I wonder if some integration tests could be offloaded to their respective cloud provider. For example, the Google cloud related integration tests could be executed on Cloud build. Cloud Build's service account, or custom, could have the minimally necessary IAM roles to access Google Cloud resources as part of its execution. The 'build' in its name shouldn't mislead one to think it's only for building. It's essentially just a container that when connected to the GitHub repository its triggers can report back the success or failure of a run. As a bonus: no need for static service account keys 🤩🤩🤩
For those reading this and do not know what Cloud Build is, please see https://youtu.be/Bvo6jzC3J_A For information about service accounts, please see https://youtu.be/xXk1YlkKW_k For information about service account keys, please see https://youtu.be/SDhMwyyd9_0 And finally, IAM permissions, please see https://youtu.be/Sdt-i-Q7tyA On Wed, Oct 19, 2022, 8:32 AM Kenneth Knowles <k...@apache.org> wrote: > Hi all, > > As you probably noticed, there's a lot of work going on around adding more > GitHub Actions workflows. > > Can we fully migrate to GitHub Actions? Similar to our GitHub Issues > migration (but less user-facing) it would bring us on to "default" > infrastructure that more people understand and is maintained by GitHub. > > So far we have hit some serious roadblocks. It isn't just a simple > migration. We have to weigh doing the work to get there. > > I started a document with a table of the things we get from Jenkins that > we need to be sure to have for GitHub Actions before we could think about > migrating: > > https://s.apache.org/beam-jenkins-to-gha > > Can you please help me by adding things that we get from Jenkins, and if > you know how to get them from GitHub Actions add that too. > > Thanks! > > Kenn >
