santoshmahto7
commented
1 year ago @saravan2 @davide125 : I don't have admin permission to add secrets to github CI. I would need that to test, so add me if it is worth for me to have admin power.
Open saravan2 opened 1 year ago
santoshmahto7
commented
1 year ago @saravan2 @davide125 : I don't have admin permission to add secrets to github CI. I would need that to test, so add me if it is worth for me to have admin power.
davide125
commented
1 year ago I've just added the secrets on our end.
santoshmahto7
commented
1 year ago I've just added the secrets on our end.
Perfect. Thanks
davide125
commented
1 year ago Merged and kicked off a run: https://github.com/facebookexperimental/resctl-demo/actions/runs/5257716435
santoshmahto7
commented
1 year ago @davide125 Deployment seems successful but we also need to test that lamda as per task. I feel this need to be done on your side. Let me know if I need to be part of this.
saravan2
commented
1 year ago @davide125
Step 3 : New PR in https://github.com/facebookexperimental/resctl-demo/ to add IAM
Is that necessary ?
davide125
commented
1 year ago The IAM stuff should be all set up now. I don't actually know how to test the lambda though...
santoshmahto7
commented
1 year ago @davide125 @saravan2 Once PR https://github.com/facebookexperimental/resctl-demo/pull/292 is merged, The lambda workflow can be tested in machine as ( tetsing is done in my local aws setup) :
Lambda workflow: Client triggers lambda -> lambda runs --> save result to s3 bucket --> Create github Issue with link of result stored in s3.
Testing steps:
In AWS lambda confirm lambda has role and policy setup as described in README
In AWS lambda, Create Lambda Function Url - this function URL will be used to trigger lambda as in next step
Configure the AWS System Manager-> parameter store to have Github credentials
Trigger lambda as :
./resctl-bench --result < json or gzip benchmark result > upload --upload-url <Lambda Function URL>
e.g
./bootstrap --result resctl-bench-result_2023_05_01-19_18_49_1.json.gz upload --upload-url https://ygvr6jnjckwamfao5xztg6idiu0ukjeb.lambda-url.eu-north-1.on.aws/
Check the s3 bucket if result has been uploaded there (Note: aws lambda should have write permission to s3 bucket)
Check if issue is created in iocost-benchmark projects like this : https://github.com/iocost-benchmark/iocost-benchmarks/issues/71
Note: The aws endpoints are hardcoded in lambda code so if aws endpoints differs then we need to update code. ping me for that.
ewyler
commented
1 year ago @davide125 has offered to test this this week
ewyler
commented
1 year ago Need to talk to Davide again about this
davide125
commented
1 year ago Configure the AWS System Manager-> parameter store to have Github credentials
Name: /iocost-bot/token Value: github personal token
We can't use personal tokens for this. Can we update the lambda to use OIDC instead?
santoshmahto7
commented
1 year ago @davide125 : I am looking on that how OIDC should be configured in AWS and hopefully will get it done soon.
ewyler
commented
1 year ago Continuing work on this to figure out OIDC
santoshmahto7
commented
1 year ago @davide125 : After reading AWS OIDC docs, I'm bit confused with how OIDC authentication should be used in our case.
IIUC AWS OIDC is used to authorise client application(e.g github) for accessing aws resources, but what we need here is other way around. i.e Authorise aws lambda to access client application resources(i.e github). I'm not sure if it is possible, I can try if it is possible.
Any docs or instructions for this will be more helpful here.
Thanks in advance.
ewyler
commented
1 year ago The problem is on the Github side and avoiding using a personal token. I don't see OIDC listed in the Github docs, just for Github Apps - I'm not sure what @davide125 was referring to. It seems the App token is what we'd want - https://docs.github.com/en/rest/overview/authenticating-to-the-rest-api?apiVersion=2022-11-28
davide125
commented
1 year ago Yeah app tokens should work for this. Thanks!
ewyler
commented
1 year ago You should be able to setup a GitHub App that uses oauth from looking at the docs. That should be workable for us.
On Wed, Nov 15, 2023, 2:21 PM Davide Cavalca @.***> wrote:
Yeah app tokens should work for this. Thanks!
— Reply to this email directly, view it on GitHub https://github.com/iocost-benchmark/iocost-benchmarks-ci/issues/16#issuecomment-1813120775, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAQXC3JHLVTRTPMZM5MG46LYEUI2LAVCNFSM6AAAAAAYYX2BW6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJTGEZDANZXGU . You are receiving this because you commented.Message ID: @.***>
santoshmahto7
commented
10 months ago @davide125 @htejun
A new github app "iocost-issue-creator" (https://github.com/apps/iocost-issue-creater) is created and installed in iocost-benchmark organisation. l
amda code is updated to use this app here : https://github.com/facebookexperimental/resctl-demo/pull/302
Lambda uses this app to file issue in iocost-benchmarks product with the submitted benchmarks.
Once merged we can test the lambda flow as mentioned in https://github.com/iocost-benchmark/iocost-benchmarks-ci/issues/16#issuecomment-1662422233 but Instead of storing person token in AWS system manager we can store following github app (iocost-issue-creator) information as :
Name: /iocost-bot/appid Value: xxxxx // Get this value from iocost-issue-creator github app page & Name : /iocost-bot/privatekey Value : xxxxxxx // // Get this value from iocost-issue-creator github app page
davide125
commented
7 months ago @santoshmahto7 can you add me/this org to the github app please? I can't find it, and I think I need access to the app page to pull the appid/privatekey to store on the AWS side. Thanks!
davide125
commented
7 months ago This is failing with an exception on the lambda side when uploading: log-events-viewer-result.csv
santoshmahto7
commented
7 months ago This is failing with an exception on the lambda side when uploading: log-events-viewer-result.csv
I will take a look if this is any configuration error. @davide125 Could you share the command you used to trigger lambda from benchmark result ?
davide125
commented
7 months ago ./target/debug/resctl-bench --result /tmp/resctl-bench-result_2024_03_15-04_01_20.json.gz upload --upload-url https://yxvf2x7zfkqga6sknkxgczwonq0yvkrm.lambda-url.us-east-1.on.aws, with the binary built from a fresh checkout off the main branch.
santoshmahto7
commented
6 months ago
./target/debug/resctl-bench --result /tmp/resctl-bench-result_2024_03_15-04_01_20.json.gz upload --upload-url https://yxvf2x7zfkqga6sknkxgczwonq0yvkrm.lambda-url.us-east-1.on.aws, with the binary built from a fresh checkout off the main branch.
I fixed one issue with github app authentication since it was moved to organisation https://github.com/facebookexperimental/resctl-demo/pull/316
You are running the command correctly but you can also verify following point as:
iocost-submitus-east-1davide125
commented
6 months ago Bucket name is wrong, put up https://github.com/facebookexperimental/resctl-demo/pull/317 to fix it
davide125
commented
6 months ago Ok upload works with that applied but the URL in the issue is wrong: https://github.com/iocost-benchmark/iocost-benchmarks/issues/88
davide125
commented
6 months ago Fix for that should be https://github.com/facebookexperimental/resctl-demo/pull/318
davide125
commented
6 months ago Also merged https://github.com/iocost-benchmark/iocost-benchmarks-ci/pull/20 as that code was still referencing invalid buckets
davide125
commented
6 months ago The action that was supposed to rebuild iocost-benchmarks-ci got disabled due to lack of activity, manually enabled it and re-ran it to get a new build with #20 in
obbardc
commented
4 months ago @davide125 Do you have any updates about this?
davide125
commented
4 months ago Looks like the merge CI is broken because the resctl-demo artifacts expired: https://github.com/iocost-benchmark/iocost-benchmarks/actions/runs/10067289408/job/27830450070
obbardc
commented
4 months ago I've reenabled the scheduled jobs (and assed a job to make sure they don't expire) and rebuilt the demo artifacts at https://github.com/iocost-benchmark/iocost-benchmarks-ci/actions/runs/10071274177
obbardc
commented
4 months ago The merge job is getting further, but still failing due to installation of dependency problems: https://github.com/iocost-benchmark/iocost-benchmarks/actions/runs/10071298822/job/27841230084
I think it makes sense to have a separate scheduled CI test to test the merge CI. I'll open a separate ticket about that.
obbardc
commented
4 months ago I fixed the workflow in https://github.com/iocost-benchmark/iocost-benchmarks/pull/90 there are still issues with the workflow (captured in separate tickets), but I think this unblocks the bucket testing for this ticket? Can you please look again?
obbardc
commented
4 months ago OK the lambda function is currently https://yxvf2x7zfkqga6sknkxgczwonq0yvkrm.lambda-url.us-east-1.on.aws.
But submitting a result ends up with an Internal server error response from the Lambda function.
The (limited) log snippet from AWS include:
thread 'main' panicked at resctl-bench/src/lambda.rs:51:81:
called `Option::unwrap()` on a `None` value The Lambda function should be updated to not ... just panic ... but instead throw the error back to the user :-)
After :
We need to start testing AWS CI workflow