-version: ${{ matrix.node-version }} - uses: ./.github/actions/restore_build_cache - run: cd packages/cli && npm link + - name: Select E2E test account + id: selectE2EAccount + shell: bash + run: echo "e2e_test_account_number=$(npx tsx scripts/select_e2e_test_account.ts)" >> "$GITHUB_OUTPUT" + env: + E2E_TEST_ACCOUNTS: ${{ vars.E2E_TEST_ACCOUNTS }} - name: Configure test tooling credentials uses: ./.github/actions/setup_profile with: - role-to-assume: ${{ secrets.E2E_TOOLING_ROLE_ARN }} + role-to-assume: arn:aws:iam::${{ steps.selectE2EAccount.outputs.e2e_test_account_number }}:role/e2e-test-tooling aws-region: us-west-2 profile-name: e2e-tooling - name: Configure test execution credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # version 4.0.2 with: - role-to-assume: ${{ secrets.E2E_RUNNER_ROLE_ARN }} + role-to-assume: arn:aws:iam::${{ steps.selectE2EAccount.outputs.e2e_test_account_number }}:role/e2e-execution aws-region: us-west-2 - name: Run e2e sandbox tests run: npm run test:dir packages/integration-tests/lib/test-e2e/sandbox.test.js @@ -321,16 +339,22 @@ jobs: - uses: ./.github/actions/setup_node - uses: ./.github/actions/restore_build_cache - run: cd packages/cli && npm link + - name: Select E2E test account + id: selectE2EAccount + shell: bash + run: echo "e2e_test_account_number=$(npx tsx scripts/select_e2e_test_account.ts)" >> "$GITHUB_OUTPUT" + env: + E2E_TEST_ACCOUNTS: ${{ vars.E2E_TEST_ACCOUNTS }} - name: Configure test tooling credentials uses: ./.github/actions/setup_profile with: - role-to-assume: ${{ secrets.E2E_TOOLING_ROLE_ARN }} + role-to-assume: arn:aws:iam::${{ steps.selectE2EAccount.outputs.e2e_test_account_number }}:role/e2e-test-tooling aws-region: us-west-2 profile-name: e2e-tooling - name: Configure test execution credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # version 4.0.2 with: - role-to-assume: ${{ secrets.E2E_RUNNER_ROLE_ARN }} + role-to-assume: arn:aws:iam::${{ steps.selectE2EAccount.outputs.e2e_test_account_number }}:role/e2e-execution aws-region: us-west-2 - name: Run e2e backend output tests run: npm run test:dir packages/integration-tests/lib/test-e2e/backend_output.test.js @@ -391,16 +415,22 @@ jobs: node-version: ${{ matrix.node-version }} - name: Restore Build Cache uses: ./.github/actions/restore_build_cache + - name: Select E2E test account + id: selectE2EAccount + shell: bash + run: echo "e2e_test_account_number=$(npx tsx scripts/select_e2e_test_account.ts)" >> "$GITHUB_OUTPUT" + env: + E2E_TEST_ACCOUNTS: ${{ vars.E2E_TEST_ACCOUNTS }} - name: Configure test tooling credentials uses: ./.github/actions/setup_profile with: - role-to-assume: ${{ secrets.E2E_TOOLING_ROLE_ARN }} + role-to-assume: arn:aws:iam::${{ steps.selectE2EAccount.outputs.e2e_test_account_number }}:role/e2e-test-tooling aws-region: us-west-2 profile-name: e2e-tooling - name: Configure test execution credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # version 4.0.2 with: - role-to-assume: ${{ secrets.E2E_RUNNER_ROLE_ARN }} + role-to-assume: arn:aws:iam::${{ steps.selectE2EAccount.outputs.e2e_test_account_number }}:role/e2e-execution aws-region: us-west-2 - name: Run E2E flow tests with ${{ matrix.pkg-manager }} shell: bash diff --git a/scripts/select_e2e_test_account.ts b/scripts/select_e2e_test_account.ts new file mode 100644 index 0000000000..3bd2246ca4 --- /dev/null +++ b/scripts/select_e2e_test_account.ts @@ -0,0 +1,11 @@ +if (!process.env.E2E_TEST_ACCOUNTS) { + throw new Error( + 'E2E_TEST_ACCOUNTS environment variable must be defined and contain array of strings with account numbers' + ); +} + +const accounts = JSON.parse(process.env.E2E_TEST_ACCOUNTS); + +const selectedAccount = accounts[Math.floor(Math.random() * accounts.length)]; + +console.log(selectedAccount);