-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy path.env.test.example
More file actions
100 lines (84 loc) · 4.16 KB
/
.env.test.example
File metadata and controls
100 lines (84 loc) · 4.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# Environment variables for running integration and end-to-end tests.
#
# Copy this file to `.env.test` and fill with real values.
# Never commit real secrets.
#
# Setup: see docs/09-testing/02-test-infra-setup.md
# AWS - Management
AWS_MANAGEMENT_REGION="<region>"
AWS_MANAGEMENT_ACCESS_KEY_ID="<aws-management-access-key-id>"
AWS_MANAGEMENT_SECRET_ACCESS_KEY="<aws-management-secret-access-key>"
AWS_MANAGEMENT_ACCOUNT_ID="<12-digit-account-id>"
# AWS - Target
AWS_TARGET_REGION="<region>"
AWS_TARGET_ACCESS_KEY_ID="<aws-target-access-key-id>"
AWS_TARGET_SECRET_ACCESS_KEY="<aws-target-secret-access-key>"
AWS_TARGET_ACCOUNT_ID="<12-digit-account-id>"
# AWS test resources
ALIEN_TEST_AWS_S3_BUCKET="<s3-bucket-name>"
ALIEN_TEST_AWS_LAMBDA_IMAGE="<account>.dkr.ecr.<region>.amazonaws.com/<repo>:<tag>"
ALIEN_TEST_AWS_LAMBDA_EXECUTION_ROLE_ARN="arn:aws:iam::<account-id>:role/<lambda-role-name>"
ALIEN_TEST_AWS_ECR_PUSH_ROLE_ARN="arn:aws:iam::<account-id>:role/<ecr-push-role-name>"
ALIEN_TEST_AWS_ECR_PULL_ROLE_ARN="arn:aws:iam::<account-id>:role/<ecr-pull-role-name>"
ALIEN_TEST_AWS_ECR_REPOSITORY="<account>.dkr.ecr.<region>.amazonaws.com/<repo>"
# Google Cloud - Management
GOOGLE_MANAGEMENT_SERVICE_ACCOUNT_KEY='<service-account-json>'
GOOGLE_MANAGEMENT_PROJECT_ID="<gcp-project-id>"
GOOGLE_MANAGEMENT_REGION="<region>"
# Google Cloud - Target
GOOGLE_TARGET_SERVICE_ACCOUNT_KEY='<service-account-json>'
GOOGLE_TARGET_PROJECT_ID="<gcp-project-id>"
GOOGLE_TARGET_REGION="<region>"
# GCP test resources
ALIEN_TEST_GCP_GCS_BUCKET="<gcs-bucket-name>"
ALIEN_TEST_GCP_CLOUDRUN_IMAGE="<region>-docker.pkg.dev/<project>/<repo>/<image>:<tag>"
ALIEN_TEST_GCP_GAR_REPOSITORY="<region>-docker.pkg.dev/<project>/<repo>/<image>"
# Azure - Management
AZURE_MANAGEMENT_SUBSCRIPTION_ID="<azure-subscription-id>"
AZURE_MANAGEMENT_TENANT_ID="<azure-tenant-id>"
AZURE_MANAGEMENT_CLIENT_ID="<azure-client-id>"
AZURE_MANAGEMENT_CLIENT_SECRET="<azure-client-secret>"
AZURE_MANAGEMENT_REGION="<region>"
# Azure OIDC (production/CI mode)
# In CI (GitHub Actions): set automatically by the OIDC token acquisition step
# In local dev: leave empty (SP fallback will be used instead)
AZURE_MANAGEMENT_OIDC_ISSUER=
AZURE_MANAGEMENT_OIDC_SUBJECT=
# AZURE_FEDERATED_TOKEN_FILE is set by CI step (not in .env)
# Azure SP (local dev fallback)
# Used when OIDC is not configured (AZURE_MANAGEMENT_OIDC_ISSUER is empty)
AZURE_MANAGEMENT_SP_CLIENT_ID="<from terraform output>"
AZURE_MANAGEMENT_SP_CLIENT_SECRET="<from terraform output>"
AZURE_MANAGEMENT_SP_OBJECT_ID="<from terraform output>"
# Azure - Target
AZURE_TARGET_SUBSCRIPTION_ID="<azure-subscription-id>"
AZURE_TARGET_TENANT_ID="<azure-tenant-id>"
AZURE_TARGET_CLIENT_ID="<azure-client-id>"
AZURE_TARGET_CLIENT_SECRET="<azure-client-secret>"
# Azure shared region setting
AZURE_REGION="<region>"
# Azure test resources
ALIEN_TEST_AZURE_RESOURCE_GROUP="<resource-group-name>"
ALIEN_TEST_AZURE_STORAGE_ACCOUNT="<storage-account-name>"
ALIEN_TEST_AZURE_TEST_BLOB_CONTAINER="<blob-container-name>"
ALIEN_TEST_AZURE_CONTAINER_APP_IMAGE="<registry>.azurecr.io/<image>:<tag>"
ALIEN_TEST_AZURE_MANAGED_ENVIRONMENT_NAME="<container-app-env-name>"
ALIEN_TEST_AZURE_REGISTRY_NAME="<acr-name>"
ALIEN_TEST_AZURE_ACR_REPOSITORY="<registry>.azurecr.io/<image>"
# E2E Artifact Registries (separate from cloud-client test resources)
E2E_AWS_AR_PUSH_ROLE_ARN="arn:aws:iam::<account-id>:role/<e2e-push-role>"
E2E_AWS_AR_PULL_ROLE_ARN="arn:aws:iam::<account-id>:role/<e2e-pull-role>"
E2E_GCP_AR_PUSH_SA_EMAIL="<e2e-push-sa>@<project>.iam.gserviceaccount.com"
E2E_GCP_AR_PULL_SA_EMAIL="<e2e-pull-sa>@<project>.iam.gserviceaccount.com"
E2E_GCP_GAR_REPOSITORY="<region>-docker.pkg.dev/<project>/<e2e-repo>"
E2E_AZURE_ACR_REPOSITORY="<registry>.azurecr.io/<e2e-image>"
# AWS management role/identity for cross-account impersonation
AWS_MANAGEMENT_ROLE_ARN="arn:aws:iam::<account-id>:role/<management-role>"
AWS_MANAGEMENT_ROLE_NAME="<management-role-name>"
# Ngrok (required for push-mode E2E tests — cloud functions submit
# command responses back to the manager via this tunnel)
NGROK_AUTHTOKEN="<ngrok-auth-token>"
# Telemetry
AXIOM_OTLP_ENDPOINT="https://api.axiom.co/v1/traces"
AXIOM_TOKEN="<axiom-token>"
AXIOM_DATASET="<axiom-dataset>"