ci: fix cron invalid workflow (#2307)

* ci: fix cron invalid workflow Signed-off-by: TennyZhuang <[email protected]> * remove unused ec2-c Signed-off-by: TennyZhuang <[email protected]> * restrict the permission Signed-off-by: TennyZhuang <[email protected]>
risingwavelabs · May 4, 2022 · 70626c4 · 70626c4
1 parent bd10ebd
commit 70626c4
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 95 deletions.
diff --git a/.github/workflow-template/main-cron.yml b/.github/workflow-template/main-cron.yml
@@ -10,52 +10,5 @@ on:
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
-permissions: write-all
-
-jobs:
-  start-runner-c:
-    name: ec2-start-c
-    runs-on: ubuntu-latest
-    outputs:
-      label: ${{ steps.start-ec2-runner.outputs.label }}
-      ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
-    steps:
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }}
-          role-session-name: GitHubActions
-          aws-region: us-east-2
-      - name: Start EC2 runner
-        id: start-ec2-runner
-        uses: machulav/ec2-github-runner@v2
-        with:
-          mode: start
-          github-token: ${{ secrets.WUTAO_PAT }}
-          ec2-image-id: ami-05a99cf0eb100c377 # github-actions (60gb gp3 ssd)
-          ec2-instance-type: c5.4xlarge # 16 vCPU, 32 GB Memory, EBS
-          subnet-id: subnet-59743123 # default
-          security-group-id: sg-9ec32bfe # default (could have security issues)
-
-  stop-runner-c:
-    name: ec2-stop-c
-    needs:
-      - start-runner-c
-      - end-to-end-risedev-release
-    runs-on: ubuntu-latest
-    if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs
-    steps:
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }}
-          role-session-name: GitHubActions
-          aws-region: us-east-2
-      - name: Stop EC2 runner C
-        uses: machulav/ec2-github-runner@v2
-        with:
-          mode: stop
-          github-token: ${{ secrets.WUTAO_PAT }}
-          label: ${{ needs.start-runner-c.outputs.label }}
-          ec2-instance-id: ${{ needs.start-runner-c.outputs.ec2-instance-id }}
-        if: ${{ always() }}
+permissions:
+  id-token: write
diff --git a/.github/workflows/main-cron.yml b/.github/workflows/main-cron.yml
@@ -20,7 +20,8 @@ env:
   RUSTFLAGS: -D warnings
   PROTOC_NO_VENDOR: true
   AWS_ROLE_TO_ASSUME: arn:aws:iam::639303875316:role/Create-IAM-Role-for-Configure-AWS-Credentials-Role-1NF1LWROB80QG
-permissions: write-all
+permissions:
+  id-token: write
 jobs:
   start-runner-a:
     name: ec2-start-a
@@ -113,51 +114,6 @@ jobs:
           label: ${{ needs.start-runner-b.outputs.label }}
           ec2-instance-id: ${{ needs.start-runner-b.outputs.ec2-instance-id }}
         if: ${{ always() }}
-  start-runner-c:
-    name: ec2-start-c
-    runs-on: ubuntu-latest
-    outputs:
-      label: ${{ steps.start-ec2-runner.outputs.label }}
-      ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
-    steps:
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }}
-          role-session-name: GitHubActions
-          aws-region: us-east-2
-      - name: Start EC2 runner
-        id: start-ec2-runner
-        uses: machulav/ec2-github-runner@v2
-        with:
-          mode: start
-          github-token: ${{ secrets.WUTAO_PAT }}
-          ec2-image-id: ami-05a99cf0eb100c377
-          ec2-instance-type: c5.4xlarge
-          subnet-id: subnet-59743123
-          security-group-id: sg-9ec32bfe
-  stop-runner-c:
-    name: ec2-stop-c
-    needs:
-      - start-runner-c
-      - end-to-end-risedev-release
-    runs-on: ubuntu-latest
-    if: ${{ always() }}
-    steps:
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }}
-          role-session-name: GitHubActions
-          aws-region: us-east-2
-      - name: Stop EC2 runner C
-        uses: machulav/ec2-github-runner@v2
-        with:
-          mode: stop
-          github-token: ${{ secrets.WUTAO_PAT }}
-          label: ${{ needs.start-runner-c.outputs.label }}
-          ec2-instance-id: ${{ needs.start-runner-c.outputs.ec2-instance-id }}
-        if: ${{ always() }}
   frontend-check:
     name: frontend-check
     runs-on: ubuntu-latest