Remove sensitive info

[psacc]

Description

Removes all sensitive info regarding AWS account ids and private S3 bucket names.

Changes

In gh action workflows leverages gh secrets to provide the IAM roles to assume for:

• ACTION_E2E_TESTS_ROLE
• ACTION_DEMO_DEPLOY_JOB_UPDATE_INFRASTRUCTURE_ROLE
• ACTION_DEMO_DEPLOY_JOB_BUILD_AND_DEPLOY_ROLE
• ACTION_PRODUCTION_RELEASE_ROLE

Still supports local infra updates, using a cloudformation resource lookup to find the infra s3 bucket based on the pcluster-manager-github cf stack name.

Infra docs updates.

Changelog entry

Ensure sensitive information is retrieved via GitHub Secrets.

How Has This Been Tested?

Tested

• [x] github-env-setup.yml deploy in a personal account
• [x] update-environment-infra.sh locally in a personal and in the test AWS accounts
• [x] pipelines tested adding triggering to the feature branch and manually altering the IAM policy to allow access
  • e2e test
  • demo deploy

I was unable to test the production release pipeline, it's a simple variable substitution and creating a whole env for it was not worth the effort.

References

PR Quality Checklist

• [ ] I added tests to new or existing code
• [ ] I removed hardcoded strings and used our i18n solution instead (see here)
• [x] I made sure no sensitive info gets logged at any time in the codebase (see here) (e.g. no user info or details, no stacktraces, etc.)
• [x] I checked that infrastructure/update_infrastructure.sh runs without any error
• [ ] I checked that npm run build builds without any error
• [ ] I checked that clusters are listed correctly
• [ ] I checked that a new cluster can be created (config is produced and dry run passes)
• [ ] I checked that login and logout work as expected

In order to increase the likelihood of your contribution being accepted, please make sure you have read both the Contributing Guidelines and the Project Guidelines

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[psacc]

also restored manual changes to IAM policy to leave just main branch allowed to perform CI actions