read pk from workflow secrets

Author: jordanstephens

.github/workflows/deploy-changed-samples.yml

@@ -34,36 +34,12 @@ jobs:
             exit 0
           fi
 
-      - name: Configure AWS Credentials for CI
-        id: creds
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-region: us-west-2
-          output-credentials: true
-          role-to-assume: arn:aws:iam::488659951590:role/ci-role-d4fe904 # ciRoleArn from defang-io/infrastructure stack
-
-      - name: Configure AWS Credentials for Playground
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-region: us-west-2
-          role-duration-seconds: 1200
-          role-chaining: true
-          role-to-assume: arn:aws:iam::426819183542:role/admin # adminUserRoleArn from defang-io/bootstrap stack
-
       - name: Install Golang
         uses: actions/setup-go@v5
         with:
-          go-version-file: defang-mvp/tools/testing/go.mod
+          go-version-file: tools/testing/go.mod
           cache-dependency-path: |
-            defang-mvp/tools/testing/go.sum
-            defang/src/go.sum
-
-      - name: Install latest defang cli
-        run: |
-          go install github.com/DefangLabs/defang/src/cmd/cli@latest
-          which cli
-          mv $(which cli) $(dirname $(which cli))/defang
-          defang --version
+            tools/testing/go.sum
 
       - name: Build the test tool using Go
         run: |
@@ -75,6 +51,7 @@ jobs:
         id: run-tests
         shell: bash # implies set -o pipefail, so pipe below will keep the exit code from loadtest
         env:
+          FIXED_VERIFIED_PK: ${{ secrets.FIXED_VERIFIED_PK }}
           TEST_AWS_ACCESS_KEY: ${{ secrets.TEST_AWS_ACCESS_KEY }}
           TEST_AWS_SECRET_KEY: ${{ secrets.TEST_AWS_SECRET_KEY }}
           TEST_BOARD_PASSWORD: ${{ secrets.TEST_BOARD_PASSWORD }}

tools/testing/login/login.go

@@ -7,15 +7,12 @@ import (
 	"encoding/pem"
 	"fmt"
 	"log"
-	"strings"
+	"os"
 	"time"
 
 	defangclient "github.com/DefangLabs/defang/src/pkg/cli/client"
 	"github.com/DefangLabs/defang/src/pkg/types"
 	defangv1 "github.com/DefangLabs/defang/src/protos/io/defang/v1"
-	"github.com/aws/aws-sdk-go-v2/config"
-	"github.com/aws/aws-sdk-go-v2/service/ssm"
-	"github.com/aws/smithy-go/ptr"
 	"github.com/golang-jwt/jwt/v5"
 )
 
@@ -25,28 +22,8 @@ type TokenIssuer struct {
 }
 
 func NewTokenIssuer(ctx context.Context, cluster string) (*TokenIssuer, error) {
-	parts := strings.Split(strings.TrimPrefix(cluster, "fabric-"), ".")
-	if len(parts) < 2 {
-		return nil, fmt.Errorf("invalid cluster: %v", cluster)
-	}
-	stack := parts[0]
-
-	config, err := config.LoadDefaultConfig(ctx)
-	if err != nil {
-		return nil, fmt.Errorf("unable to load SDK config: %w", err)
-	}
-
-	ssmClient := ssm.NewFromConfig(config)
-	privateKeyParamName := fmt.Sprintf("/ecs/%v/fixed-verifier-private-key-ed25519-pem", stack)
-	out, err := ssmClient.GetParameter(ctx, &ssm.GetParameterInput{
-		Name:           ptr.String(privateKeyParamName),
-		WithDecryption: ptr.Bool(true),
-	})
-	if err != nil {
-		return nil, fmt.Errorf("failed to get fixed verifier key at %v parameter: %w", privateKeyParamName, err)
-	}
-
-	pk, err := decodePrivateKeyPEM(*out.Parameter.Value)
+	fixedVerifierPk := os.Getenv("FIXED_VERIFIER_PK")
+	pk, err := decodePrivateKeyPEM(fixedVerifierPk)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse fixed verifier key: %w", err)
 	}