From 6cc2d654ab76664f2a31664b5c4e1c2fb39d2576 Mon Sep 17 00:00:00 2001 From: Patrick Lee Scott Date: Wed, 11 Mar 2026 16:45:27 -0500 Subject: [PATCH 1/2] feat: use file-based env vars for e2e tests Replace hardcoded AWS account IDs, subnet IDs, and other environment-specific values with file.read("env/...") pattern. CI writes env files from GitHub repo variables (${{ vars.* }}). Workflow versions updated to v2.19.1 + feat/kcl-env-files. Implements [[tasks/e2e-env-vars-via-files]] --- .github/workflows/on-pr.yaml | 6 ++++++ .github/workflows/on-push-main.yaml | 8 +++++++- .gitignore | 1 + tests/e2etest-basestacks/main.k | 10 +++++----- 4 files changed, 19 insertions(+), 6 deletions(-) diff --git a/.github/workflows/on-pr.yaml b/.github/workflows/on-pr.yaml index 58b44ea..6ba1671 100644 --- a/.github/workflows/on-pr.yaml +++ b/.github/workflows/on-pr.yaml @@ -47,6 +47,12 @@ jobs: aws-use-oidc: true aws-account-id: "034489662075" aws-region: us-east-2 + env-vars: | + { + "ADMIN_ROLE_ARN": "${{ vars.ADMIN_ROLE_ARN }}", + "PRIVATE_SUBNET_ID_A": "${{ vars.PRIVATE_SUBNET_ID_A }}", + "PRIVATE_SUBNET_ID_B": "${{ vars.PRIVATE_SUBNET_ID_B }}" + } debug-resource-types: | [ "autoeksclusters.aws.hops.ops.com.ai", diff --git a/.github/workflows/on-push-main.yaml b/.github/workflows/on-push-main.yaml index b0caf4c..20fc1c0 100644 --- a/.github/workflows/on-push-main.yaml +++ b/.github/workflows/on-push-main.yaml @@ -43,6 +43,12 @@ jobs: aws-use-oidc: true aws-account-id: "034489662075" aws-region: us-east-2 + env-vars: | + { + "ADMIN_ROLE_ARN": "${{ vars.ADMIN_ROLE_ARN }}", + "PRIVATE_SUBNET_ID_A": "${{ vars.PRIVATE_SUBNET_ID_A }}", + "PRIVATE_SUBNET_ID_B": "${{ vars.PRIVATE_SUBNET_ID_B }}" + } debug-resource-types: | [ "autoeksclusters.aws.hops.ops.com.ai", @@ -61,4 +67,4 @@ jobs: secrets: DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }} with: - useDeployKey: true \ No newline at end of file + useDeployKey: true diff --git a/.gitignore b/.gitignore index c22ff1a..06d3fee 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ _output/ # E2E test credentials (CRITICAL - never commit secrets) **/aws-creds tests/**/secrets/ +tests/**/env/ diff --git a/tests/e2etest-basestacks/main.k b/tests/e2etest-basestacks/main.k index 6f5bdfa..8d02118 100644 --- a/tests/e2etest-basestacks/main.k +++ b/tests/e2etest-basestacks/main.k @@ -36,19 +36,19 @@ _base64_creds = base64.encode(_creds) _now = str(int(math.floor(datetime.ticks()))) _test_name = "e2e-alb-" + _now _namespace = "default" -_region = "us-east-2" +_region = file.read("env/AWS_REGION").strip() # CI test account -_account_id = "034489662075" -_admin_role_arn = "arn:aws:iam::034489662075:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AdminAccess_e8d960044a7864f6" +_account_id = file.read("env/AWS_ACCOUNT_ID").strip() +_admin_role_arn = file.read("env/ADMIN_ROLE_ARN").strip() # ============================================================================= # Persistent Network Infrastructure (from aws-network e2e test - hops-test) # ============================================================================= # Private subnet IDs for the EKS cluster - these are already created and orphaned _private_subnet_ids = [ # private-a - "subnet-0ba2f584c25e9435d" + file.read("env/PRIVATE_SUBNET_ID_A").strip() # private-b - "subnet-02e4d512f8859e684" + file.read("env/PRIVATE_SUBNET_ID_B").strip() ] _items = [ From 4d4bc134360e424956276caca6263944b2ef5d9a Mon Sep 17 00:00:00 2001 From: Patrick Lee Scott Date: Wed, 11 Mar 2026 17:23:37 -0500 Subject: [PATCH 2/2] chore: add write-env-files: true for explicit env file opt-in --- .github/workflows/on-pr.yaml | 1 + .github/workflows/on-push-main.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/on-pr.yaml b/.github/workflows/on-pr.yaml index 6ba1671..e86aa27 100644 --- a/.github/workflows/on-pr.yaml +++ b/.github/workflows/on-pr.yaml @@ -47,6 +47,7 @@ jobs: aws-use-oidc: true aws-account-id: "034489662075" aws-region: us-east-2 + write-env-files: true env-vars: | { "ADMIN_ROLE_ARN": "${{ vars.ADMIN_ROLE_ARN }}", diff --git a/.github/workflows/on-push-main.yaml b/.github/workflows/on-push-main.yaml index 20fc1c0..a5db553 100644 --- a/.github/workflows/on-push-main.yaml +++ b/.github/workflows/on-push-main.yaml @@ -43,6 +43,7 @@ jobs: aws-use-oidc: true aws-account-id: "034489662075" aws-region: us-east-2 + write-env-files: true env-vars: | { "ADMIN_ROLE_ARN": "${{ vars.ADMIN_ROLE_ARN }}",