From fdca4a21accd7955f6817620a7c031a4b0016068 Mon Sep 17 00:00:00 2001 From: JVThomas Date: Mon, 14 Aug 2023 07:54:23 -0400 Subject: [PATCH 01/24] WX-983 initial skeleton of workflow, checking if test call works and that env variables flow in correctly --- .github/workflows/run_workflow.yml | 312 ++++++++++++++++++ .../azure_e2e/AzureRunWorkflowSpec.scala | 33 ++ 2 files changed, 345 insertions(+) create mode 100644 .github/workflows/run_workflow.yml create mode 100644 server/src/test/scala/cromwell/azure_e2e/AzureRunWorkflowSpec.scala diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml new file mode 100644 index 00000000000..bb5a8ca4079 --- /dev/null +++ b/.github/workflows/run_workflow.yml @@ -0,0 +1,312 @@ +# Workflow action that will run Cromwell e2e test against a Azure based BEE +# For now it'll only test that a simple workflow is run + +#Ned to create a billing project in Azure first before being able to run the test + +name: 'Azure e2e - Run Workflow' +description: e2e test that performs critical path/user journey tests against Cromwell on Azure +on: + workflow_dispatch: + inputs: + branch: + description: 'Branch of Cromwell to run tests on' + required: true + default: 'develop' + type: string + delete-bee: + description: 'Delete created bee after running tests' + required: true + default: true + type: boolean + # Replace user data with seeded data provided by devOps (once available) + owner-subject: + description: 'Owner (used for creating tmp billing project)' + required: true + default: 'hermione.owner@quality.firecloud.org' + type: string + non-owner-subject: + description: 'Student (non-owner used for e2e testing)' + required: true + default: 'harry.potter@quality.firecloud.org' + type: string + service-account: + description: 'Email address or unique identifier of the Google Cloud service account for which to generate credentials' + required: true + default: 'firecloud-qa@broad-dsde-qa.iam.gserviceaccount.com' + type: string + access-token-scopes: + description: 'List of OAuth 2.0 access scopes to be included in the generated token' + required: true + default: 'profile, email, openid' + type: string + tenant-id: + description: 'Azure tenant ID. The default tenant is DSP Terra Dev' + required: true + default: 'fad90753-2022-4456-9b0a-c7e5b934e408' + type: string + subscription-id: + description: 'Azure subscription ID' + required: true + # Update this with the static variable provided by devOps (once it's available) + default: 'f557c728-871d-408c-a28b-eb6b2141a087. #The default subscription is 8201558-dsp-azure-testing' + type: string + mrg-id: + # Update this with the static variable devOps provides (when available) + description: 'Azure Managed Resource Group name. The default is staticTestingMrg within subscription 8201558-dsp-azure-testing.' + required: true + default: 'staticTestingMrg' + type: string + landing-zone-id: + description: 'Landing Zone ID. An existing LZID tag within a given MRG.' + required: true + # NOTE: LZs are deleted and recreated after a couple of days, need to figure out a way to get this dynamically + # Might not be an issue. DevOps is working on getting static Landing Zones up and running + # Update this with the static value from devOps (once available) + default: 'f41c1a97-179b-4a18-9615-5214d79ba600' + type: string + +env: + BEE_NAME: '${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt}}-dev' + TOKEN: '${{ secrets.BROADBOT_TOKEN }}' # github token for access to kick off a job in the private repo + +jobs: + init-github-context: + runs-on: ubuntu-latest + outputs: + branch: ${{ steps.extract-inputs.outputs.branch }} + delete-bee: ${{ steps.extract-inputs.outputs.delete-bee }} + steps: +## NOTE: below was included in the rawls template but seems redundant due to defined values up on top +## Remove if it ends up being unecessary +# - name: Get inputs or use defaults +# id: extract-inputs +# run: | +# echo "branch=${{ inputs.branch || 'develop' }}" >> "$GITHUB_OUTPUT" +# echo "delete-bee=${{ inputs.delete-bee || false }}" >> "$GITHUB_OUTPUT" + + # rawls-build-tag-publish-job: + # runs-on: ubuntu-latest + # needs: [init-github-context] + # permissions: + # contents: 'read' + # id-token: 'write' + # outputs: + # custom-version-json: ${{ steps.render-rawls-version.outputs.custom-version-json }} + # steps: + # - uses: 'actions/checkout@v3' + # with: + # ref: ${{ needs.init-github-context.outputs.branch }} + + # - name: Bump the tag to a new version + # uses: databiosphere/github-actions/actions/bumper@bumper-0.2.0 + # id: tag + # env: + # DEFAULT_BUMP: patch + # GITHUB_TOKEN: ${{ env.TOKEN }} + # RELEASE_BRANCHES: main + # WITH_V: true + + # - name: dispatch build to terra-github-workflows + # uses: broadinstitute/workflow-dispatch@v3 + # with: + # workflow: rawls-build + # repo: broadinstitute/terra-github-workflows + # ref: refs/heads/main + # token: ${{ env.TOKEN }} + # inputs: '{ "repository": "${{ github.event.repository.full_name }}", "ref": "refs/heads/${{ needs.init-github-context.outputs.branch }}", "rawls-release-tag": "${{ steps.tag.outputs.tag }}" }' + + # - name: Render Rawls version + # id: render-rawls-version + # env: + # GITHUB_CONTEXT: ${{ toJSON(github) }} + # run: | + # echo "$GITHUB_CONTEXT" + # echo "custom-version-json={\\\"rawls\\\":{\\\"appVersion\\\":\\\"${{ steps.tag.outputs.tag }}\\\"}}" >> $GITHUB_OUTPUT + + # NOTE: Commenting out for now, want to confirm that env variables are being set in test +# create-bee-workflow: +# runs-on: ubuntu-latest +# permissions: +# contents: 'read' +# id-token: 'write' +# steps: +# # If we're running nightly tests then it should be fine to just reference env variant +# # - name: Echo Rawls version +# # run: | +# # echo '${{ needs.rawls-build-tag-publish-job.outputs.custom-version-json }}' +# +# - name: dispatch to terra-github-workflows +# uses: broadinstitute/workflow-dispatch@v3 +# with: +# workflow: bee-create +# repo: broadinstitute/terra-github-workflows +# ref: refs/heads/main +# token: ${{ env.TOKEN }} +# # inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "bee-template-name": "rawls-e2e-azure-tests", "version-template": "dev", "custom-version-json": "${{ needs.rawls-build-tag-publish-job.outputs.custom-version-json }}" }' +# +# # NOTE: Which env to use? Prod is reflective of current user environment, but dev is more likely to be up to date +# inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "bee-template-name": "cromwell-e2e-azure-tests", "version-template": "prod" }' + + # This job provisions useful parameters for e2e tests, including access tokens. + # Please note: access tokens are for use in the same workflow, they cannot be dispatched to remote workflows. +# az-e2e-params-gen: +# runs-on: ubuntu-latest +# permissions: +# contents: 'read' +# id-token: 'write' +# outputs: +# owner-access-token: ${{ steps.owner_auth.outputs.access_token }} +# non-owner-access-token: ${{ steps.non_owner_auth.outputs.access_token }} +# project-name: ${{ steps.gen.outputs.project_name }} +# steps: +## NOTE:Below action was part of Rawls template +## Not sure if this is the right place to put it, need to confirm +# - uses: 'actions/checkout@v3' +# +# - name: Generate OAuth2 2.0 access token for owner +# id: 'owner_auth' +# uses: google-github-actions/auth@v1 +# with: +# token_format: 'access_token' +# workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider' +# service_account: ${{ inputs.service-account }} +# access_token_scopes: ${{ inputs.access-token-scopes }} +# access_token_subject: ${{ inputs.owner-subject }} +# export_environment_variables: false +# +# - name: Generate OAuth2 2.0 access token for non-owner +# id: 'non_owner_auth' +# uses: google-github-actions/auth@v1 +# with: +# token_format: 'access_token' +# workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider' +# service_account: ${{ inputs.service-account }} +# access_token_scopes: ${{ inputs.access-token-scopes }} +# access_token_subject: ${{ inputs.non-owner-subject }} +# export_environment_variables: false + +# NOTE: Need this as well, just commenting out until env pipeline is confirmed +# - name: Generate a random billing project name +# id: 'gen' +# run: | +# project_name=$(echo "tmp-billing-project-$(uuidgen)" | cut -c -30) +# echo "project_name=${project_name}" >> $GITHUB_OUTPUT + + # NOTE: Ivan is currently building out a workflow to handle this + # Should I wait or move forward with my own implementation? + # attach-landing-zone-to-bee-workflow: + # runs-on: ubuntu-latest + # needs: [az-e2e-params-gen, create-bee-workflow] + # permissions: + # contents: 'read' + # id-token: 'write' + # steps: + # - name: Verify token generation + # run: | + # echo ${{ needs.az-e2e-params-gen.outputs.owner-access-token }} + + # - name: dispatch to terra-github-workflows + # uses: broadinstitute/workflow-dispatch@v3 + # with: + # workflow: attach-landing-zone-to-bee.yaml + # repo: broadinstitute/terra-github-workflows + # ref: refs/heads/cromwell-az-e2e-test + # token: ${{ env.TOKEN }} + # inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "billing-project": "${{ needs.az-e2e-params-gen.outputs.project-name }}", "tenant-id": "${{ inputs.tenant-id }}", "subscription-id": "${{ inputs.subscription-id }}", "mrg-id": "${{ inputs.mrg-id }}", "landing-zone-id": "${{ inputs.landing-zone-id }}", "billing-project-creator": "${{ inputs.owner-subject }}", "service-account": "${{ inputs.service-account }}" }' + + # Below is an example of how rawls is set up to run their e2e tests + # Use this as a workflow reference to setup Cromwell e2e tests + # rawls-swat-e2e-test-job: + # runs-on: ubuntu-latest + # needs: [az-e2e-params-gen, attach-landing-zone-to-bee-workflow, create-bee-workflow, init-github-context] + # permissions: + # contents: 'read' + # id-token: 'write' + # steps: + # - name: Configure the user subjects for the test + # run: | + # echo "USER_SUBJECTS='{\"owner\": \"hermione.owner@quality.firecloud.org\", \"users\": [\"harry.potter@quality.firecloud.org\"]}'" >> $GITHUB_ENV + + # - name: dispatch to terra-github-workflows + # env: + # rawls_test_command: "testOnly -- -l ProdTest -l NotebooksCanaryTest -n org.broadinstitute.dsde.test.api.WorkspacesAzureTest" + # uses: broadinstitute/workflow-dispatch@v3 + # with: + # workflow: .github/workflows/rawls-swat-tests.yaml + # repo: broadinstitute/terra-github-workflows + # ref: refs/heads/iv-az-e2e-1 + # token: ${{ env.TOKEN }} + # inputs: | + # bee-name=${{ env.BEE_NAME }} + # ENV=qa + # ref=refs/heads/${{ needs.init-github-context.outputs.branch }} + # test-group-name=workspaces_azure + # test-command=${{ env.rawls_test_command }} + # java-version=17 + # billing-project=${{ needs.az-e2e-params-gen.outputs.project-name }} + # e2e=true + # service-account=${{ inputs.service-account }} + # user-subjects=${{ env.USER_SUBJECTS }} + + run-cromwell-az-e2e: + runs-on: ubuntu-latest +# Disabling below for now until I can confirm that env variables flow into test +# needs: [az-e2e-params-gen, init-github-context] + permissions: + contents: 'read' + id-token: 'write' + steps: + - uses: actions/checkout@v3 # checkout the cromwell repo + with: + ref: ${{ inputs.target-branch }} + - uses: ./.github/set_up_cromwell_action #This github action will set up git-secrets, caching, java, and sbt. + with: + cromwell_repo_token: ${{ secrets.BROADBOT_GITHUB_TOKEN }} + # NOTE: below was template for rawls, may not need it for Cromwell +# - name: Configure the users for the test +# run: | +# echo "USER_SUBJECTS='{\"owner\": \"hermione.owner@quality.firecloud.org\", \"users\": [\"harry.potter@quality.firecloud.org\"]}'" >> $GITHUB_ENV + - name: Run e2e test + env: + OWNER: ${{inputs.owner-subject}} + run: | + sbt "testOnly *AzureRunWorkflowSpec" + + # NOTE: Commenting out for now, need to confirm env variable access first before testing this +# delete-billing-project-v2-from-bee-workflow: +# runs-on: ubuntu-latest +# needs: [az-e2e-params-gen, cromwell-e2e-test-job] +# if: false +# steps: +# - name: dispatch to terra-github-workflows +# uses: broadinstitute/workflow-dispatch@v3 +# with: +# workflow: .github/workflows/delete-billing-project-v2-from-bee.yaml +# repo: broadinstitute/terra-github-workflows +# ref: refs/heads/iv-az-e2e-1 +# token: ${{ env.TOKEN }} +# inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "billing-project": "${{ needs.az-e2e-params-gen.outputs.project-name }}", "billing-project-owner": "${{ inputs.owner-subject }}", "service-account": "${{ inputs.service-account }}" }' + + # NOTE: disabling for now, need to confirm that test can run and get env variables first +# destroy-bee-workflow: +# runs-on: ubuntu-latest +# needs: [cromwell-e2e-test-job, delete-billing-project-v2-from-bee-workflow, init-github-context] +# if: ${{ needs.init-github-context.outputs.delete-bee }} # always run to confirm bee is destroyed unless explicitly requested not to +# permissions: +# contents: 'read' +# id-token: 'write' +# steps: +# - name: dispatch to terra-github-workflows +# uses: broadinstitute/workflow-dispatch@v3 +# with: +# workflow: bee-destroy +# repo: broadinstitute/terra-github-workflows +# ref: refs/heads/main +# token: ${{ env.TOKEN }} +# inputs: '{ "bee-name": "${{ env.BEE_NAME }}" }' +# + + + + + diff --git a/server/src/test/scala/cromwell/azure_e2e/AzureRunWorkflowSpec.scala b/server/src/test/scala/cromwell/azure_e2e/AzureRunWorkflowSpec.scala new file mode 100644 index 00000000000..335de9bcb90 --- /dev/null +++ b/server/src/test/scala/cromwell/azure_e2e/AzureRunWorkflowSpec.scala @@ -0,0 +1,33 @@ +package cromwell.azure_e2e + +import akka.actor.ActorSystem +import org.scalatest.flatspec.AnyFlatSpec +import org.scalatest.BeforeAndAfterAll +import org.scalatest.matchers.should.Matchers._ +import akka.http.scaladsl.Http +import akka.http.scaladsl.model._ +import org.scalatest.matchers.should.Matchers + +import scala.concurrent.Future +import scala.util.{Failure, Success} + +class AzureRunWorkflowSpec extends AnyFlatSpec with BeforeAndAfterAll with Matchers { + +// implicit val system = ActorSystem() + + //Before building out the test, confirm that env variables defined in the GHA is being passed into this testing env + "Run workflow" should "be successfully submitted with Cromwell on Azure" in { + val owner: String = sys.env("OWNER") + owner should be ("hermione.owner@quality.firecloud.org") + +// val responseFuture: Future[HttpResponse] = Http().singleRequest( +// HttpRequest( +// +// ) +// ) +// responseFuture onComplete { +// case Success(res) => println("test") +// case Failure(_) => println("something wrong") +// } + } +} From 27b4031b838b5b8b58f45fa263cd6abcfddcf00d Mon Sep 17 00:00:00 2001 From: JVThomas Date: Mon, 14 Aug 2023 08:03:07 -0400 Subject: [PATCH 02/24] WX-983 fully commented out github context action --- .github/workflows/run_workflow.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index bb5a8ca4079..28cac2e8b14 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -70,12 +70,12 @@ env: TOKEN: '${{ secrets.BROADBOT_TOKEN }}' # github token for access to kick off a job in the private repo jobs: - init-github-context: - runs-on: ubuntu-latest - outputs: - branch: ${{ steps.extract-inputs.outputs.branch }} - delete-bee: ${{ steps.extract-inputs.outputs.delete-bee }} - steps: +# init-github-context: +# runs-on: ubuntu-latest +# outputs: +# branch: ${{ steps.extract-inputs.outputs.branch }} +# delete-bee: ${{ steps.extract-inputs.outputs.delete-bee }} +# steps: ## NOTE: below was included in the rawls template but seems redundant due to defined values up on top ## Remove if it ends up being unecessary # - name: Get inputs or use defaults From 5445798b744ac2118a8466d6f4aed6814046cd47 Mon Sep 17 00:00:00 2001 From: JVThomas Date: Mon, 14 Aug 2023 09:21:13 -0400 Subject: [PATCH 03/24] WX-983 updated branch ref to point to testing/ticket branch --- .github/workflows/run_workflow.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index 28cac2e8b14..64275884bcb 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -258,7 +258,9 @@ jobs: steps: - uses: actions/checkout@v3 # checkout the cromwell repo with: - ref: ${{ inputs.target-branch }} +# ref: ${{ inputs.target-branch }} + #NOTE: replace below with inputs value as part of final cleanup + ref: refs/heads/WX-983 - uses: ./.github/set_up_cromwell_action #This github action will set up git-secrets, caching, java, and sbt. with: cromwell_repo_token: ${{ secrets.BROADBOT_GITHUB_TOKEN }} From 69914cac8b0c4fd9f01ff6e2faf90e6321fc6882 Mon Sep 17 00:00:00 2001 From: JVThomas Date: Mon, 14 Aug 2023 09:39:02 -0400 Subject: [PATCH 04/24] WX-983 swapping workflow_dispatch for push just to test workflow skeleton --- .github/workflows/run_workflow.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index 64275884bcb..5fef50891d5 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -6,7 +6,8 @@ name: 'Azure e2e - Run Workflow' description: e2e test that performs critical path/user journey tests against Cromwell on Azure on: - workflow_dispatch: + # NOTE: swap out with workflow_dispatch once I'm working on bee implementation + push: inputs: branch: description: 'Branch of Cromwell to run tests on' From 474f485a6bec1536973a875242eff604c06aed5e Mon Sep 17 00:00:00 2001 From: JVThomas Date: Tue, 22 Aug 2023 10:09:21 -0400 Subject: [PATCH 05/24] WX-983 additional workflow updates --- .github/workflows/run_workflow.yml | 335 +++++++----------- .../azure_e2e/AzureRunWorkflowSpec.scala | 33 -- 2 files changed, 120 insertions(+), 248 deletions(-) delete mode 100644 server/src/test/scala/cromwell/azure_e2e/AzureRunWorkflowSpec.scala diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index 5fef50891d5..8e58fd7738b 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -6,8 +6,8 @@ name: 'Azure e2e - Run Workflow' description: e2e test that performs critical path/user journey tests against Cromwell on Azure on: - # NOTE: swap out with workflow_dispatch once I'm working on bee implementation - push: + # NOTE: swap out with workflow_dispatch once code is ready to be merged + workflow_dispatch: inputs: branch: description: 'Branch of Cromwell to run tests on' @@ -20,16 +20,11 @@ on: default: true type: boolean # Replace user data with seeded data provided by devOps (once available) - owner-subject: - description: 'Owner (used for creating tmp billing project)' + user-subject: + description: 'User who will be submitting workflow' required: true default: 'hermione.owner@quality.firecloud.org' type: string - non-owner-subject: - description: 'Student (non-owner used for e2e testing)' - required: true - default: 'harry.potter@quality.firecloud.org' - type: string service-account: description: 'Email address or unique identifier of the Google Cloud service account for which to generate credentials' required: true @@ -43,6 +38,7 @@ on: tenant-id: description: 'Azure tenant ID. The default tenant is DSP Terra Dev' required: true + # Swap with devOps provided tenant ID when available default: 'fad90753-2022-4456-9b0a-c7e5b934e408' type: string subscription-id: @@ -71,188 +67,97 @@ env: TOKEN: '${{ secrets.BROADBOT_TOKEN }}' # github token for access to kick off a job in the private repo jobs: -# init-github-context: -# runs-on: ubuntu-latest -# outputs: -# branch: ${{ steps.extract-inputs.outputs.branch }} -# delete-bee: ${{ steps.extract-inputs.outputs.delete-bee }} -# steps: -## NOTE: below was included in the rawls template but seems redundant due to defined values up on top -## Remove if it ends up being unecessary -# - name: Get inputs or use defaults -# id: extract-inputs -# run: | -# echo "branch=${{ inputs.branch || 'develop' }}" >> "$GITHUB_OUTPUT" -# echo "delete-bee=${{ inputs.delete-bee || false }}" >> "$GITHUB_OUTPUT" - - # rawls-build-tag-publish-job: - # runs-on: ubuntu-latest - # needs: [init-github-context] - # permissions: - # contents: 'read' - # id-token: 'write' - # outputs: - # custom-version-json: ${{ steps.render-rawls-version.outputs.custom-version-json }} - # steps: - # - uses: 'actions/checkout@v3' - # with: - # ref: ${{ needs.init-github-context.outputs.branch }} - - # - name: Bump the tag to a new version - # uses: databiosphere/github-actions/actions/bumper@bumper-0.2.0 - # id: tag - # env: - # DEFAULT_BUMP: patch - # GITHUB_TOKEN: ${{ env.TOKEN }} - # RELEASE_BRANCHES: main - # WITH_V: true - - # - name: dispatch build to terra-github-workflows - # uses: broadinstitute/workflow-dispatch@v3 - # with: - # workflow: rawls-build - # repo: broadinstitute/terra-github-workflows - # ref: refs/heads/main - # token: ${{ env.TOKEN }} - # inputs: '{ "repository": "${{ github.event.repository.full_name }}", "ref": "refs/heads/${{ needs.init-github-context.outputs.branch }}", "rawls-release-tag": "${{ steps.tag.outputs.tag }}" }' - - # - name: Render Rawls version - # id: render-rawls-version - # env: - # GITHUB_CONTEXT: ${{ toJSON(github) }} - # run: | - # echo "$GITHUB_CONTEXT" - # echo "custom-version-json={\\\"rawls\\\":{\\\"appVersion\\\":\\\"${{ steps.tag.outputs.tag }}\\\"}}" >> $GITHUB_OUTPUT + init-github-context: + runs-on: ubuntu-latest + outputs: + branch: ${{ steps.extract-inputs.outputs.branch }} + delete-bee: ${{ steps.extract-inputs.outputs.delete-bee }} + steps: +# NOTE: below was included in the rawls template but seems redundant due to defined values up on top +# Remove if it ends up being unecessary + - name: Get inputs or use defaults + id: extract-inputs + run: | + echo "branch=${{ inputs.branch || 'develop' }}" >> "$GITHUB_OUTPUT" + echo "delete-bee=${{ inputs.delete-bee || false }}" >> "$GITHUB_OUTPUT" - # NOTE: Commenting out for now, want to confirm that env variables are being set in test -# create-bee-workflow: -# runs-on: ubuntu-latest -# permissions: -# contents: 'read' -# id-token: 'write' -# steps: -# # If we're running nightly tests then it should be fine to just reference env variant -# # - name: Echo Rawls version -# # run: | -# # echo '${{ needs.rawls-build-tag-publish-job.outputs.custom-version-json }}' -# -# - name: dispatch to terra-github-workflows -# uses: broadinstitute/workflow-dispatch@v3 -# with: -# workflow: bee-create -# repo: broadinstitute/terra-github-workflows -# ref: refs/heads/main -# token: ${{ env.TOKEN }} -# # inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "bee-template-name": "rawls-e2e-azure-tests", "version-template": "dev", "custom-version-json": "${{ needs.rawls-build-tag-publish-job.outputs.custom-version-json }}" }' -# -# # NOTE: Which env to use? Prod is reflective of current user environment, but dev is more likely to be up to date -# inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "bee-template-name": "cromwell-e2e-azure-tests", "version-template": "prod" }' +# NOTE: Commenting out for now, want to confirm that env variables are being set in test + create-bee-workflow: + runs-on: ubuntu-latest + permissions: + contents: 'read' + id-token: 'write' + steps: + # If we're running nightly tests then it should be fine to just reference env variant + - name: Dispatch to terra-github-workflows + uses: broadinstitute/workflow-dispatch@v3 + with: + workflow: bee-create + repo: broadinstitute/terra-github-workflows + ref: refs/heads/main + token: ${{ env.TOKEN }} + # NOTE: Which env to use? Prod is reflective of current user environment, but dev is more likely to be up-to-date + inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "bee-template-name": "cromwell-e2e-azure-tests", "version-template": "prod" }' # This job provisions useful parameters for e2e tests, including access tokens. # Please note: access tokens are for use in the same workflow, they cannot be dispatched to remote workflows. -# az-e2e-params-gen: -# runs-on: ubuntu-latest -# permissions: -# contents: 'read' -# id-token: 'write' -# outputs: -# owner-access-token: ${{ steps.owner_auth.outputs.access_token }} -# non-owner-access-token: ${{ steps.non_owner_auth.outputs.access_token }} -# project-name: ${{ steps.gen.outputs.project_name }} -# steps: -## NOTE:Below action was part of Rawls template -## Not sure if this is the right place to put it, need to confirm -# - uses: 'actions/checkout@v3' -# -# - name: Generate OAuth2 2.0 access token for owner -# id: 'owner_auth' -# uses: google-github-actions/auth@v1 -# with: -# token_format: 'access_token' -# workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider' -# service_account: ${{ inputs.service-account }} -# access_token_scopes: ${{ inputs.access-token-scopes }} -# access_token_subject: ${{ inputs.owner-subject }} -# export_environment_variables: false -# -# - name: Generate OAuth2 2.0 access token for non-owner -# id: 'non_owner_auth' -# uses: google-github-actions/auth@v1 -# with: -# token_format: 'access_token' -# workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider' -# service_account: ${{ inputs.service-account }} -# access_token_scopes: ${{ inputs.access-token-scopes }} -# access_token_subject: ${{ inputs.non-owner-subject }} -# export_environment_variables: false + az-e2e-params-gen: + runs-on: ubuntu-latest + permissions: + contents: 'read' + id-token: 'write' + outputs: + owner-access-token: ${{ steps.owner_auth.outputs.access_token }} + project-name: ${{ steps.gen.outputs.project_name }} + steps: +# NOTE:Below action was part of Rawls template +# Not sure if this is the right place to put it, need to confirm + - uses: 'actions/checkout@v3' + - name: Generate OAuth2 2.0 access token for owner + id: 'owner_auth' + uses: google-github-actions/auth@v1 + with: + token_format: 'access_token' + workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider' + service_account: ${{ inputs.service-account }} + access_token_scopes: ${{ inputs.access-token-scopes }} + access_token_subject: ${{ inputs.owner-subject }} + export_environment_variables: false # NOTE: Need this as well, just commenting out until env pipeline is confirmed -# - name: Generate a random billing project name -# id: 'gen' -# run: | -# project_name=$(echo "tmp-billing-project-$(uuidgen)" | cut -c -30) -# echo "project_name=${project_name}" >> $GITHUB_OUTPUT - - # NOTE: Ivan is currently building out a workflow to handle this - # Should I wait or move forward with my own implementation? - # attach-landing-zone-to-bee-workflow: - # runs-on: ubuntu-latest - # needs: [az-e2e-params-gen, create-bee-workflow] - # permissions: - # contents: 'read' - # id-token: 'write' - # steps: - # - name: Verify token generation - # run: | - # echo ${{ needs.az-e2e-params-gen.outputs.owner-access-token }} - - # - name: dispatch to terra-github-workflows - # uses: broadinstitute/workflow-dispatch@v3 - # with: - # workflow: attach-landing-zone-to-bee.yaml - # repo: broadinstitute/terra-github-workflows - # ref: refs/heads/cromwell-az-e2e-test - # token: ${{ env.TOKEN }} - # inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "billing-project": "${{ needs.az-e2e-params-gen.outputs.project-name }}", "tenant-id": "${{ inputs.tenant-id }}", "subscription-id": "${{ inputs.subscription-id }}", "mrg-id": "${{ inputs.mrg-id }}", "landing-zone-id": "${{ inputs.landing-zone-id }}", "billing-project-creator": "${{ inputs.owner-subject }}", "service-account": "${{ inputs.service-account }}" }' - - # Below is an example of how rawls is set up to run their e2e tests - # Use this as a workflow reference to setup Cromwell e2e tests - # rawls-swat-e2e-test-job: - # runs-on: ubuntu-latest - # needs: [az-e2e-params-gen, attach-landing-zone-to-bee-workflow, create-bee-workflow, init-github-context] - # permissions: - # contents: 'read' - # id-token: 'write' - # steps: - # - name: Configure the user subjects for the test - # run: | - # echo "USER_SUBJECTS='{\"owner\": \"hermione.owner@quality.firecloud.org\", \"users\": [\"harry.potter@quality.firecloud.org\"]}'" >> $GITHUB_ENV - - # - name: dispatch to terra-github-workflows - # env: - # rawls_test_command: "testOnly -- -l ProdTest -l NotebooksCanaryTest -n org.broadinstitute.dsde.test.api.WorkspacesAzureTest" - # uses: broadinstitute/workflow-dispatch@v3 - # with: - # workflow: .github/workflows/rawls-swat-tests.yaml - # repo: broadinstitute/terra-github-workflows - # ref: refs/heads/iv-az-e2e-1 - # token: ${{ env.TOKEN }} - # inputs: | - # bee-name=${{ env.BEE_NAME }} - # ENV=qa - # ref=refs/heads/${{ needs.init-github-context.outputs.branch }} - # test-group-name=workspaces_azure - # test-command=${{ env.rawls_test_command }} - # java-version=17 - # billing-project=${{ needs.az-e2e-params-gen.outputs.project-name }} - # e2e=true - # service-account=${{ inputs.service-account }} - # user-subjects=${{ env.USER_SUBJECTS }} +# UPDATE: may not need this either if DevOps provides a static billing project, landing zone, and resource group. + - name: Generate a random billing project name + id: 'gen' + run: | + project_name=$(echo "tmp-billing-project-$(uuidgen)" | cut -c -30) + echo "project_name=${project_name}" >> $GITHUB_OUTPUT + +# NOTE: Ivan is currently building out a workflow to handle this +# Should I wait or move forward with my own implementation? + attach-landing-zone-to-bee-workflow: + runs-on: ubuntu-latest + needs: [az-e2e-params-gen, create-bee-workflow] + permissions: + contents: 'read' + id-token: 'write' + steps: + - name: Verify token generation + run: | + echo ${{ needs.az-e2e-params-gen.outputs.owner-access-token }} + + - name: dispatch to terra-github-workflows + uses: broadinstitute/workflow-dispatch@v3 + with: + workflow: attach-landing-zone-to-bee.yaml + repo: broadinstitute/terra-github-workflows + ref: refs/heads/cromwell-az-e2e-test + token: ${{ env.TOKEN }} +# NOTE: Replace these values with devOps' static values + inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "billing-project": "${{ needs.az-e2e-params-gen.outputs.project-name }}", "tenant-id": "${{ inputs.tenant-id }}", "subscription-id": "${{ inputs.subscription-id }}", "mrg-id": "${{ inputs.mrg-id }}", "landing-zone-id": "${{ inputs.landing-zone-id }}", "billing-project-creator": "${{ inputs.owner-subject }}", "service-account": "${{ inputs.service-account }}" }' run-cromwell-az-e2e: runs-on: ubuntu-latest -# Disabling below for now until I can confirm that env variables flow into test -# needs: [az-e2e-params-gen, init-github-context] + needs: [az-e2e-params-gen, init-github-context] permissions: contents: 'read' id-token: 'write' @@ -272,41 +177,41 @@ jobs: - name: Run e2e test env: OWNER: ${{inputs.owner-subject}} - run: | - sbt "testOnly *AzureRunWorkflowSpec" +# Swap below with new python testing script +# run: | +# sbt "testOnly *AzureRunWorkflowSpec" - # NOTE: Commenting out for now, need to confirm env variable access first before testing this -# delete-billing-project-v2-from-bee-workflow: -# runs-on: ubuntu-latest -# needs: [az-e2e-params-gen, cromwell-e2e-test-job] -# if: false -# steps: -# - name: dispatch to terra-github-workflows -# uses: broadinstitute/workflow-dispatch@v3 -# with: -# workflow: .github/workflows/delete-billing-project-v2-from-bee.yaml -# repo: broadinstitute/terra-github-workflows -# ref: refs/heads/iv-az-e2e-1 -# token: ${{ env.TOKEN }} -# inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "billing-project": "${{ needs.az-e2e-params-gen.outputs.project-name }}", "billing-project-owner": "${{ inputs.owner-subject }}", "service-account": "${{ inputs.service-account }}" }' +# NOTE: Is destroying the billing project the right thing to do? Need to confirm how the pricing/infrastructure is set up + delete-billing-project-v2-from-bee-workflow: + runs-on: ubuntu-latest + needs: [az-e2e-params-gen, cromwell-e2e-test-job] + if: false + steps: + - name: dispatch to terra-github-workflows + uses: broadinstitute/workflow-dispatch@v3 + with: + workflow: .github/workflows/delete-billing-project-v2-from-bee.yaml + repo: broadinstitute/terra-github-workflows + ref: refs/heads/iv-az-e2e-1 + token: ${{ env.TOKEN }} + inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "billing-project": "${{ needs.az-e2e-params-gen.outputs.project-name }}", "billing-project-owner": "${{ inputs.owner-subject }}", "service-account": "${{ inputs.service-account }}" }' - # NOTE: disabling for now, need to confirm that test can run and get env variables first -# destroy-bee-workflow: -# runs-on: ubuntu-latest -# needs: [cromwell-e2e-test-job, delete-billing-project-v2-from-bee-workflow, init-github-context] -# if: ${{ needs.init-github-context.outputs.delete-bee }} # always run to confirm bee is destroyed unless explicitly requested not to -# permissions: -# contents: 'read' -# id-token: 'write' -# steps: -# - name: dispatch to terra-github-workflows -# uses: broadinstitute/workflow-dispatch@v3 -# with: -# workflow: bee-destroy -# repo: broadinstitute/terra-github-workflows -# ref: refs/heads/main -# token: ${{ env.TOKEN }} -# inputs: '{ "bee-name": "${{ env.BEE_NAME }}" }' + destroy-bee-workflow: + runs-on: ubuntu-latest + needs: [cromwell-e2e-test-job, delete-billing-project-v2-from-bee-workflow, init-github-context] + if: ${{ needs.init-github-context.outputs.delete-bee }} # always run to confirm bee is destroyed unless explicitly requested not to + permissions: + contents: 'read' + id-token: 'write' + steps: + - name: dispatch to terra-github-workflows + uses: broadinstitute/workflow-dispatch@v3 + with: + workflow: bee-destroy + repo: broadinstitute/terra-github-workflows + ref: refs/heads/main + token: ${{ env.TOKEN }} + inputs: '{ "bee-name": "${{ env.BEE_NAME }}" }' # diff --git a/server/src/test/scala/cromwell/azure_e2e/AzureRunWorkflowSpec.scala b/server/src/test/scala/cromwell/azure_e2e/AzureRunWorkflowSpec.scala deleted file mode 100644 index 335de9bcb90..00000000000 --- a/server/src/test/scala/cromwell/azure_e2e/AzureRunWorkflowSpec.scala +++ /dev/null @@ -1,33 +0,0 @@ -package cromwell.azure_e2e - -import akka.actor.ActorSystem -import org.scalatest.flatspec.AnyFlatSpec -import org.scalatest.BeforeAndAfterAll -import org.scalatest.matchers.should.Matchers._ -import akka.http.scaladsl.Http -import akka.http.scaladsl.model._ -import org.scalatest.matchers.should.Matchers - -import scala.concurrent.Future -import scala.util.{Failure, Success} - -class AzureRunWorkflowSpec extends AnyFlatSpec with BeforeAndAfterAll with Matchers { - -// implicit val system = ActorSystem() - - //Before building out the test, confirm that env variables defined in the GHA is being passed into this testing env - "Run workflow" should "be successfully submitted with Cromwell on Azure" in { - val owner: String = sys.env("OWNER") - owner should be ("hermione.owner@quality.firecloud.org") - -// val responseFuture: Future[HttpResponse] = Http().singleRequest( -// HttpRequest( -// -// ) -// ) -// responseFuture onComplete { -// case Success(res) => println("test") -// case Failure(_) => println("something wrong") -// } - } -} From cca2f446a0cacb8a96387e9560ed4e7098223e89 Mon Sep 17 00:00:00 2001 From: JVThomas Date: Mon, 28 Aug 2023 09:08:41 -0400 Subject: [PATCH 06/24] WX-983 added basic e2e script, updated workflow script, need to test --- .github/workflows/run_workflow.yml | 96 +++---- .gitignore | 3 + .../src/test/python/cromwell-az-e2e/README.md | 0 .../test/python/cromwell-az-e2e/poetry.lock | 245 ++++++++++++++++++ .../python/cromwell-az-e2e/pyproject.toml | 17 ++ .../python/cromwell-az-e2e/tests/az-e2e.py | 153 +++++++++++ .../tests/workflow_files/hello.inputs | 4 + .../tests/workflow_files/hello.options | 3 + .../tests/workflow_files/hello.wdl | 19 ++ .../tests/workflow_files/hello_yaml.inputs | 1 + 10 files changed, 482 insertions(+), 59 deletions(-) create mode 100644 server/src/test/python/cromwell-az-e2e/README.md create mode 100644 server/src/test/python/cromwell-az-e2e/poetry.lock create mode 100644 server/src/test/python/cromwell-az-e2e/pyproject.toml create mode 100644 server/src/test/python/cromwell-az-e2e/tests/az-e2e.py create mode 100644 server/src/test/python/cromwell-az-e2e/tests/workflow_files/hello.inputs create mode 100644 server/src/test/python/cromwell-az-e2e/tests/workflow_files/hello.options create mode 100644 server/src/test/python/cromwell-az-e2e/tests/workflow_files/hello.wdl create mode 100644 server/src/test/python/cromwell-az-e2e/tests/workflow_files/hello_yaml.inputs diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index 8e58fd7738b..b3b1d8f890e 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -4,21 +4,14 @@ #Ned to create a billing project in Azure first before being able to run the test name: 'Azure e2e - Run Workflow' -description: e2e test that performs critical path/user journey tests against Cromwell on Azure on: - # NOTE: swap out with workflow_dispatch once code is ready to be merged workflow_dispatch: inputs: - branch: + target-branch: description: 'Branch of Cromwell to run tests on' required: true default: 'develop' type: string - delete-bee: - description: 'Delete created bee after running tests' - required: true - default: true - type: boolean # Replace user data with seeded data provided by devOps (once available) user-subject: description: 'User who will be submitting workflow' @@ -45,7 +38,7 @@ on: description: 'Azure subscription ID' required: true # Update this with the static variable provided by devOps (once it's available) - default: 'f557c728-871d-408c-a28b-eb6b2141a087. #The default subscription is 8201558-dsp-azure-testing' + default: 'f557c728-871d-408c-a28b-eb6b2141a087' type: string mrg-id: # Update this with the static variable devOps provides (when available) @@ -64,14 +57,13 @@ on: env: BEE_NAME: '${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt}}-dev' - TOKEN: '${{ secrets.BROADBOT_TOKEN }}' # github token for access to kick off a job in the private repo + TOKEN: '${{ secrets.BROADBOT_GITHUB_TOKEN }}' # github token for access to kick off a job in the private repo jobs: init-github-context: runs-on: ubuntu-latest outputs: branch: ${{ steps.extract-inputs.outputs.branch }} - delete-bee: ${{ steps.extract-inputs.outputs.delete-bee }} steps: # NOTE: below was included in the rawls template but seems redundant due to defined values up on top # Remove if it ends up being unecessary @@ -79,16 +71,14 @@ jobs: id: extract-inputs run: | echo "branch=${{ inputs.branch || 'develop' }}" >> "$GITHUB_OUTPUT" - echo "delete-bee=${{ inputs.delete-bee || false }}" >> "$GITHUB_OUTPUT" -# NOTE: Commenting out for now, want to confirm that env variables are being set in test create-bee-workflow: runs-on: ubuntu-latest permissions: contents: 'read' id-token: 'write' steps: - # If we're running nightly tests then it should be fine to just reference env variant + # If we're running nightly tests then it should be fine to just reference env template - name: Dispatch to terra-github-workflows uses: broadinstitute/workflow-dispatch@v3 with: @@ -97,7 +87,8 @@ jobs: ref: refs/heads/main token: ${{ env.TOKEN }} # NOTE: Which env to use? Prod is reflective of current user environment, but dev is more likely to be up-to-date - inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "bee-template-name": "cromwell-e2e-azure-tests", "version-template": "prod" }' + # NOTE: Should try "provision-only": true and see what happens + inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "version-template": "dev" }' # This job provisions useful parameters for e2e tests, including access tokens. # Please note: access tokens are for use in the same workflow, they cannot be dispatched to remote workflows. @@ -110,8 +101,6 @@ jobs: owner-access-token: ${{ steps.owner_auth.outputs.access_token }} project-name: ${{ steps.gen.outputs.project_name }} steps: -# NOTE:Below action was part of Rawls template -# Not sure if this is the right place to put it, need to confirm - uses: 'actions/checkout@v3' - name: Generate OAuth2 2.0 access token for owner id: 'owner_auth' @@ -124,7 +113,6 @@ jobs: access_token_subject: ${{ inputs.owner-subject }} export_environment_variables: false -# NOTE: Need this as well, just commenting out until env pipeline is confirmed # UPDATE: may not need this either if DevOps provides a static billing project, landing zone, and resource group. - name: Generate a random billing project name id: 'gen' @@ -134,26 +122,24 @@ jobs: # NOTE: Ivan is currently building out a workflow to handle this # Should I wait or move forward with my own implementation? - attach-landing-zone-to-bee-workflow: - runs-on: ubuntu-latest - needs: [az-e2e-params-gen, create-bee-workflow] - permissions: - contents: 'read' - id-token: 'write' - steps: - - name: Verify token generation - run: | - echo ${{ needs.az-e2e-params-gen.outputs.owner-access-token }} - - - name: dispatch to terra-github-workflows - uses: broadinstitute/workflow-dispatch@v3 - with: - workflow: attach-landing-zone-to-bee.yaml - repo: broadinstitute/terra-github-workflows - ref: refs/heads/cromwell-az-e2e-test - token: ${{ env.TOKEN }} + attach-landing-zone-to-bee-workflow: + runs-on: ubuntu-latest + needs: [az-e2e-params-gen, create-bee-workflow] + permissions: + contents: 'read' + id-token: 'write' + steps: + - name: Verify token generation + run: | + echo ${{ needs.az-e2e-params-gen.outputs.owner-access-token }} + - name: dispatch to terra-github-workflows + uses: broadinstitute/workflow-dispatch@v3 + with: + workflow: attach-landing-zone-to-bee.yaml + repo: broadinstitute/terra-github-workflows + token: ${{ env.TOKEN }} # NOTE: Replace these values with devOps' static values - inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "billing-project": "${{ needs.az-e2e-params-gen.outputs.project-name }}", "tenant-id": "${{ inputs.tenant-id }}", "subscription-id": "${{ inputs.subscription-id }}", "mrg-id": "${{ inputs.mrg-id }}", "landing-zone-id": "${{ inputs.landing-zone-id }}", "billing-project-creator": "${{ inputs.owner-subject }}", "service-account": "${{ inputs.service-account }}" }' + inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "billing-project": "${{ needs.az-e2e-params-gen.outputs.project-name }}", "tenant-id": "${{ inputs.tenant-id }}", "subscription-id": "${{ inputs.subscription-id }}", "mrg-id": "${{ inputs.mrg-id }}", "landing-zone-id": "${{ inputs.landing-zone-id }}", "billing-project-creator": "${{ inputs.owner-subject }}", "service-account": "${{ inputs.service-account }}" }' run-cromwell-az-e2e: runs-on: ubuntu-latest @@ -166,26 +152,24 @@ jobs: with: # ref: ${{ inputs.target-branch }} #NOTE: replace below with inputs value as part of final cleanup - ref: refs/heads/WX-983 + ref: refs/heads/WX-983 - uses: ./.github/set_up_cromwell_action #This github action will set up git-secrets, caching, java, and sbt. with: - cromwell_repo_token: ${{ secrets.BROADBOT_GITHUB_TOKEN }} - # NOTE: below was template for rawls, may not need it for Cromwell -# - name: Configure the users for the test -# run: | -# echo "USER_SUBJECTS='{\"owner\": \"hermione.owner@quality.firecloud.org\", \"users\": [\"harry.potter@quality.firecloud.org\"]}'" >> $GITHUB_ENV + cromwell_repo_token: ${{ env.TOKEN }} + - name: Install poetry + uses: snok/install-poetry@v1 - name: Run e2e test env: OWNER: ${{inputs.owner-subject}} -# Swap below with new python testing script -# run: | -# sbt "testOnly *AzureRunWorkflowSpec" + BEE_NAME: ${{env.BEE_NAME}} + BILLING_PROJECT_NAME: ${{needs.az-e2e-params-gen.outputs.project-name}} + run: | + poetry run python ../../server/src/test/python/cromwell-az-e2e/tests/az-e2e.py -# NOTE: Is destroying the billing project the right thing to do? Need to confirm how the pricing/infrastructure is set up delete-billing-project-v2-from-bee-workflow: runs-on: ubuntu-latest - needs: [az-e2e-params-gen, cromwell-e2e-test-job] - if: false + needs: [az-e2e-params-gen, run-cromwell-az-e2e] + if: always() steps: - name: dispatch to terra-github-workflows uses: broadinstitute/workflow-dispatch@v3 @@ -194,12 +178,12 @@ jobs: repo: broadinstitute/terra-github-workflows ref: refs/heads/iv-az-e2e-1 token: ${{ env.TOKEN }} - inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "billing-project": "${{ needs.az-e2e-params-gen.outputs.project-name }}", "billing-project-owner": "${{ inputs.owner-subject }}", "service-account": "${{ inputs.service-account }}" }' + inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "billing-project": "${{ needs.az-e2e-params-gen.outputs.project-name }}", "billing-project-owner": "${{ inputs.user-subject }}", "service-account": "${{ inputs.service-account }}" }' destroy-bee-workflow: runs-on: ubuntu-latest - needs: [cromwell-e2e-test-job, delete-billing-project-v2-from-bee-workflow, init-github-context] - if: ${{ needs.init-github-context.outputs.delete-bee }} # always run to confirm bee is destroyed unless explicitly requested not to + needs: [run-cromwell-az-e2e, delete-billing-project-v2-from-bee-workflow, init-github-context] + if: always() permissions: contents: 'read' id-token: 'write' @@ -211,10 +195,4 @@ jobs: repo: broadinstitute/terra-github-workflows ref: refs/heads/main token: ${{ env.TOKEN }} - inputs: '{ "bee-name": "${{ env.BEE_NAME }}" }' -# - - - - - + inputs: '{ "bee-name": "${{ env.BEE_NAME }}" }' \ No newline at end of file diff --git a/.gitignore b/.gitignore index a5b72f6b263..f2f43441e4d 100644 --- a/.gitignore +++ b/.gitignore @@ -23,6 +23,9 @@ console_output.txt expected.json run_mode_metadata.json +#bloop files +/.bloop + # custom config cromwell-executions cromwell-test-executions diff --git a/server/src/test/python/cromwell-az-e2e/README.md b/server/src/test/python/cromwell-az-e2e/README.md new file mode 100644 index 00000000000..e69de29bb2d diff --git a/server/src/test/python/cromwell-az-e2e/poetry.lock b/server/src/test/python/cromwell-az-e2e/poetry.lock new file mode 100644 index 00000000000..c10503cb1c6 --- /dev/null +++ b/server/src/test/python/cromwell-az-e2e/poetry.lock @@ -0,0 +1,245 @@ +# This file is automatically @generated by Poetry 1.6.1 and should not be changed by hand. + +[[package]] +name = "certifi" +version = "2023.7.22" +description = "Python package for providing Mozilla's CA Bundle." +optional = false +python-versions = ">=3.6" +files = [ + {file = "certifi-2023.7.22-py3-none-any.whl", hash = "sha256:92d6037539857d8206b8f6ae472e8b77db8058fec5937a1ef3f54304089edbb9"}, + {file = "certifi-2023.7.22.tar.gz", hash = "sha256:539cc1d13202e33ca466e88b2807e29f4c13049d6d87031a3c110744495cb082"}, +] + +[[package]] +name = "charset-normalizer" +version = "3.2.0" +description = "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet." +optional = false +python-versions = ">=3.7.0" +files = [ + {file = "charset-normalizer-3.2.0.tar.gz", hash = "sha256:3bb3d25a8e6c0aedd251753a79ae98a093c7e7b471faa3aa9a93a81431987ace"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:0b87549028f680ca955556e3bd57013ab47474c3124dc069faa0b6545b6c9710"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:7c70087bfee18a42b4040bb9ec1ca15a08242cf5867c58726530bdf3945672ed"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:a103b3a7069b62f5d4890ae1b8f0597618f628b286b03d4bc9195230b154bfa9"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:94aea8eff76ee6d1cdacb07dd2123a68283cb5569e0250feab1240058f53b623"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:db901e2ac34c931d73054d9797383d0f8009991e723dab15109740a63e7f902a"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:b0dac0ff919ba34d4df1b6131f59ce95b08b9065233446be7e459f95554c0dc8"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:193cbc708ea3aca45e7221ae58f0fd63f933753a9bfb498a3b474878f12caaad"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:09393e1b2a9461950b1c9a45d5fd251dc7c6f228acab64da1c9c0165d9c7765c"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:baacc6aee0b2ef6f3d308e197b5d7a81c0e70b06beae1f1fcacffdbd124fe0e3"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:bf420121d4c8dce6b889f0e8e4ec0ca34b7f40186203f06a946fa0276ba54029"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-musllinux_1_1_ppc64le.whl", hash = "sha256:c04a46716adde8d927adb9457bbe39cf473e1e2c2f5d0a16ceb837e5d841ad4f"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-musllinux_1_1_s390x.whl", hash = "sha256:aaf63899c94de41fe3cf934601b0f7ccb6b428c6e4eeb80da72c58eab077b19a"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:d62e51710986674142526ab9f78663ca2b0726066ae26b78b22e0f5e571238dd"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-win32.whl", hash = "sha256:04e57ab9fbf9607b77f7d057974694b4f6b142da9ed4a199859d9d4d5c63fe96"}, + {file = "charset_normalizer-3.2.0-cp310-cp310-win_amd64.whl", hash = "sha256:48021783bdf96e3d6de03a6e39a1171ed5bd7e8bb93fc84cc649d11490f87cea"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:4957669ef390f0e6719db3613ab3a7631e68424604a7b448f079bee145da6e09"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:46fb8c61d794b78ec7134a715a3e564aafc8f6b5e338417cb19fe9f57a5a9bf2"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:f779d3ad205f108d14e99bb3859aa7dd8e9c68874617c72354d7ecaec2a054ac"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f25c229a6ba38a35ae6e25ca1264621cc25d4d38dca2942a7fce0b67a4efe918"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:2efb1bd13885392adfda4614c33d3b68dee4921fd0ac1d3988f8cbb7d589e72a"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:1f30b48dd7fa1474554b0b0f3fdfdd4c13b5c737a3c6284d3cdc424ec0ffff3a"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:246de67b99b6851627d945db38147d1b209a899311b1305dd84916f2b88526c6"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:9bd9b3b31adcb054116447ea22caa61a285d92e94d710aa5ec97992ff5eb7cf3"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:8c2f5e83493748286002f9369f3e6607c565a6a90425a3a1fef5ae32a36d749d"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:3170c9399da12c9dc66366e9d14da8bf7147e1e9d9ea566067bbce7bb74bd9c2"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-musllinux_1_1_ppc64le.whl", hash = "sha256:7a4826ad2bd6b07ca615c74ab91f32f6c96d08f6fcc3902ceeedaec8cdc3bcd6"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-musllinux_1_1_s390x.whl", hash = "sha256:3b1613dd5aee995ec6d4c69f00378bbd07614702a315a2cf6c1d21461fe17c23"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:9e608aafdb55eb9f255034709e20d5a83b6d60c054df0802fa9c9883d0a937aa"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-win32.whl", hash = "sha256:f2a1d0fd4242bd8643ce6f98927cf9c04540af6efa92323e9d3124f57727bfc1"}, + {file = "charset_normalizer-3.2.0-cp311-cp311-win_amd64.whl", hash = "sha256:681eb3d7e02e3c3655d1b16059fbfb605ac464c834a0c629048a30fad2b27489"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:c57921cda3a80d0f2b8aec7e25c8aa14479ea92b5b51b6876d975d925a2ea346"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:41b25eaa7d15909cf3ac4c96088c1f266a9a93ec44f87f1d13d4a0e86c81b982"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:f058f6963fd82eb143c692cecdc89e075fa0828db2e5b291070485390b2f1c9c"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:a7647ebdfb9682b7bb97e2a5e7cb6ae735b1c25008a70b906aecca294ee96cf4"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:eef9df1eefada2c09a5e7a40991b9fc6ac6ef20b1372abd48d2794a316dc0449"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e03b8895a6990c9ab2cdcd0f2fe44088ca1c65ae592b8f795c3294af00a461c3"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:ee4006268ed33370957f55bf2e6f4d263eaf4dc3cfc473d1d90baff6ed36ce4a"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:c4983bf937209c57240cff65906b18bb35e64ae872da6a0db937d7b4af845dd7"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-musllinux_1_1_ppc64le.whl", hash = "sha256:3bb7fda7260735efe66d5107fb7e6af6a7c04c7fce9b2514e04b7a74b06bf5dd"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-musllinux_1_1_s390x.whl", hash = "sha256:72814c01533f51d68702802d74f77ea026b5ec52793c791e2da806a3844a46c3"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:70c610f6cbe4b9fce272c407dd9d07e33e6bf7b4aa1b7ffb6f6ded8e634e3592"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-win32.whl", hash = "sha256:a401b4598e5d3f4a9a811f3daf42ee2291790c7f9d74b18d75d6e21dda98a1a1"}, + {file = "charset_normalizer-3.2.0-cp37-cp37m-win_amd64.whl", hash = "sha256:c0b21078a4b56965e2b12f247467b234734491897e99c1d51cee628da9786959"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:95eb302ff792e12aba9a8b8f8474ab229a83c103d74a750ec0bd1c1eea32e669"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:1a100c6d595a7f316f1b6f01d20815d916e75ff98c27a01ae817439ea7726329"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:6339d047dab2780cc6220f46306628e04d9750f02f983ddb37439ca47ced7149"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e4b749b9cc6ee664a3300bb3a273c1ca8068c46be705b6c31cf5d276f8628a94"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:a38856a971c602f98472050165cea2cdc97709240373041b69030be15047691f"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:f87f746ee241d30d6ed93969de31e5ffd09a2961a051e60ae6bddde9ec3583aa"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:89f1b185a01fe560bc8ae5f619e924407efca2191b56ce749ec84982fc59a32a"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e1c8a2f4c69e08e89632defbfabec2feb8a8d99edc9f89ce33c4b9e36ab63037"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:2f4ac36d8e2b4cc1aa71df3dd84ff8efbe3bfb97ac41242fbcfc053c67434f46"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:a386ebe437176aab38c041de1260cd3ea459c6ce5263594399880bbc398225b2"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-musllinux_1_1_ppc64le.whl", hash = "sha256:ccd16eb18a849fd8dcb23e23380e2f0a354e8daa0c984b8a732d9cfaba3a776d"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-musllinux_1_1_s390x.whl", hash = "sha256:e6a5bf2cba5ae1bb80b154ed68a3cfa2fa00fde979a7f50d6598d3e17d9ac20c"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:45de3f87179c1823e6d9e32156fb14c1927fcc9aba21433f088fdfb555b77c10"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-win32.whl", hash = "sha256:1000fba1057b92a65daec275aec30586c3de2401ccdcd41f8a5c1e2c87078706"}, + {file = "charset_normalizer-3.2.0-cp38-cp38-win_amd64.whl", hash = "sha256:8b2c760cfc7042b27ebdb4a43a4453bd829a5742503599144d54a032c5dc7e9e"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:855eafa5d5a2034b4621c74925d89c5efef61418570e5ef9b37717d9c796419c"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:203f0c8871d5a7987be20c72442488a0b8cfd0f43b7973771640fc593f56321f"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:e857a2232ba53ae940d3456f7533ce6ca98b81917d47adc3c7fd55dad8fab858"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5e86d77b090dbddbe78867a0275cb4df08ea195e660f1f7f13435a4649e954e5"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:c4fb39a81950ec280984b3a44f5bd12819953dc5fa3a7e6fa7a80db5ee853952"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:2dee8e57f052ef5353cf608e0b4c871aee320dd1b87d351c28764fc0ca55f9f4"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8700f06d0ce6f128de3ccdbc1acaea1ee264d2caa9ca05daaf492fde7c2a7200"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1920d4ff15ce893210c1f0c0e9d19bfbecb7983c76b33f046c13a8ffbd570252"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:c1c76a1743432b4b60ab3358c937a3fe1341c828ae6194108a94c69028247f22"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:f7560358a6811e52e9c4d142d497f1a6e10103d3a6881f18d04dbce3729c0e2c"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-musllinux_1_1_ppc64le.whl", hash = "sha256:c8063cf17b19661471ecbdb3df1c84f24ad2e389e326ccaf89e3fb2484d8dd7e"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-musllinux_1_1_s390x.whl", hash = "sha256:cd6dbe0238f7743d0efe563ab46294f54f9bc8f4b9bcf57c3c666cc5bc9d1299"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:1249cbbf3d3b04902ff081ffbb33ce3377fa6e4c7356f759f3cd076cc138d020"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-win32.whl", hash = "sha256:6c409c0deba34f147f77efaa67b8e4bb83d2f11c8806405f76397ae5b8c0d1c9"}, + {file = "charset_normalizer-3.2.0-cp39-cp39-win_amd64.whl", hash = "sha256:7095f6fbfaa55defb6b733cfeb14efaae7a29f0b59d8cf213be4e7ca0b857b80"}, + {file = "charset_normalizer-3.2.0-py3-none-any.whl", hash = "sha256:8e098148dd37b4ce3baca71fb394c81dc5d9c7728c95df695d2dca218edf40e6"}, +] + +[[package]] +name = "colorama" +version = "0.4.6" +description = "Cross-platform colored terminal text." +optional = false +python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,>=2.7" +files = [ + {file = "colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6"}, + {file = "colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44"}, +] + +[[package]] +name = "exceptiongroup" +version = "1.1.3" +description = "Backport of PEP 654 (exception groups)" +optional = false +python-versions = ">=3.7" +files = [ + {file = "exceptiongroup-1.1.3-py3-none-any.whl", hash = "sha256:343280667a4585d195ca1cf9cef84a4e178c4b6cf2274caef9859782b567d5e3"}, + {file = "exceptiongroup-1.1.3.tar.gz", hash = "sha256:097acd85d473d75af5bb98e41b61ff7fe35efe6675e4f9370ec6ec5126d160e9"}, +] + +[package.extras] +test = ["pytest (>=6)"] + +[[package]] +name = "idna" +version = "3.4" +description = "Internationalized Domain Names in Applications (IDNA)" +optional = false +python-versions = ">=3.5" +files = [ + {file = "idna-3.4-py3-none-any.whl", hash = "sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2"}, + {file = "idna-3.4.tar.gz", hash = "sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4"}, +] + +[[package]] +name = "iniconfig" +version = "2.0.0" +description = "brain-dead simple config-ini parsing" +optional = false +python-versions = ">=3.7" +files = [ + {file = "iniconfig-2.0.0-py3-none-any.whl", hash = "sha256:b6a85871a79d2e3b22d2d1b94ac2824226a63c6b741c88f7ae975f18b6778374"}, + {file = "iniconfig-2.0.0.tar.gz", hash = "sha256:2d91e135bf72d31a410b17c16da610a82cb55f6b0477d1a902134b24a455b8b3"}, +] + +[[package]] +name = "packaging" +version = "23.1" +description = "Core utilities for Python packages" +optional = false +python-versions = ">=3.7" +files = [ + {file = "packaging-23.1-py3-none-any.whl", hash = "sha256:994793af429502c4ea2ebf6bf664629d07c1a9fe974af92966e4b8d2df7edc61"}, + {file = "packaging-23.1.tar.gz", hash = "sha256:a392980d2b6cffa644431898be54b0045151319d1e7ec34f0cfed48767dd334f"}, +] + +[[package]] +name = "pluggy" +version = "1.2.0" +description = "plugin and hook calling mechanisms for python" +optional = false +python-versions = ">=3.7" +files = [ + {file = "pluggy-1.2.0-py3-none-any.whl", hash = "sha256:c2fd55a7d7a3863cba1a013e4e2414658b1d07b6bc57b3919e0c63c9abb99849"}, + {file = "pluggy-1.2.0.tar.gz", hash = "sha256:d12f0c4b579b15f5e054301bb226ee85eeeba08ffec228092f8defbaa3a4c4b3"}, +] + +[package.extras] +dev = ["pre-commit", "tox"] +testing = ["pytest", "pytest-benchmark"] + +[[package]] +name = "pytest" +version = "7.4.0" +description = "pytest: simple powerful testing with Python" +optional = false +python-versions = ">=3.7" +files = [ + {file = "pytest-7.4.0-py3-none-any.whl", hash = "sha256:78bf16451a2eb8c7a2ea98e32dc119fd2aa758f1d5d66dbf0a59d69a3969df32"}, + {file = "pytest-7.4.0.tar.gz", hash = "sha256:b4bf8c45bd59934ed84001ad51e11b4ee40d40a1229d2c79f9c592b0a3f6bd8a"}, +] + +[package.dependencies] +colorama = {version = "*", markers = "sys_platform == \"win32\""} +exceptiongroup = {version = ">=1.0.0rc8", markers = "python_version < \"3.11\""} +iniconfig = "*" +packaging = "*" +pluggy = ">=0.12,<2.0" +tomli = {version = ">=1.0.0", markers = "python_version < \"3.11\""} + +[package.extras] +testing = ["argcomplete", "attrs (>=19.2.0)", "hypothesis (>=3.56)", "mock", "nose", "pygments (>=2.7.2)", "requests", "setuptools", "xmlschema"] + +[[package]] +name = "requests" +version = "2.31.0" +description = "Python HTTP for Humans." +optional = false +python-versions = ">=3.7" +files = [ + {file = "requests-2.31.0-py3-none-any.whl", hash = "sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f"}, + {file = "requests-2.31.0.tar.gz", hash = "sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1"}, +] + +[package.dependencies] +certifi = ">=2017.4.17" +charset-normalizer = ">=2,<4" +idna = ">=2.5,<4" +urllib3 = ">=1.21.1,<3" + +[package.extras] +socks = ["PySocks (>=1.5.6,!=1.5.7)"] +use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"] + +[[package]] +name = "tomli" +version = "2.0.1" +description = "A lil' TOML parser" +optional = false +python-versions = ">=3.7" +files = [ + {file = "tomli-2.0.1-py3-none-any.whl", hash = "sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc"}, + {file = "tomli-2.0.1.tar.gz", hash = "sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f"}, +] + +[[package]] +name = "urllib3" +version = "2.0.4" +description = "HTTP library with thread-safe connection pooling, file post, and more." +optional = false +python-versions = ">=3.7" +files = [ + {file = "urllib3-2.0.4-py3-none-any.whl", hash = "sha256:de7df1803967d2c2a98e4b11bb7d6bd9210474c46e8a0401514e3a42a75ebde4"}, + {file = "urllib3-2.0.4.tar.gz", hash = "sha256:8d22f86aae8ef5e410d4f539fde9ce6b2113a001bb4d189e0aed70642d602b11"}, +] + +[package.extras] +brotli = ["brotli (>=1.0.9)", "brotlicffi (>=0.8.0)"] +secure = ["certifi", "cryptography (>=1.9)", "idna (>=2.0.0)", "pyopenssl (>=17.1.0)", "urllib3-secure-extra"] +socks = ["pysocks (>=1.5.6,!=1.5.7,<2.0)"] +zstd = ["zstandard (>=0.18.0)"] + +[metadata] +lock-version = "2.0" +python-versions = "^3.10" +content-hash = "06b3ef1674f1968da42c4bb56fcdf8a16816beaf5878c93a8d135aa5f961c39f" diff --git a/server/src/test/python/cromwell-az-e2e/pyproject.toml b/server/src/test/python/cromwell-az-e2e/pyproject.toml new file mode 100644 index 00000000000..017a583268e --- /dev/null +++ b/server/src/test/python/cromwell-az-e2e/pyproject.toml @@ -0,0 +1,17 @@ +[tool.poetry] +name = "cromwell-az-e2e" +version = "0.1.0" +description = "" +authors = ["JVThomas "] +readme = "README.md" + +[tool.poetry.dependencies] +python = "^3.10" +requests = "^2.31.0" + +[tool.ruff] +line-length = 120 + +[build-system] +requires = ["poetry-core"] +build-backend = "poetry.core.masonry.api" diff --git a/server/src/test/python/cromwell-az-e2e/tests/az-e2e.py b/server/src/test/python/cromwell-az-e2e/tests/az-e2e.py new file mode 100644 index 00000000000..90b5d2bdae8 --- /dev/null +++ b/server/src/test/python/cromwell-az-e2e/tests/az-e2e.py @@ -0,0 +1,153 @@ +import requests +import os +import json +import random +import string +import uuid +import time + +azure_token = os.environ['AZURE_TOKEN'] +bee_name = os.environ['BEE_NAME'] +billing_project_name = os.environ['BILLING_PROJECT_NAME'] +number_of_workspaces = 1 +wds_upload=False +cbas_submit_workflow=False +number_of_workflows_to_kick_off = 1 + +rawls_url = f"https://rawls.{bee_name}.bee.envs-terra.bio" +leo_url = f"https://leonardo.{bee_name}.bee.envs-terra.bio" + +def handle_failed_request(response, msg, status_code=200): + if(response.status_code != status_code): + raise Exception(msg) + +def create_workspace(): + rawls_api_call = f"{rawls_url}/api/workspaces" + request_body= { + "namespace": billing_project_name, # Billing project name + "name": f"api-workspace-{''.join(random.choices(string.ascii_lowercase, k=5))}", # workspace name + "attributes": {}} + + create_workspace_response = requests.post(url=rawls_api_call, + json=request_body, + headers={"Authorization": f"Bearer {azure_token}"} + ).json() + + create_workspace_data = json.loads(json.dumps(create_workspace_response)) + workspaceId = create_workspace_data['workspaceId'] + + print(f"Enabling CBAS for workspace {workspaceId}") + activate_cbas_request = f"{leo_url}/api/apps/v2/{workspaceId}/terra-app-{str(uuid.uuid4())}" + cbas_request_body = { + "appType": "CROMWELL" + } + + response = requests.post(url=activate_cbas_request, json=cbas_request_body, + headers={"Authorization": f"Bearer {azure_token}"}) + # will return 202 or error + handle_failed_request(response, "Error activating CBAS", 202) + + print(response) + return workspaceId + +# GET WDS OR CROMWELL ENDPOINT URL FROM LEO +def get_app_url(workspaceId, app): + """"Get url for wds/cbas.""" + uri = f"{leo_url}/api/apps/v2/{workspaceId}?includeDeleted=false" + + headers = {"Authorization": azure_token, + "accept": "application/json"} + + response = requests.get(uri, headers=headers) + status_code = response.status_code + + if status_code != 200: + return response.text + print("Successfully retrieved details.") + response = json.loads(response.text) + + app_url = "" + app_type = "CROMWELL" if app != 'wds' else app.upper() + print(f"App type: {app_type}") + for entries in response: + if entries['appType'] == app_type and entries['proxyUrls'][app] is not None: + print(entries['status']) + if(entries['status'] == "PROVISIONING"): + print(f"{app} is still provisioning") + break + print(f"App status: {entries['status']}") + app_url = entries['proxyUrls'][app] + break + + if app_url is None: + print(f"{app} is missing in current workspace") + else: + print(f"{app} url: {app_url}") + + return app_url + +def submit_workflow_to_cromwell(app_url, workflow_test_name): + workflow_endpoint = f'{app_url}/cromwell/api/workflows/v1' + file_source = '../workflow_files' + headers = {"Authorization": azure_token, + "accept": "application/json", + "Content-Type": "multipart/form-data"} + files = {'workflowSource': open(f'{file_source}/hello.wdl', 'rb'), + 'workflowInputs': ('hello.inputs', + open(f'{file_source}/hello.inputs', 'rb'), + 'application/json'), + 'workflowType': 'WDL', + 'workflowTypeVersion': '1.0', + } + response = requests.post(workflow_endpoint, headers=headers, files=files) + handle_failed_request(response, f"Error submitting workflow to Cromwell for {workflow_test_name}") + print(response.text) + return json.loads(response.text) + +def get_workflow_information(app_url, workflow_id): + workflow_endpoint = f'{app_url}/cromwell/api/workflows/v1/{workflow_id}/metadata' + headers = {"Authorization": azure_token, + "accept": "application/json"} + response = requests.get(workflow_endpoint, headers=headers) + handle_failed_request(response, f"Error fetching workflow metadata for {workflow_id}") + return json.loads(response.text) + +def get_completed_workflow(app_url, workflow_ids, max_retries=4): + target_statuses = ['Succeeded', 'Failed'] + current_running_workflow_count = 0 + while workflow_ids: + if max_retries == 0: + raise Exception(f"Workflow(s) did not finish running within retry window ({max_retries} retries)") + workflow_id = workflow_ids.pop() + workflow_metadata = get_workflow_information(app_url, workflow_id) + if workflow_metadata['status'] in target_statuses: + print(f"{workflow_id} finished running. Status: {workflow_metadata['status']}") + else: + workflow_ids.append(workflow_id) + current_running_workflow_count += 1 + if current_running_workflow_count == workflow_ids.len(): + if current_running_workflow_count == 0: + print("Workflow(s) finished running") + else: + # Reset current count to 0 for next retry + # Decrement max_retries by 1 + # Wait 5 minutes before checking workflow statuses again + print(f"There are still workflows in progress: [{workflow_ids.join(', ')}]") + max_retries -= 1 + current_running_workflow_count = 0 + time.sleep(60 * 5) + +# This chunk of code only executes one workflow +# Would like to modify this down the road to execute and store references for multiple workflows +workspace_id = create_workspace() +app_url = get_app_url(workspace_id, 'cromwell') +workflow_response = submit_workflow_to_cromwell(app_url, "Run Workflow Test") +#Giving workflow 10 minutes to complete +#Will need to update this when swapping out hello wdl with fetch_sra_to_bam (30 min?) +time.sleep(60 * 10) + +# This chunk of code supports checking one or more workflows +# Probably won't require too much modification if we want to run additional submission tests +workflow_ids = [workflow_response['id']] +get_completed_workflow(app_url, workflow_ids) +print("Workflow submission and completion successful") \ No newline at end of file diff --git a/server/src/test/python/cromwell-az-e2e/tests/workflow_files/hello.inputs b/server/src/test/python/cromwell-az-e2e/tests/workflow_files/hello.inputs new file mode 100644 index 00000000000..10310ef283b --- /dev/null +++ b/server/src/test/python/cromwell-az-e2e/tests/workflow_files/hello.inputs @@ -0,0 +1,4 @@ +{ + "wf_hello.hello.addressee": "m'Lord" +} + diff --git a/server/src/test/python/cromwell-az-e2e/tests/workflow_files/hello.options b/server/src/test/python/cromwell-az-e2e/tests/workflow_files/hello.options new file mode 100644 index 00000000000..68c25807cfb --- /dev/null +++ b/server/src/test/python/cromwell-az-e2e/tests/workflow_files/hello.options @@ -0,0 +1,3 @@ +{ + "google_legacy_machine_selection": true +} diff --git a/server/src/test/python/cromwell-az-e2e/tests/workflow_files/hello.wdl b/server/src/test/python/cromwell-az-e2e/tests/workflow_files/hello.wdl new file mode 100644 index 00000000000..8da447e4eb0 --- /dev/null +++ b/server/src/test/python/cromwell-az-e2e/tests/workflow_files/hello.wdl @@ -0,0 +1,19 @@ +task hello { + String addressee + command { + echo "Hello ${addressee}!" + } + output { + String salutation = read_string(stdout()) + } + runtime { + docker: "ubuntu@sha256:71cd81252a3563a03ad8daee81047b62ab5d892ebbfbf71cf53415f29c130950" + } +} + +workflow wf_hello { + call hello + output { + hello.salutation + } +} diff --git a/server/src/test/python/cromwell-az-e2e/tests/workflow_files/hello_yaml.inputs b/server/src/test/python/cromwell-az-e2e/tests/workflow_files/hello_yaml.inputs new file mode 100644 index 00000000000..4b88ebc3222 --- /dev/null +++ b/server/src/test/python/cromwell-az-e2e/tests/workflow_files/hello_yaml.inputs @@ -0,0 +1 @@ +"wf_hello.hello.addressee": m'Lord From 3cfd3ade71e01aebe14647847e5330a32c48ecb3 Mon Sep 17 00:00:00 2001 From: JVThomas Date: Mon, 28 Aug 2023 09:25:18 -0400 Subject: [PATCH 07/24] WX-983 adjusted print statement --- server/src/test/python/cromwell-az-e2e/tests/az-e2e.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/test/python/cromwell-az-e2e/tests/az-e2e.py b/server/src/test/python/cromwell-az-e2e/tests/az-e2e.py index 90b5d2bdae8..71e0804f556 100644 --- a/server/src/test/python/cromwell-az-e2e/tests/az-e2e.py +++ b/server/src/test/python/cromwell-az-e2e/tests/az-e2e.py @@ -132,7 +132,7 @@ def get_completed_workflow(app_url, workflow_ids, max_retries=4): # Reset current count to 0 for next retry # Decrement max_retries by 1 # Wait 5 minutes before checking workflow statuses again - print(f"There are still workflows in progress: [{workflow_ids.join(', ')}]") + print(f"These workflows have yet to return a completed status: [{workflow_ids.join(', ')}]") max_retries -= 1 current_running_workflow_count = 0 time.sleep(60 * 5) From 98031a3b49d92d6d32b7106616f7eff1e5920219 Mon Sep 17 00:00:00 2001 From: JVThomas Date: Mon, 28 Aug 2023 13:53:34 -0400 Subject: [PATCH 08/24] WX-983 added branches attribute to workflow file --- .github/workflows/run_workflow.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index b3b1d8f890e..ac3326f0ba9 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -6,6 +6,8 @@ name: 'Azure e2e - Run Workflow' on: workflow_dispatch: + branches: + - WX-983 inputs: target-branch: description: 'Branch of Cromwell to run tests on' From ce6a0e98c84460cdc05362cebfdf3bfc75b79ae8 Mon Sep 17 00:00:00 2001 From: JVThomas Date: Mon, 28 Aug 2023 13:59:27 -0400 Subject: [PATCH 09/24] WX-983 removed old comments, added push attribute --- .github/workflows/run_workflow.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index ac3326f0ba9..977b2e5868a 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -1,10 +1,6 @@ -# Workflow action that will run Cromwell e2e test against a Azure based BEE -# For now it'll only test that a simple workflow is run - -#Ned to create a billing project in Azure first before being able to run the test - name: 'Azure e2e - Run Workflow' on: + push: workflow_dispatch: branches: - WX-983 From 98b9786f2d45dbeafa7d0b85fe615bfb6343f6ec Mon Sep 17 00:00:00 2001 From: JVThomas Date: Mon, 28 Aug 2023 14:07:35 -0400 Subject: [PATCH 10/24] WX-983 added needs attribute to create-bee step, input reference update --- .github/workflows/run_workflow.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index 977b2e5868a..0fff7fd17bc 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -11,7 +11,7 @@ on: default: 'develop' type: string # Replace user data with seeded data provided by devOps (once available) - user-subject: + owner-subject: description: 'User who will be submitting workflow' required: true default: 'hermione.owner@quality.firecloud.org' @@ -72,6 +72,7 @@ jobs: create-bee-workflow: runs-on: ubuntu-latest + needs: [init-github-context, az-e2e-params-gen] permissions: contents: 'read' id-token: 'write' @@ -176,7 +177,7 @@ jobs: repo: broadinstitute/terra-github-workflows ref: refs/heads/iv-az-e2e-1 token: ${{ env.TOKEN }} - inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "billing-project": "${{ needs.az-e2e-params-gen.outputs.project-name }}", "billing-project-owner": "${{ inputs.user-subject }}", "service-account": "${{ inputs.service-account }}" }' + inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "billing-project": "${{ needs.az-e2e-params-gen.outputs.project-name }}", "billing-project-owner": "${{ inputs.owner-subject }}", "service-account": "${{ inputs.service-account }}" }' destroy-bee-workflow: runs-on: ubuntu-latest From 49ced655fa976dc53b2336eb77fb9aa733985508 Mon Sep 17 00:00:00 2001 From: JVThomas Date: Tue, 29 Aug 2023 07:14:00 -0400 Subject: [PATCH 11/24] WX-983 removed push attribute, changed needs and if conditions on some steps --- .github/workflows/run_workflow.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index 0fff7fd17bc..64ff052f580 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -1,6 +1,5 @@ name: 'Azure e2e - Run Workflow' on: - push: workflow_dispatch: branches: - WX-983 @@ -142,7 +141,7 @@ jobs: run-cromwell-az-e2e: runs-on: ubuntu-latest - needs: [az-e2e-params-gen, init-github-context] + needs: [az-e2e-params-gen, attach-landing-zone-to-bee-workflow] permissions: contents: 'read' id-token: 'write' @@ -167,8 +166,8 @@ jobs: delete-billing-project-v2-from-bee-workflow: runs-on: ubuntu-latest - needs: [az-e2e-params-gen, run-cromwell-az-e2e] - if: always() + needs: [run-cromwell-az-e2e, attach-landing-zone-to-bee-workflow] + if: (needs.run-cromwell-az-e2e.result == 'success' || needs.run-cromwell-az-e2e.result == 'failure' || needs.run-cromwell-az-e2e.result == 'cancelled' || needs.run-cromwell-az-e2e.result == 'skipped) && needs.attach-landing-zone-to-bee-workflow.result == 'success' steps: - name: dispatch to terra-github-workflows uses: broadinstitute/workflow-dispatch@v3 @@ -177,12 +176,12 @@ jobs: repo: broadinstitute/terra-github-workflows ref: refs/heads/iv-az-e2e-1 token: ${{ env.TOKEN }} - inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "billing-project": "${{ needs.az-e2e-params-gen.outputs.project-name }}", "billing-project-owner": "${{ inputs.owner-subject }}", "service-account": "${{ inputs.service-account }}" }' + inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "billing-project": "${{ steps.az-e2e-params-gen.outputs.project-name }}", "billing-project-owner": "${{ inputs.owner-subject }}", "service-account": "${{ inputs.service-account }}" }' destroy-bee-workflow: runs-on: ubuntu-latest - needs: [run-cromwell-az-e2e, delete-billing-project-v2-from-bee-workflow, init-github-context] - if: always() + needs: [create-bee-workflow, delete-billing-project-v2-from-bee-workflow] + if: needs.create-bee-workflow.result == 'success' permissions: contents: 'read' id-token: 'write' From 82f690410c5a4136aaa3228b8462ca4d77107f91 Mon Sep 17 00:00:00 2001 From: JVThomas Date: Tue, 29 Aug 2023 07:37:54 -0400 Subject: [PATCH 12/24] WX-983 syntax corrections, removed invalid branches attribute --- .github/workflows/run_workflow.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index 64ff052f580..417e74279ed 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -1,8 +1,6 @@ name: 'Azure e2e - Run Workflow' on: workflow_dispatch: - branches: - - WX-983 inputs: target-branch: description: 'Branch of Cromwell to run tests on' @@ -167,7 +165,7 @@ jobs: delete-billing-project-v2-from-bee-workflow: runs-on: ubuntu-latest needs: [run-cromwell-az-e2e, attach-landing-zone-to-bee-workflow] - if: (needs.run-cromwell-az-e2e.result == 'success' || needs.run-cromwell-az-e2e.result == 'failure' || needs.run-cromwell-az-e2e.result == 'cancelled' || needs.run-cromwell-az-e2e.result == 'skipped) && needs.attach-landing-zone-to-bee-workflow.result == 'success' + if: ${{(needs.run-cromwell-az-e2e.result == 'success' || needs.run-cromwell-az-e2e.result == 'failure' || needs.run-cromwell-az-e2e.result == 'cancelled' || needs.run-cromwell-az-e2e.result == 'skipped') && needs.attach-landing-zone-to-bee-workflow.result == 'success'}} steps: - name: dispatch to terra-github-workflows uses: broadinstitute/workflow-dispatch@v3 @@ -181,7 +179,7 @@ jobs: destroy-bee-workflow: runs-on: ubuntu-latest needs: [create-bee-workflow, delete-billing-project-v2-from-bee-workflow] - if: needs.create-bee-workflow.result == 'success' + if: ${{needs.create-bee-workflow.result == 'success'}} permissions: contents: 'read' id-token: 'write' From 06596c1aee02a06b779cbf4a16f025051bfa9377 Mon Sep 17 00:00:00 2001 From: JVThomas Date: Tue, 29 Aug 2023 09:43:11 -0400 Subject: [PATCH 13/24] WX-983 updates to env and action input variables --- .github/workflows/run_workflow.yml | 42 +++++++----------------------- 1 file changed, 9 insertions(+), 33 deletions(-) diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index 417e74279ed..b42d1efdefb 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -9,7 +9,7 @@ on: type: string # Replace user data with seeded data provided by devOps (once available) owner-subject: - description: 'User who will be submitting workflow' + description: 'Owner of billing project' required: true default: 'hermione.owner@quality.firecloud.org' type: string @@ -23,36 +23,11 @@ on: required: true default: 'profile, email, openid' type: string - tenant-id: - description: 'Azure tenant ID. The default tenant is DSP Terra Dev' - required: true - # Swap with devOps provided tenant ID when available - default: 'fad90753-2022-4456-9b0a-c7e5b934e408' - type: string - subscription-id: - description: 'Azure subscription ID' - required: true - # Update this with the static variable provided by devOps (once it's available) - default: 'f557c728-871d-408c-a28b-eb6b2141a087' - type: string - mrg-id: - # Update this with the static variable devOps provides (when available) - description: 'Azure Managed Resource Group name. The default is staticTestingMrg within subscription 8201558-dsp-azure-testing.' - required: true - default: 'staticTestingMrg' - type: string - landing-zone-id: - description: 'Landing Zone ID. An existing LZID tag within a given MRG.' - required: true - # NOTE: LZs are deleted and recreated after a couple of days, need to figure out a way to get this dynamically - # Might not be an issue. DevOps is working on getting static Landing Zones up and running - # Update this with the static value from devOps (once available) - default: 'f41c1a97-179b-4a18-9615-5214d79ba600' - type: string env: BEE_NAME: '${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt}}-dev' TOKEN: '${{ secrets.BROADBOT_GITHUB_TOKEN }}' # github token for access to kick off a job in the private repo + RUN_NAME_SUFFIX: '${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt }}' jobs: init-github-context: @@ -108,16 +83,12 @@ jobs: access_token_scopes: ${{ inputs.access-token-scopes }} access_token_subject: ${{ inputs.owner-subject }} export_environment_variables: false - -# UPDATE: may not need this either if DevOps provides a static billing project, landing zone, and resource group. - name: Generate a random billing project name id: 'gen' run: | project_name=$(echo "tmp-billing-project-$(uuidgen)" | cut -c -30) echo "project_name=${project_name}" >> $GITHUB_OUTPUT -# NOTE: Ivan is currently building out a workflow to handle this -# Should I wait or move forward with my own implementation? attach-landing-zone-to-bee-workflow: runs-on: ubuntu-latest needs: [az-e2e-params-gen, create-bee-workflow] @@ -133,9 +104,14 @@ jobs: with: workflow: attach-landing-zone-to-bee.yaml repo: broadinstitute/terra-github-workflows + ref: refs/heads/iv-az-e2e-1 token: ${{ env.TOKEN }} -# NOTE: Replace these values with devOps' static values - inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "billing-project": "${{ needs.az-e2e-params-gen.outputs.project-name }}", "tenant-id": "${{ inputs.tenant-id }}", "subscription-id": "${{ inputs.subscription-id }}", "mrg-id": "${{ inputs.mrg-id }}", "landing-zone-id": "${{ inputs.landing-zone-id }}", "billing-project-creator": "${{ inputs.owner-subject }}", "service-account": "${{ inputs.service-account }}" }' + inputs: '{ + "bee-name": "${{ env.BEE_NAME }}", + "run-name": "attach-landing-zone-to-bee-${{env.RUN_NAME_SUFFIX}}" + "billing-project": "${{ needs.az-e2e-params-gen.outputs.project-name }}", + "billing-project-creator": "${{ inputs.owner-subject }}", + "service-account": "${{ inputs.service-account }}" }' run-cromwell-az-e2e: runs-on: ubuntu-latest From d9b135f93222d469823b2830b985ba3d8c6d3a47 Mon Sep 17 00:00:00 2001 From: JVThomas Date: Tue, 29 Aug 2023 12:03:50 -0400 Subject: [PATCH 14/24] WX-983 masked echoed token, step rearrangement, gitignore update --- .github/workflows/run_workflow.yml | 42 +++++++++++++++--------------- .gitignore | 3 +++ 2 files changed, 24 insertions(+), 21 deletions(-) diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index b42d1efdefb..593a85a8ef2 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -40,26 +40,7 @@ jobs: - name: Get inputs or use defaults id: extract-inputs run: | - echo "branch=${{ inputs.branch || 'develop' }}" >> "$GITHUB_OUTPUT" - - create-bee-workflow: - runs-on: ubuntu-latest - needs: [init-github-context, az-e2e-params-gen] - permissions: - contents: 'read' - id-token: 'write' - steps: - # If we're running nightly tests then it should be fine to just reference env template - - name: Dispatch to terra-github-workflows - uses: broadinstitute/workflow-dispatch@v3 - with: - workflow: bee-create - repo: broadinstitute/terra-github-workflows - ref: refs/heads/main - token: ${{ env.TOKEN }} - # NOTE: Which env to use? Prod is reflective of current user environment, but dev is more likely to be up-to-date - # NOTE: Should try "provision-only": true and see what happens - inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "version-template": "dev" }' + echo "branch=${{ inputs.target-branch || 'develop' }}" >> "$GITHUB_OUTPUT" # This job provisions useful parameters for e2e tests, including access tokens. # Please note: access tokens are for use in the same workflow, they cannot be dispatched to remote workflows. @@ -88,6 +69,25 @@ jobs: run: | project_name=$(echo "tmp-billing-project-$(uuidgen)" | cut -c -30) echo "project_name=${project_name}" >> $GITHUB_OUTPUT + + create-bee-workflow: + runs-on: ubuntu-latest + needs: [init-github-context, az-e2e-params-gen] + permissions: + contents: 'read' + id-token: 'write' + steps: + # If we're running nightly tests then it should be fine to just reference env template + - name: Dispatch to terra-github-workflows + uses: broadinstitute/workflow-dispatch@v3 + with: + workflow: bee-create + repo: broadinstitute/terra-github-workflows + ref: refs/heads/main + token: ${{ env.TOKEN }} + # NOTE: Which env to use? Prod is reflective of current user environment, but dev is more likely to be up-to-date + # NOTE: Should try "provision-only": true and see what happens + inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "version-template": "dev" }' attach-landing-zone-to-bee-workflow: runs-on: ubuntu-latest @@ -98,7 +98,7 @@ jobs: steps: - name: Verify token generation run: | - echo ${{ needs.az-e2e-params-gen.outputs.owner-access-token }} + echo "::add-mask::${{ needs.az-e2e-params-gen.outputs.owner-access-token }}" - name: dispatch to terra-github-workflows uses: broadinstitute/workflow-dispatch@v3 with: diff --git a/.gitignore b/.gitignore index f2f43441e4d..250b6aa3c16 100644 --- a/.gitignore +++ b/.gitignore @@ -58,3 +58,6 @@ tesk_application.conf **/venv/ exome_germline_single_sample_v1.3/ **/*.pyc + +# GHA credentials +gha-creds-*.json From 1987a6f37e5e3ef2c76529b280a4dd43bd085faa Mon Sep 17 00:00:00 2001 From: JVThomas Date: Wed, 6 Sep 2023 07:22:59 -0400 Subject: [PATCH 15/24] WX-983 adjustments to variable assignment, sleep calls in workflow and test --- .github/workflows/run_workflow.yml | 23 ++++++------------- .../python/cromwell-az-e2e/tests/az-e2e.py | 16 ++++++++----- 2 files changed, 17 insertions(+), 22 deletions(-) diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index 593a85a8ef2..43d598e6ae7 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -18,11 +18,6 @@ on: required: true default: 'firecloud-qa@broad-dsde-qa.iam.gserviceaccount.com' type: string - access-token-scopes: - description: 'List of OAuth 2.0 access scopes to be included in the generated token' - required: true - default: 'profile, email, openid' - type: string env: BEE_NAME: '${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt}}-dev' @@ -61,7 +56,7 @@ jobs: token_format: 'access_token' workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider' service_account: ${{ inputs.service-account }} - access_token_scopes: ${{ inputs.access-token-scopes }} + access_token_scopes: 'profile, email, openid' access_token_subject: ${{ inputs.owner-subject }} export_environment_variables: false - name: Generate a random billing project name @@ -77,7 +72,6 @@ jobs: contents: 'read' id-token: 'write' steps: - # If we're running nightly tests then it should be fine to just reference env template - name: Dispatch to terra-github-workflows uses: broadinstitute/workflow-dispatch@v3 with: @@ -85,9 +79,8 @@ jobs: repo: broadinstitute/terra-github-workflows ref: refs/heads/main token: ${{ env.TOKEN }} - # NOTE: Which env to use? Prod is reflective of current user environment, but dev is more likely to be up-to-date - # NOTE: Should try "provision-only": true and see what happens - inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "version-template": "dev" }' + # NOTE: Opting to use "prod" instead of custom tag since I specifically want to test against the current prod state + inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "version-template": "prod" }' attach-landing-zone-to-bee-workflow: runs-on: ubuntu-latest @@ -97,7 +90,7 @@ jobs: id-token: 'write' steps: - name: Verify token generation - run: | + run: echo "::add-mask::${{ needs.az-e2e-params-gen.outputs.owner-access-token }}" - name: dispatch to terra-github-workflows uses: broadinstitute/workflow-dispatch@v3 @@ -122,12 +115,9 @@ jobs: steps: - uses: actions/checkout@v3 # checkout the cromwell repo with: + #NOTE: replace with target-branch before merge # ref: ${{ inputs.target-branch }} - #NOTE: replace below with inputs value as part of final cleanup ref: refs/heads/WX-983 - - uses: ./.github/set_up_cromwell_action #This github action will set up git-secrets, caching, java, and sbt. - with: - cromwell_repo_token: ${{ env.TOKEN }} - name: Install poetry uses: snok/install-poetry@v1 - name: Run e2e test @@ -135,6 +125,7 @@ jobs: OWNER: ${{inputs.owner-subject}} BEE_NAME: ${{env.BEE_NAME}} BILLING_PROJECT_NAME: ${{needs.az-e2e-params-gen.outputs.project-name}} + BEARER_TOKEN: ${{needs.az-e2e-params-gen.outputs.owner-access-token}} run: | poetry run python ../../server/src/test/python/cromwell-az-e2e/tests/az-e2e.py @@ -163,7 +154,7 @@ jobs: - name: dispatch to terra-github-workflows uses: broadinstitute/workflow-dispatch@v3 with: - workflow: bee-destroy + workflow: bee-destroy.yaml repo: broadinstitute/terra-github-workflows ref: refs/heads/main token: ${{ env.TOKEN }} diff --git a/server/src/test/python/cromwell-az-e2e/tests/az-e2e.py b/server/src/test/python/cromwell-az-e2e/tests/az-e2e.py index 71e0804f556..6ba076fcb5b 100644 --- a/server/src/test/python/cromwell-az-e2e/tests/az-e2e.py +++ b/server/src/test/python/cromwell-az-e2e/tests/az-e2e.py @@ -6,7 +6,7 @@ import uuid import time -azure_token = os.environ['AZURE_TOKEN'] +bearer_token = os.environ['BEARER_TOKEN'] bee_name = os.environ['BEE_NAME'] billing_project_name = os.environ['BILLING_PROJECT_NAME'] number_of_workspaces = 1 @@ -30,7 +30,7 @@ def create_workspace(): create_workspace_response = requests.post(url=rawls_api_call, json=request_body, - headers={"Authorization": f"Bearer {azure_token}"} + headers={"Authorization": f"Bearer {bearer_token}"} ).json() create_workspace_data = json.loads(json.dumps(create_workspace_response)) @@ -43,7 +43,7 @@ def create_workspace(): } response = requests.post(url=activate_cbas_request, json=cbas_request_body, - headers={"Authorization": f"Bearer {azure_token}"}) + headers={"Authorization": f"Bearer {bearer_token}"}) # will return 202 or error handle_failed_request(response, "Error activating CBAS", 202) @@ -55,7 +55,7 @@ def get_app_url(workspaceId, app): """"Get url for wds/cbas.""" uri = f"{leo_url}/api/apps/v2/{workspaceId}?includeDeleted=false" - headers = {"Authorization": azure_token, + headers = {"Authorization": bearer_token, "accept": "application/json"} response = requests.get(uri, headers=headers) @@ -89,7 +89,7 @@ def get_app_url(workspaceId, app): def submit_workflow_to_cromwell(app_url, workflow_test_name): workflow_endpoint = f'{app_url}/cromwell/api/workflows/v1' file_source = '../workflow_files' - headers = {"Authorization": azure_token, + headers = {"Authorization": bearer_token, "accept": "application/json", "Content-Type": "multipart/form-data"} files = {'workflowSource': open(f'{file_source}/hello.wdl', 'rb'), @@ -106,7 +106,7 @@ def submit_workflow_to_cromwell(app_url, workflow_test_name): def get_workflow_information(app_url, workflow_id): workflow_endpoint = f'{app_url}/cromwell/api/workflows/v1/{workflow_id}/metadata' - headers = {"Authorization": azure_token, + headers = {"Authorization": bearer_token, "accept": "application/json"} response = requests.get(workflow_endpoint, headers=headers) handle_failed_request(response, f"Error fetching workflow metadata for {workflow_id}") @@ -139,6 +139,10 @@ def get_completed_workflow(app_url, workflow_ids, max_retries=4): # This chunk of code only executes one workflow # Would like to modify this down the road to execute and store references for multiple workflows + +# Added an sleep here to give the workspace time to provision +# Not sure if I actually need this though, will remove if I find out its unecessary +time.sleep(60 * 20) workspace_id = create_workspace() app_url = get_app_url(workspace_id, 'cromwell') workflow_response = submit_workflow_to_cromwell(app_url, "Run Workflow Test") From fd98f28e07ac1a54b36d5e053ce45f3179555961 Mon Sep 17 00:00:00 2001 From: JVThomas Date: Mon, 11 Sep 2023 07:45:49 -0400 Subject: [PATCH 16/24] WX-983 minor updates --- .../test/python/cromwell-az-e2e/tests/az-e2e.py | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/server/src/test/python/cromwell-az-e2e/tests/az-e2e.py b/server/src/test/python/cromwell-az-e2e/tests/az-e2e.py index 6ba076fcb5b..838c769948b 100644 --- a/server/src/test/python/cromwell-az-e2e/tests/az-e2e.py +++ b/server/src/test/python/cromwell-az-e2e/tests/az-e2e.py @@ -64,7 +64,7 @@ def get_app_url(workspaceId, app): if status_code != 200: return response.text print("Successfully retrieved details.") - response = json.loads(response.text) + response = response.json() app_url = "" app_type = "CROMWELL" if app != 'wds' else app.upper() @@ -101,8 +101,8 @@ def submit_workflow_to_cromwell(app_url, workflow_test_name): } response = requests.post(workflow_endpoint, headers=headers, files=files) handle_failed_request(response, f"Error submitting workflow to Cromwell for {workflow_test_name}") - print(response.text) - return json.loads(response.text) + print(response.json()) # NOTE: remove after testing + return response.json() def get_workflow_information(app_url, workflow_id): workflow_endpoint = f'{app_url}/cromwell/api/workflows/v1/{workflow_id}/metadata' @@ -110,7 +110,8 @@ def get_workflow_information(app_url, workflow_id): "accept": "application/json"} response = requests.get(workflow_endpoint, headers=headers) handle_failed_request(response, f"Error fetching workflow metadata for {workflow_id}") - return json.loads(response.text) + print(response.json()) # NOTE: remove after testing + return response.json() def get_completed_workflow(app_url, workflow_ids, max_retries=4): target_statuses = ['Succeeded', 'Failed'] @@ -139,15 +140,12 @@ def get_completed_workflow(app_url, workflow_ids, max_retries=4): # This chunk of code only executes one workflow # Would like to modify this down the road to execute and store references for multiple workflows - -# Added an sleep here to give the workspace time to provision -# Not sure if I actually need this though, will remove if I find out its unecessary -time.sleep(60 * 20) workspace_id = create_workspace() +time.sleep(60 * 20) # Added an sleep here to give the workspace time to provision app_url = get_app_url(workspace_id, 'cromwell') workflow_response = submit_workflow_to_cromwell(app_url, "Run Workflow Test") #Giving workflow 10 minutes to complete -#Will need to update this when swapping out hello wdl with fetch_sra_to_bam (30 min?) +#Will need to update this when swapping out hello wdl with fetch_sra_to_bam (20 min?) time.sleep(60 * 10) # This chunk of code supports checking one or more workflows From a111fa9a1df77eb6faaf9a86de0871d6ca4c6979 Mon Sep 17 00:00:00 2001 From: JVThomas Date: Mon, 11 Sep 2023 10:22:36 -0400 Subject: [PATCH 17/24] WX-983 ref updates, use dev for bee template testing --- .github/workflows/run_workflow.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index 43d598e6ae7..bf562dd68a1 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -80,7 +80,8 @@ jobs: ref: refs/heads/main token: ${{ env.TOKEN }} # NOTE: Opting to use "prod" instead of custom tag since I specifically want to test against the current prod state - inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "version-template": "prod" }' + # NOTE: For testing purposes I'm using dev + inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "version-template": "dev" }' attach-landing-zone-to-bee-workflow: runs-on: ubuntu-latest @@ -97,14 +98,14 @@ jobs: with: workflow: attach-landing-zone-to-bee.yaml repo: broadinstitute/terra-github-workflows - ref: refs/heads/iv-az-e2e-1 + ref: refs/heads/main token: ${{ env.TOKEN }} inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "run-name": "attach-landing-zone-to-bee-${{env.RUN_NAME_SUFFIX}}" "billing-project": "${{ needs.az-e2e-params-gen.outputs.project-name }}", "billing-project-creator": "${{ inputs.owner-subject }}", - "service-account": "${{ inputs.service-account }}" }' + "service-account": "${{ inputs.service-account }}"}' run-cromwell-az-e2e: runs-on: ubuntu-latest @@ -139,7 +140,7 @@ jobs: with: workflow: .github/workflows/delete-billing-project-v2-from-bee.yaml repo: broadinstitute/terra-github-workflows - ref: refs/heads/iv-az-e2e-1 + ref: refs/heads/main token: ${{ env.TOKEN }} inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "billing-project": "${{ steps.az-e2e-params-gen.outputs.project-name }}", "billing-project-owner": "${{ inputs.owner-subject }}", "service-account": "${{ inputs.service-account }}" }' From 3dbd77fd49692c47b3e1d289e22ba365e356b07a Mon Sep 17 00:00:00 2001 From: JVThomas Date: Tue, 12 Sep 2023 09:22:59 -0400 Subject: [PATCH 18/24] WX-983 json correction, env variable renaming, still debugging workflow --- .github/workflows/run_workflow.yml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index bf562dd68a1..87c173d7332 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -21,7 +21,7 @@ on: env: BEE_NAME: '${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt}}-dev' - TOKEN: '${{ secrets.BROADBOT_GITHUB_TOKEN }}' # github token for access to kick off a job in the private repo + BROADBOT_TOKEN: '${{ secrets.BROADBOT_GITHUB_TOKEN }}' # github token for access to kick off a job in the private repo RUN_NAME_SUFFIX: '${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt }}' jobs: @@ -59,6 +59,7 @@ jobs: access_token_scopes: 'profile, email, openid' access_token_subject: ${{ inputs.owner-subject }} export_environment_variables: false + create_credentials_file: false - name: Generate a random billing project name id: 'gen' run: | @@ -78,7 +79,7 @@ jobs: workflow: bee-create repo: broadinstitute/terra-github-workflows ref: refs/heads/main - token: ${{ env.TOKEN }} + token: ${{ env.BROADBOT_TOKEN }} # NOTE: Opting to use "prod" instead of custom tag since I specifically want to test against the current prod state # NOTE: For testing purposes I'm using dev inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "version-template": "dev" }' @@ -99,10 +100,10 @@ jobs: workflow: attach-landing-zone-to-bee.yaml repo: broadinstitute/terra-github-workflows ref: refs/heads/main - token: ${{ env.TOKEN }} + token: ${{ env.BROADBOT_TOKEN }} inputs: '{ "bee-name": "${{ env.BEE_NAME }}", - "run-name": "attach-landing-zone-to-bee-${{env.RUN_NAME_SUFFIX}}" + "run-name": "attach-landing-zone-to-bee-${{env.RUN_NAME_SUFFIX}}", "billing-project": "${{ needs.az-e2e-params-gen.outputs.project-name }}", "billing-project-creator": "${{ inputs.owner-subject }}", "service-account": "${{ inputs.service-account }}"}' @@ -141,11 +142,13 @@ jobs: workflow: .github/workflows/delete-billing-project-v2-from-bee.yaml repo: broadinstitute/terra-github-workflows ref: refs/heads/main - token: ${{ env.TOKEN }} + token: ${{ env.BROADBOT_TOKEN }} inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "billing-project": "${{ steps.az-e2e-params-gen.outputs.project-name }}", "billing-project-owner": "${{ inputs.owner-subject }}", "service-account": "${{ inputs.service-account }}" }' destroy-bee-workflow: runs-on: ubuntu-latest + # QUESTION: Can a billing project be deleted if the bee is deleted? + # QUESTION: Can a billing project be deleted if the bee is still tied to it? needs: [create-bee-workflow, delete-billing-project-v2-from-bee-workflow] if: ${{needs.create-bee-workflow.result == 'success'}} permissions: @@ -158,5 +161,5 @@ jobs: workflow: bee-destroy.yaml repo: broadinstitute/terra-github-workflows ref: refs/heads/main - token: ${{ env.TOKEN }} + token: ${{ env.BROADBOT_TOKEN }} inputs: '{ "bee-name": "${{ env.BEE_NAME }}" }' \ No newline at end of file From e5bb442dd7b2635fc9be04d8772c30c76d319429 Mon Sep 17 00:00:00 2001 From: JVThomas Date: Tue, 12 Sep 2023 09:57:21 -0400 Subject: [PATCH 19/24] WX-983 added if conditional to attach step to check on access_token --- .github/workflows/run_workflow.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index 87c173d7332..b4358b70a4a 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -87,6 +87,7 @@ jobs: attach-landing-zone-to-bee-workflow: runs-on: ubuntu-latest needs: [az-e2e-params-gen, create-bee-workflow] + if: ${{ needs.az-e2e-params-gen.outputs.owner-access-token != '' }} permissions: contents: 'read' id-token: 'write' From 4ea80f6b557494dd5c040bf21d9cdc30f425f121 Mon Sep 17 00:00:00 2001 From: JVThomas Date: Tue, 12 Sep 2023 11:23:38 -0400 Subject: [PATCH 20/24] WX-983 updated workflow to match new expectations from terra-github-workflows actions, moved OAuth token generation to e2e test job --- .github/workflows/run_workflow.yml | 75 +++++++++++++++--------------- 1 file changed, 37 insertions(+), 38 deletions(-) diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index b4358b70a4a..d8dfe0e4320 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -39,27 +39,14 @@ jobs: # This job provisions useful parameters for e2e tests, including access tokens. # Please note: access tokens are for use in the same workflow, they cannot be dispatched to remote workflows. - az-e2e-params-gen: + params-gen: runs-on: ubuntu-latest permissions: contents: 'read' id-token: 'write' outputs: - owner-access-token: ${{ steps.owner_auth.outputs.access_token }} project-name: ${{ steps.gen.outputs.project_name }} steps: - - uses: 'actions/checkout@v3' - - name: Generate OAuth2 2.0 access token for owner - id: 'owner_auth' - uses: google-github-actions/auth@v1 - with: - token_format: 'access_token' - workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider' - service_account: ${{ inputs.service-account }} - access_token_scopes: 'profile, email, openid' - access_token_subject: ${{ inputs.owner-subject }} - export_environment_variables: false - create_credentials_file: false - name: Generate a random billing project name id: 'gen' run: | @@ -68,7 +55,7 @@ jobs: create-bee-workflow: runs-on: ubuntu-latest - needs: [init-github-context, az-e2e-params-gen] + needs: [init-github-context, params-gen] permissions: contents: 'read' id-token: 'write' @@ -83,40 +70,45 @@ jobs: # NOTE: Opting to use "prod" instead of custom tag since I specifically want to test against the current prod state # NOTE: For testing purposes I'm using dev inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "version-template": "dev" }' - - attach-landing-zone-to-bee-workflow: + + create-and-attach-billing-project-to-landing-zone-workflow: runs-on: ubuntu-latest - needs: [az-e2e-params-gen, create-bee-workflow] - if: ${{ needs.az-e2e-params-gen.outputs.owner-access-token != '' }} - permissions: - contents: 'read' - id-token: 'write' + needs: [create-bee-workflow, params-gen] steps: - - name: Verify token generation - run: - echo "::add-mask::${{ needs.az-e2e-params-gen.outputs.owner-access-token }}" - name: dispatch to terra-github-workflows uses: broadinstitute/workflow-dispatch@v3 with: - workflow: attach-landing-zone-to-bee.yaml + workflow: attach-billing-project-to-landing-zone.yaml repo: broadinstitute/terra-github-workflows ref: refs/heads/main token: ${{ env.BROADBOT_TOKEN }} - inputs: '{ + inputs: '{ + "run-name": "attach-billing-project-to-landing-zone-${{ env.RUN_NAME_SUFFIX }}", "bee-name": "${{ env.BEE_NAME }}", - "run-name": "attach-landing-zone-to-bee-${{env.RUN_NAME_SUFFIX}}", - "billing-project": "${{ needs.az-e2e-params-gen.outputs.project-name }}", - "billing-project-creator": "${{ inputs.owner-subject }}", - "service-account": "${{ inputs.service-account }}"}' + "billing-project": "${{ needs.params-gen.outputs.project-name }}", + "billing-project-creator": "${{ inputs.owner-subject }}", + "service-account": "${{inputs.service-account}}" }' run-cromwell-az-e2e: runs-on: ubuntu-latest - needs: [az-e2e-params-gen, attach-landing-zone-to-bee-workflow] + needs: [params-gen, create-and-attach-billing-project-to-landing-zone-workflow] permissions: contents: 'read' id-token: 'write' steps: - - uses: actions/checkout@v3 # checkout the cromwell repo + - uses: 'actions/checkout@v3' + - name: Generate OAuth2 2.0 access token for owner + id: 'owner_auth' + uses: google-github-actions/auth@v1 + with: + token_format: 'access_token' + workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider' + service_account: ${{ inputs.service-account }} + access_token_scopes: 'profile, email, openid' + access_token_subject: ${{ inputs.owner-subject }} + export_environment_variables: false + create_credentials_file: false + - uses: actions/checkout@v3 with: #NOTE: replace with target-branch before merge # ref: ${{ inputs.target-branch }} @@ -127,14 +119,14 @@ jobs: env: OWNER: ${{inputs.owner-subject}} BEE_NAME: ${{env.BEE_NAME}} - BILLING_PROJECT_NAME: ${{needs.az-e2e-params-gen.outputs.project-name}} - BEARER_TOKEN: ${{needs.az-e2e-params-gen.outputs.owner-access-token}} + BILLING_PROJECT_NAME: ${{needs.params-gen.outputs.project-name}} + BEARER_TOKEN: ${{ steps.owner_auth.outputs.access_token }} run: | poetry run python ../../server/src/test/python/cromwell-az-e2e/tests/az-e2e.py delete-billing-project-v2-from-bee-workflow: runs-on: ubuntu-latest - needs: [run-cromwell-az-e2e, attach-landing-zone-to-bee-workflow] + needs: [run-cromwell-az-e2e, create-and-attach-billing-project-to-landing-zone-workflow, params-gen] if: ${{(needs.run-cromwell-az-e2e.result == 'success' || needs.run-cromwell-az-e2e.result == 'failure' || needs.run-cromwell-az-e2e.result == 'cancelled' || needs.run-cromwell-az-e2e.result == 'skipped') && needs.attach-landing-zone-to-bee-workflow.result == 'success'}} steps: - name: dispatch to terra-github-workflows @@ -144,7 +136,13 @@ jobs: repo: broadinstitute/terra-github-workflows ref: refs/heads/main token: ${{ env.BROADBOT_TOKEN }} - inputs: '{ "bee-name": "${{ env.BEE_NAME }}", "billing-project": "${{ steps.az-e2e-params-gen.outputs.project-name }}", "billing-project-owner": "${{ inputs.owner-subject }}", "service-account": "${{ inputs.service-account }}" }' + inputs: '{ + "run-name": "delete-billing-project-v2-from-bee-${{ env.RUN_NAME_SUFFIX }}", + "bee-name": "${{ env.BEE_NAME }}", + "billing-project": "${{ needs.params-gen.outputs.project-name }}", + "billing-project-owner": "${{ inputs.owner-subject }}", + "service-account": "${{ inputs.service-account }}" + "silent-on-failure": "false" }' destroy-bee-workflow: runs-on: ubuntu-latest @@ -163,4 +161,5 @@ jobs: repo: broadinstitute/terra-github-workflows ref: refs/heads/main token: ${{ env.BROADBOT_TOKEN }} - inputs: '{ "bee-name": "${{ env.BEE_NAME }}" }' \ No newline at end of file + inputs: '{ "bee-name": "${{ env.BEE_NAME }}" }' + wait-for-completion: true \ No newline at end of file From e5f0b10b693a5776b0e3a5461c82702725475c94 Mon Sep 17 00:00:00 2001 From: JVThomas Date: Fri, 15 Sep 2023 08:40:10 -0400 Subject: [PATCH 21/24] WX-983 adding always() condition to see if cleanup jobs still run on test failure --- .github/workflows/run_workflow.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index d8dfe0e4320..b09d9150940 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -110,14 +110,12 @@ jobs: create_credentials_file: false - uses: actions/checkout@v3 with: - #NOTE: replace with target-branch before merge -# ref: ${{ inputs.target-branch }} + #NOTE: replace with ${{inputs.target-branch}} before merge ref: refs/heads/WX-983 - name: Install poetry uses: snok/install-poetry@v1 - name: Run e2e test env: - OWNER: ${{inputs.owner-subject}} BEE_NAME: ${{env.BEE_NAME}} BILLING_PROJECT_NAME: ${{needs.params-gen.outputs.project-name}} BEARER_TOKEN: ${{ steps.owner_auth.outputs.access_token }} @@ -127,7 +125,7 @@ jobs: delete-billing-project-v2-from-bee-workflow: runs-on: ubuntu-latest needs: [run-cromwell-az-e2e, create-and-attach-billing-project-to-landing-zone-workflow, params-gen] - if: ${{(needs.run-cromwell-az-e2e.result == 'success' || needs.run-cromwell-az-e2e.result == 'failure' || needs.run-cromwell-az-e2e.result == 'cancelled' || needs.run-cromwell-az-e2e.result == 'skipped') && needs.attach-landing-zone-to-bee-workflow.result == 'success'}} + if: always() && ${{needs.create-and-attach-billing-project-to-landing-zone-workflow.result == 'success'}} steps: - name: dispatch to terra-github-workflows uses: broadinstitute/workflow-dispatch@v3 @@ -149,7 +147,7 @@ jobs: # QUESTION: Can a billing project be deleted if the bee is deleted? # QUESTION: Can a billing project be deleted if the bee is still tied to it? needs: [create-bee-workflow, delete-billing-project-v2-from-bee-workflow] - if: ${{needs.create-bee-workflow.result == 'success'}} + if: always() && ${{needs.create-bee-workflow.result == 'success'}} permissions: contents: 'read' id-token: 'write' From 970d24d667f05b8b37515743c9f4d90381c1aaf7 Mon Sep 17 00:00:00 2001 From: JVThomas Date: Fri, 15 Sep 2023 09:39:22 -0400 Subject: [PATCH 22/24] WX-983 going to just use always() just to test if condition --- .github/workflows/run_workflow.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index b09d9150940..859f200c26f 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -125,7 +125,7 @@ jobs: delete-billing-project-v2-from-bee-workflow: runs-on: ubuntu-latest needs: [run-cromwell-az-e2e, create-and-attach-billing-project-to-landing-zone-workflow, params-gen] - if: always() && ${{needs.create-and-attach-billing-project-to-landing-zone-workflow.result == 'success'}} + if: always() steps: - name: dispatch to terra-github-workflows uses: broadinstitute/workflow-dispatch@v3 @@ -147,7 +147,7 @@ jobs: # QUESTION: Can a billing project be deleted if the bee is deleted? # QUESTION: Can a billing project be deleted if the bee is still tied to it? needs: [create-bee-workflow, delete-billing-project-v2-from-bee-workflow] - if: always() && ${{needs.create-bee-workflow.result == 'success'}} + if: always() permissions: contents: 'read' id-token: 'write' From b1f0276eda4367f31c4bd0ee2808f4482ef3f8af Mon Sep 17 00:00:00 2001 From: JVThomas Date: Fri, 15 Sep 2023 10:18:15 -0400 Subject: [PATCH 23/24] WX-983 added missing comma --- .github/workflows/run_workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index 859f200c26f..0308c514bac 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -139,7 +139,7 @@ jobs: "bee-name": "${{ env.BEE_NAME }}", "billing-project": "${{ needs.params-gen.outputs.project-name }}", "billing-project-owner": "${{ inputs.owner-subject }}", - "service-account": "${{ inputs.service-account }}" + "service-account": "${{ inputs.service-account }}", "silent-on-failure": "false" }' destroy-bee-workflow: From 06f7724e2ef852dbbb79805ba1b7466981c046de Mon Sep 17 00:00:00 2001 From: JVThomas Date: Mon, 18 Sep 2023 07:34:45 -0400 Subject: [PATCH 24/24] WX-983 path correction on workflow --- .github/workflows/run_workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run_workflow.yml b/.github/workflows/run_workflow.yml index 0308c514bac..eb5a4ce5341 100644 --- a/.github/workflows/run_workflow.yml +++ b/.github/workflows/run_workflow.yml @@ -120,7 +120,7 @@ jobs: BILLING_PROJECT_NAME: ${{needs.params-gen.outputs.project-name}} BEARER_TOKEN: ${{ steps.owner_auth.outputs.access_token }} run: | - poetry run python ../../server/src/test/python/cromwell-az-e2e/tests/az-e2e.py + poetry run python server/src/test/python/cromwell-az-e2e/tests/az-e2e.py delete-billing-project-v2-from-bee-workflow: runs-on: ubuntu-latest