From d86656ce3164200b0c19c952fb32b4677db1833b Mon Sep 17 00:00:00 2001
From: Michele Mancioppi <michele.mancioppi@dash0.com>
Date: Wed, 8 Nov 2023 10:10:40 +0100
Subject: [PATCH 1/2] fix: delete env in right account, DRY

---
 .github/workflows/ci.yaml                | 26 +++++++++++++++++++-----
 .github/workflows/clean-up-test-env.yaml | 22 +++++++++++++++++---
 2 files changed, 40 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 694c5b8f..525f0da8 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -85,14 +85,30 @@ jobs:
         run: |
           echo "test_env_name=$(./.github/workflows/scripts/test_env_name.sh)" >> $GITHUB_OUTPUT || exit 1
 
+      - name: Select credentials
+        id: select_credentials
+        shell: bash
+        env:
+          TEST_ENVIRONMENT_NAME: ${{ steps.get_test_env_name.outputs.test_env_name }}
+        run: |
+          if [ "${TEST_ENVIRONMENT_NAME}" == 'main' ]; then
+            echo 'aws_account=${{secrets.AWS_ACCOUNT_PROD}}' >> ${GITHUB_OUTPUT}
+            echo 'aws_access_key=${{secrets.AWS_ACCESS_KEY_ID_PROD}}' >> ${GITHUB_OUTPUT}
+            echo 'aws_secret_access_key=${{secrets.AWS_SECRET_ACCESS_KEY_PROD}}' >> ${GITHUB_OUTPUT}
+          else
+            echo 'aws_account=${{secrets.AWS_ACCOUNT_DEV}}' >> ${GITHUB_OUTPUT}
+            echo 'aws_access_key=${{secrets.AWS_ACCESS_KEY_ID_DEV}}' >> ${GITHUB_OUTPUT}
+            echo 'aws_secret_access_key=${{secrets.AWS_SECRET_ACCESS_KEY_DEV}}' >> ${GITHUB_OUTPUT}
+          fi
+
       - name: Deploy validation backend
         shell: bash
         working-directory: packages/otelbin-validation
         env:
-          AWS_ACCESS_KEY_ID: ${{ github.ref == 'refs/heads/main' && secrets.AWS_ACCESS_KEY_ID_PROD || secrets.AWS_ACCESS_KEY_ID_DEV }}
-          AWS_SECRET_ACCESS_KEY: ${{ github.ref == 'refs/heads/main' && secrets.AWS_SECRET_ACCESS_KEY_PROD || secrets.AWS_SECRET_ACCESS_KEY_DEV }}
+          AWS_ACCESS_KEY_ID: ${{ steps.select_credentials.outputs.aws_access_key }}
+          AWS_SECRET_ACCESS_KEY: ${{ steps.select_credentials.outputs.aws_secret_access_key }}
           AWS_DEFAULT_REGION: 'us-east-2'
-          CDK_DEPLOY_ACCOUNT: ${{ github.ref == 'refs/heads/main' && '462608073829' || '622203989445' }}
+          CDK_DEPLOY_ACCOUNT: ${{ steps.select_credentials.outputs.aws_account }}
           CDK_DEPLOY_REGION: 'us-east-2'
           GH_TOKEN: ${{ github.token }}
           TEST_ENVIRONMENT_NAME: ${{ steps.get_test_env_name.outputs.test_env_name }}
@@ -147,8 +163,8 @@ jobs:
         shell: bash
         working-directory: packages/otelbin-validation
         env:
-          AWS_ACCESS_KEY_ID: ${{ github.ref == 'refs/heads/main' && secrets.AWS_ACCESS_KEY_ID_PROD || secrets.AWS_ACCESS_KEY_ID_DEV }}
-          AWS_SECRET_ACCESS_KEY: ${{ github.ref == 'refs/heads/main' && secrets.AWS_SECRET_ACCESS_KEY_PROD || secrets.AWS_SECRET_ACCESS_KEY_DEV }}
+          AWS_ACCESS_KEY_ID: ${{ steps.select_credentials.outputs.aws_access_key }}
+          AWS_SECRET_ACCESS_KEY: ${{ steps.select_credentials.outputs.aws_secret_access_key }}
           AWS_DEFAULT_REGION: 'us-east-2'
           API_GATEWAY_NAME: ${{ needs.prep-itests.outputs.validation_api_apigateway_name }}
           API_GATEWAY_URL: ${{ needs.prep-itests.outputs.validation_api_apigateway_url }}
diff --git a/.github/workflows/clean-up-test-env.yaml b/.github/workflows/clean-up-test-env.yaml
index 59b76adc..925e142b 100644
--- a/.github/workflows/clean-up-test-env.yaml
+++ b/.github/workflows/clean-up-test-env.yaml
@@ -37,14 +37,30 @@ jobs:
         run: |
           echo "test_env_name=$(./.github/workflows/scripts/test_env_name.sh)" >> $GITHUB_OUTPUT || exit 1
 
+      - name: Select credentials
+        id: select_credentials
+        shell: bash
+        env:
+          TEST_ENVIRONMENT_NAME: ${{ steps.get_test_env_name.outputs.test_env_name }}
+        run: |
+          if [ "${TEST_ENVIRONMENT_NAME}" == 'main' ]; then
+            echo 'aws_account=${{secrets.AWS_ACCOUNT_PROD}}' >> ${GITHUB_OUTPUT}
+            echo 'aws_access_key=${{secrets.AWS_ACCESS_KEY_ID_PROD}}' >> ${GITHUB_OUTPUT}
+            echo 'aws_secret_access_key=${{secrets.AWS_SECRET_ACCESS_KEY_PROD}}' >> ${GITHUB_OUTPUT}
+          else
+            echo 'aws_account=${{secrets.AWS_ACCOUNT_DEV}}' >> ${GITHUB_OUTPUT}
+            echo 'aws_access_key=${{secrets.AWS_ACCESS_KEY_ID_DEV}}' >> ${GITHUB_OUTPUT}
+            echo 'aws_secret_access_key=${{secrets.AWS_SECRET_ACCESS_KEY_DEV}}' >> ${GITHUB_OUTPUT}
+          fi
+
       - name: Delete validation backend
         shell: bash
         working-directory: packages/otelbin-validation
         env:
-          AWS_ACCESS_KEY_ID: ${{ github.ref == 'refs/heads/main' && secrets.AWS_ACCESS_KEY_ID_PROD || secrets.AWS_ACCESS_KEY_ID_DEV }}
-          AWS_SECRET_ACCESS_KEY: ${{ github.ref == 'refs/heads/main' && secrets.AWS_SECRET_ACCESS_KEY_PROD || secrets.AWS_SECRET_ACCESS_KEY_DEV }}
+          AWS_ACCESS_KEY_ID: ${{ steps.select_credentials.outputs.aws_access_key }}
+          AWS_SECRET_ACCESS_KEY: ${{ steps.select_credentials.outputs.aws_secret_access_key }}
           AWS_DEFAULT_REGION: 'us-east-2' 
-          CDK_DEPLOY_ACCOUNT: ${{ github.ref == 'refs/heads/main' && '462608073829' || '622203989445' }}
+          CDK_DEPLOY_ACCOUNT: ${{ steps.select_credentials.outputs.aws_account }}
           CDK_DEPLOY_REGION: 'us-east-2'
           GH_TOKEN: ${{ github.token }}
           TEST_ENVIRONMENT_NAME: ${{ steps.get_test_env_name.outputs.test_env_name }}

From 3b23cdcf71b68087c8df8e3187744bc54b9357bd Mon Sep 17 00:00:00 2001
From: Michele Mancioppi <michele.mancioppi@dash0.com>
Date: Wed, 8 Nov 2023 10:49:22 +0100
Subject: [PATCH 2/2] fix: reference of access keys between CI jobs

---
 .github/workflows/ci.yaml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 525f0da8..caaddb7b 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -56,6 +56,7 @@ jobs:
       validation_api_apigateway_name: ${{ steps.parse_cdk_output.outputs.api_gateway_name }}
       validation_api_apigateway_url: ${{ steps.parse_cdk_output.outputs.api_gateway_url }}\
       validation_api_apigateway_key_id: ${{ steps.parse_cdk_output.outputs.api_gateway_key_id }}
+      test_env_name: ${{ steps.get_test_env_name.outputs.test_env_name }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -159,6 +160,20 @@ jobs:
         run: |
           npm ci
 
+      - name: Select credentials
+        id: select_credentials
+        shell: bash
+        env:
+          TEST_ENVIRONMENT_NAME: ${{ needs.prep-itests.outputs.test_env_name }}
+        run: |
+          if [ "${TEST_ENVIRONMENT_NAME}" == 'main' ]; then
+            echo 'aws_access_key=${{secrets.AWS_ACCESS_KEY_ID_PROD}}' >> ${GITHUB_OUTPUT}
+            echo 'aws_secret_access_key=${{secrets.AWS_SECRET_ACCESS_KEY_PROD}}' >> ${GITHUB_OUTPUT}
+          else
+            echo 'aws_access_key=${{secrets.AWS_ACCESS_KEY_ID_DEV}}' >> ${GITHUB_OUTPUT}
+            echo 'aws_secret_access_key=${{secrets.AWS_SECRET_ACCESS_KEY_DEV}}' >> ${GITHUB_OUTPUT}
+          fi
+
       - name: Retrieve API Key for Validation API and run tests
         shell: bash
         working-directory: packages/otelbin-validation