Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Use a github variable containing 1password secret references #1921

Merged

Conversation

jcpitre
Copy link
Contributor

@jcpitre jcpitre commented Nov 8, 2024

Closes #1906
Summary:

Set the proper 1password secret references that were changed at one point making the publication to Sonatype fail.

Added the use of a github repo variable ONE_PASSWORD_SECRET_REFERENCES containing key-value pairs for the secret references:

SONATYPE_TOKEN_USERNAME = op://rbiv7rvkkrsdlpcrz3bmv7nmcu/Sonatype user token/username
SONATYPE_TOKEN_PASSWORD = op://rbiv7rvkkrsdlpcrz3bmv7nmcu/Sonatype user token/password
MAVEN_GPG_PRIVATE_KEY = op://rbiv7rvkkrsdlpcrz3bmv7nmcu/dkkfywvsr3xq6eyeubq6cldaxi/Private Key
MAVEN_GPG_PASSPHRASE = op://rbiv7rvkkrsdlpcrz3bmv7nmcu/dkkfywvsr3xq6eyeubq6cldaxi/password
GITHUB_GENERIC_ACTION_CREDENTIALS = op://rbiv7rvkkrsdlpcrz3bmv7nmcu/GitHub generic action token for all repos/credential

The secret references in this variable are obtained from 1password.
So this introduced one level of indirection where the Github workflow should not contain any 1password references. Instead use the .github/actions/extract-1password-secret/action.yml composite action to obtain 1password secrets from an input list specifying the secret of interest.
See the documentation in .github/actions/extract-1password-secret/action.yml

Tested by creating a pre-release and making sure the proper jars are uploaded to Sonaytpe.

Please make sure these boxes are checked before submitting your pull request - thanks!

  • Run the unit tests with gradle test to make sure you didn't break anything
  • Add or update any needed documentation to the repo
  • Format the title like "feat: [new feature short description]". Title must follow the Conventional Commit Specification(https://www.conventionalcommits.org/en/v1.0.0/).
  • Linked all relevant issues
  • Include screenshot(s) showing how this pull request works and fixes the issue(s)

Copy link
Contributor

github-actions bot commented Nov 8, 2024

📝 Acceptance Test Report

📋 Summary

✅ The rule acceptance has passed for commit 5ba4755
Download the full acceptance test report here (report will disappear after 90 days).

📊 Notices Comparison

New Errors (0 out of 1627 datasets, ~0%) ✅

No changes were detected due to the code change.

Dropped Errors (0 out of 1627 datasets, ~0%) ✅

No changes were detected due to the code change.

New Warnings (0 out of 1627 datasets, ~0%) ✅

No changes were detected due to the code change.

Dropped Warnings (0 out of 1627 datasets, ~0%) ✅

No changes were detected due to the code change.

🛡️ Corruption Check

0 out of 1627 sources (~0 %) are corrupted.

⏱️ Performance Assessment

📈 Validation Time

Assess the performance in terms of seconds taken for the validation process.

Time Metric Dataset ID Reference (s) Latest (s) Difference (s)
Average -- 3.97 4.04 ⬆️+0.07
Median -- 1.39 1.46 ⬆️+0.07
Standard Deviation -- 11.39 11.28 ⬇️-0.12
Minimum in References Reports us-california-catalina-express-gtfs-299 0.51 0.71 ⬆️+0.20
Maximum in Reference Reports gb-unknown-uk-aggregate-feed-gtfs-2014 301.97 292.46 ⬇️-9.51
Minimum in Latest Reports us-california-flex-v2-developer-test-feed-1-gtfs-1817 0.61 0.55 ⬇️-0.06
Maximum in Latest Reports gb-unknown-uk-aggregate-feed-gtfs-2014 301.97 292.46 ⬇️-9.51
📜 Memory Consumption
Metric Dataset ID Reference (s) Latest (s) Difference (s)
Average -- 489.77 MiB 475.27 MiB ⬇️-14.51 MiB
Median -- 246.51 MiB 246.48 MiB ⬇️-25.45 KiB
Standard Deviation -- 890.66 MiB 839.89 MiB ⬇️-50.78 MiB
Minimum in References Reports us-oregon-hut-airport-shuttle-gtfs-635 34.48 MiB 34.50 MiB ⬆️+16.00 KiB
Maximum in Reference Reports gb-unknown-uk-aggregate-feed-gtfs-2014 10.10 GiB 10.11 GiB ⬆️+11.64 MiB
Minimum in Latest Reports tr-kocaeli-metro-izmir-gtfs-1824 34.51 MiB 34.48 MiB ⬇️-32.00 KiB
Maximum in Latest Reports gb-unknown-uk-aggregate-feed-gtfs-2014 10.10 GiB 10.11 GiB ⬆️+11.64 MiB

Copy link
Member

@davidgamez davidgamez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a great addition. What are your thoughts about publishing this as an independent GitHub action(not in the scope of this work), so we can reference it in other repositories?

id: onepw_secrets
uses: 1password/load-secrets-action@v2.0.0
with:
export-env: true # Export loaded secrets as environment variables
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@jcpitre
Copy link
Contributor Author

jcpitre commented Nov 8, 2024

This is a great addition. What are your thoughts about publishing this as an independent GitHub action(not in the scope of this work), so we can reference it in other repositories?

Good idea, maybe implement this when we want to use it in mobility-feed-api?

Copy link
Contributor

github-actions bot commented Nov 8, 2024

📝 Acceptance Test Report

📋 Summary

✅ The rule acceptance has passed for commit d2c7bbe
Download the full acceptance test report here (report will disappear after 90 days).

📊 Notices Comparison

New Errors (0 out of 1627 datasets, ~0%) ✅

No changes were detected due to the code change.

Dropped Errors (0 out of 1627 datasets, ~0%) ✅

No changes were detected due to the code change.

New Warnings (0 out of 1627 datasets, ~0%) ✅

No changes were detected due to the code change.

Dropped Warnings (0 out of 1627 datasets, ~0%) ✅

No changes were detected due to the code change.

🛡️ Corruption Check

0 out of 1627 sources (~0 %) are corrupted.

⏱️ Performance Assessment

📈 Validation Time

Assess the performance in terms of seconds taken for the validation process.

Time Metric Dataset ID Reference (s) Latest (s) Difference (s)
Average -- 3.99 4.08 ⬆️+0.09
Median -- 1.40 1.48 ⬆️+0.07
Standard Deviation -- 11.21 11.30 ⬆️+0.09
Minimum in References Reports us-massachusetts-massachusetts-area-express-max-gtfs-431 0.51 0.54 ⬆️+0.03
Maximum in Reference Reports gb-unknown-uk-aggregate-feed-gtfs-2014 289.88 294.71 ⬆️+4.83
Minimum in Latest Reports us-massachusetts-massachusetts-area-express-max-gtfs-431 0.51 0.54 ⬆️+0.03
Maximum in Latest Reports gb-unknown-uk-aggregate-feed-gtfs-2014 289.88 294.71 ⬆️+4.83
📜 Memory Consumption
Metric Dataset ID Reference (s) Latest (s) Difference (s)
Average -- 493.44 MiB 483.00 MiB ⬇️-10.44 MiB
Median -- 246.51 MiB 246.12 MiB ⬇️-401.73 KiB
Standard Deviation -- 904.57 MiB 858.68 MiB ⬇️-45.89 MiB
Minimum in References Reports us-california-flex-v2-developer-test-feed-2-gtfs-1818 34.48 MiB 34.52 MiB ⬆️+32.00 KiB
Maximum in Reference Reports gb-unknown-uk-aggregate-feed-gtfs-2014 9.99 GiB 9.94 GiB ⬇️-42.84 MiB
Minimum in Latest Reports us-oregon-high-desert-point-gtfs-636 34.50 MiB 34.48 MiB ⬇️-24.00 KiB
Maximum in Latest Reports gb-unknown-uk-aggregate-feed-gtfs-2014 9.99 GiB 9.94 GiB ⬇️-42.84 MiB

@jcpitre jcpitre merged commit cf0a275 into master Nov 11, 2024
139 checks passed
@jcpitre jcpitre deleted the 1906-publishing-maven-package-github-action-is-failing-2 branch November 11, 2024 13:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Publishing maven package GitHub action is failing
2 participants