Fix GitHub Actions verification script
codefromthecrypt opened this issue · 13 comments
#181 moves verification of the docker build to GitHub actions
Please encrypt GOOGLE_APPLICATION_CREDENTIALS_BASE64 so that the test can extract it, verify the job runs (any glitches), and move documentation around this from RELEASE.md to docker-compose.test.yml
Ex a comment might look like what we do for GPG:
# GPG_SIGNING_KEY=$(gpg -a --export-secret-keys zipkin-admin@googlegroups.com |base64)
# - used to sign jars in release commands
# - sent to keyserver.ubuntu.com keys.openpgp.org
# - import like this: echo ${GPG_SIGNING_KEY} | base64 --decode | gpg --batch --passphrase ${GPG_PASSPHRASE} --import
/cc @elefeint @meltsufin
chatting with @saturnism we need to assess the impact of https://bugs.chromium.org/p/project-zero/issues/detail?id=2070&can=2&q=&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&cells=ids and if adding credentials here would allow exposing them.
An alternative is to revert back to master branch testing. Travis only has access to credentials entered into the UI in secure settings, ex pull requests can't access them. The good part is that this should work around this problem. The bad part is that master is late.. someone can raise a PR, break something subtle, and we wouldn't know until after merge.
wdyt @anuraaga?
Added base64 encoded service account as a GitHub Action secret GOOGLE_APPLICATION_CREDENTIALS_BASE64
Updating workflow to reference the secret from an env var
The run seems successful w/ the credential, but process exited with exit code 1.
https://github.com/saturnism/stackdriver-zipkin/runs/1372755405?check_suite_focus=true#step:10:58
I was able to reproduce the whole thing locally.
The exit code was 1 because docker/bin/block_on_health sut failed. this is because Docker healthcheck failed.
For some reason, the built zipkin-gcp Docker container responds 404 on http://localhost:9411, hence docker_healthcheck failed.
However, http://localhost:9411/actuator/health reports healthy:
wget -qO- http://localhost:9411/actuator/health
{
"status" : "UP",
"zipkin" : {
"status" : "UP",
"details" : {
"StackdriverStorage{zipkin-gcp-ci}" : {
"status" : "UP"
}
}
}
}
@adriancole any idea/pointer why / returns 404? is it expected? thanks!
hmm actually it shouldn't be trying to hit / rather /health, but you are right
https://github.com/openzipkin/zipkin/blob/master/docker/bin/docker-healthcheck
I'm surprised this fell through this far! I guess forgot where I fixed it. ex here
https://github.com/openzipkin/brave-example/blob/master/docker/bin/docker-healthcheck
will fix upstream.
openzipkin/zipkin#3291 luckily we can re-release docker independently
this should be fixed in next pull of a recent zipkin version docker image
verified in my forked repo. removed some debugging configurations. ptal at PR #186. I suppose we won't find out if it works here until we merge it in :). Cheers,
Thanks, if this works, please go back and delete the travis related stuff from RELEASE.md and add comments into the GH action yaml about how to generate that credential (or a anchor link to README if it is already there).
I see green! Thanks @saturnism I'll leave bookkeeping till later.. might personally delete the travis part as I want to update the build anyway
I see green! Thanks @saturnism I'll leave bookkeeping till later.. might personally delete the travis part as I want to update the build anyway
yay!
I sent a small PR to update the credentials verbiage pertaining the service account configuration. #187