Skip to content

Improve and fix GCP CI test #684

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
AlCutter merged 7 commits into from
Jan 28, 2026
Merged

Improve and fix GCP CI test #684

AlCutter merged 7 commits into from
Jan 28, 2026

Conversation

@AlCutter
Copy link
Collaborator

@AlCutter AlCutter commented Jan 26, 2026
edited
Loading

This PR makes a few changes to the CI set up to fix the breakage and introduce some minor improvements:

  • Correct naming of keys generated by the generate_key command. Previously, incorrectly log preceded the origin.
  • Replace origin_suffix variable with origin. Previously, origin was passed implicitly as base_name, and origin_suffix was appended in all locations where an origin was required. This change makes it easier to be explicit and consistent about the value of origin across multiple locations.
  • Derive a safe_origin internal string for use in naming GCP resources where only alphanumeric and - chars are permitted.
  • Replace key suffix vars with the full secret manager resource ID for the CI log.
  • Fix Cloud Build CI to work with the new assumptions about ownership of keys.
    • Keys for are now provisioned and deleted for each run by explicit steps which ensures that the generate_key tool is tested.
    • Update to specify origin and use that consistently.

@AlCutter AlCutter force-pushed the fix_ci branch 12 times, most recently from 3801145 to d218e5d Compare January 27, 2026 15:25
@AlCutter AlCutter force-pushed the fix_ci branch 13 times, most recently from f61e888 to 5f58b3f Compare January 27, 2026 17:28
@AlCutter AlCutter marked this pull request as ready for review January 27, 2026 17:48
@AlCutter AlCutter requested a review from a team as a code owner January 27, 2026 17:48
@AlCutter AlCutter requested review from phbnf and removed request for a team January 27, 2026 17:48
@AlCutter AlCutter changed the title Remove obsolete CI key suffixes Improve and fix GCP CI test Jan 27, 2026
phbnf
phbnf approved these changes Jan 28, 2026
View reviewed changes
deployment/modules/gcp/cloudbuild/conformance/main.tf Outdated
Copy link
Collaborator

@phbnf phbnf Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Should we also destroy the key here to keep everything consistent?

deployment/live/gcp/static-ct-staging/logs/arche2025h1/terragrunt.hcl
docker_env = local.env
base_name = include.root.locals.base_name
origin_suffix = include.root.locals.origin_suffix
origin = "${local.base_name}${include.root.locals.origin_suffix}"
Copy link
Collaborator

@phbnf phbnf Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can also edit / remove origin_suffix from deployment/live/gcp/static-ct-staging/logs/root.hcl

Copy link
Collaborator Author

@AlCutter AlCutter Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left that there consciously so that the suffix is guaranteed to be common across all the arche logs.

@AlCutter AlCutter merged commit f35827a into transparency-dev:main Jan 28, 2026
10 checks passed
@AlCutter AlCutter deleted the fix_ci branch January 28, 2026 10:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@phbnf phbnf phbnf approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AlCutter @phbnf