Refactor: GA Pack Download and Update Mechanism in the GitHub Action Environment #16541
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…loads Created a new shell script named download-GA-pack.sh. This script has been designed to facilitate the secure downloading of GA packs directly into the GitHub environment.
Incorporated the newly created download-GA-pack.sh to handle the wso2IS zip downloading process within the existing script. Streamlined the process by leveraging the download-GA-pack.sh script, leading to cleaner code and enhanced maintainability.
JayanaGunaweera01
changed the title
JayanaGunaweera01
changed the title
$Subject
$Subject
$Subject
$Subject
…e-pack.sh Remove redundant file after fixes in update-GA-pack-ubuntu.sh The contents of the file have been addressed and fixed in update-GA-pack-ubuntu.sh, making this file obsolete.
The contents of the file have been addressed and fixed in update-GA-pack-ubuntu.sh and update-GA-pack-mac.sh, making this file obsolete.
$Subject
$Subject
Changes focus on refining the way the script accesses and uses the JSON credentials, with an emphasis on security and efficiency. Previously, the value for keyJsonFile was derived from the first positional argument ($1) which was written for a file in the workflow. In the new code, it is derived from the environment variable MIGRATION_JSON_ENCODED. After fetching the data from the variable, it gets base64-decoded to retrieve the JSON contents. This is a significant change as the way credentials are passed to the script has been altered for added security.
Added Notion User Guide of the feature.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
This pull request introduces a significant refactor to the GA Pack download mechanism, transitioning from the GCP API key approach to using a Service Account key. By integrating a new shell script and revising the way we interact with Google Drive, aims to optimize the download process for both security and efficiency.
Key Changes Made:
1.Introduction of Service Account Key
Replaced the previous parameters (gcpClientId, gcpClientSecret, gcpRefreshToken) with a single parameter keyJsonFile that represents the Service Account key.
This transition streamlines the authentication mechanism, reducing complexity and potential points of failure.
2.Integration of download-GA-pack.sh Script
A new script, download-GA-pack.sh, has been integrated to manage the downloading of GA packs.
This script utilizes the keyJsonFile to securely fetch the required files.
3.Deprecation of Direct Google Drive Interaction
The direct curl interactions with Google Drive, which previously utilized GCP API credentials to generate access tokens and download files, have been encapsulated and refactored.
The download-GA-pack.sh script now handles these operations, ensuring a more standardized and maintainable approach.
4.Update downloaded GA packs.
Modified main shell scripts (migration-script-ubuntu.sh and migration-script-mac.sh) to update downloaded GA pack with wso2 update tool.