Removed AWS auth related code

antonpirker · antonpirker · commit cf59208241a2 · 2025-02-19T13:43:30.000+01:00
diff --git a/scripts/aws-cleanup.sh b/scripts/aws-cleanup.sh
diff --git a/scripts/populate_tox/tox.jinja b/scripts/populate_tox/tox.jinja
@@ -533,8 +533,6 @@ setenv =
     socket: TESTPATH=tests/integrations/socket
 
 passenv =
-    SENTRY_PYTHON_TEST_AWS_ACCESS_KEY_ID
-    SENTRY_PYTHON_TEST_AWS_SECRET_ACCESS_KEY
     SENTRY_PYTHON_TEST_POSTGRES_HOST
     SENTRY_PYTHON_TEST_POSTGRES_USER
     SENTRY_PYTHON_TEST_POSTGRES_PASSWORD
diff --git a/scripts/split_tox_gh_actions/split_tox_gh_actions.py b/scripts/split_tox_gh_actions/split_tox_gh_actions.py
@@ -43,14 +43,6 @@
     "clickhouse_driver",
 }
 
-FRAMEWORKS_NEEDING_AWS = {
-    "aws_lambda",
-}
-
-FRAMEWORKS_NEEDING_GITHUB_SECRETS = {
-    "aws_lambda",
-}
-
 # Frameworks grouped here will be tested together to not hog all GitHub runners.
 # If you add or remove a group, make sure to git rm the generated YAML file as
 # well.
@@ -292,13 +284,9 @@ def render_template(group, frameworks, py_versions_pinned, py_versions_latest):
         "group": group,
         "frameworks": frameworks,
         "categories": sorted(categories),
-        "needs_aws_credentials": bool(set(frameworks) & FRAMEWORKS_NEEDING_AWS),
         "needs_clickhouse": bool(set(frameworks) & FRAMEWORKS_NEEDING_CLICKHOUSE),
         "needs_postgres": bool(set(frameworks) & FRAMEWORKS_NEEDING_POSTGRES),
         "needs_redis": bool(set(frameworks) & FRAMEWORKS_NEEDING_REDIS),
-        "needs_github_secrets": bool(
-            set(frameworks) & FRAMEWORKS_NEEDING_GITHUB_SECRETS
-        ),
         "py_versions": {
             category: [f'"{version}"' for version in _normalize_py_versions(versions)]
             for category, versions in py_versions.items()
diff --git a/scripts/split_tox_gh_actions/templates/base.jinja b/scripts/split_tox_gh_actions/templates/base.jinja
@@ -13,15 +13,7 @@ on:
       - release/**
       - potel-base
 
-  {% if needs_github_secrets %}
-  # XXX: We are using `pull_request_target` instead of `pull_request` because we want
-  # this to run on forks with access to the secrets necessary to run the test suite.
-  # Prefer to use `pull_request` when possible.
-  pull_request_target:
-    types: [labeled, opened, reopened, synchronize]
-  {% else %}
   pull_request:
-  {% endif %}
 
 # Cancel in progress workflows on pull_requests.
 # https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value
@@ -31,27 +23,13 @@ concurrency:
 
 permissions:
   contents: read
-  {% if needs_github_secrets %}
-  # `write` is needed to remove the `Trigger: tests using secrets` label
-  pull-requests: write
-  {% endif %}
 
 env:
-{% if needs_aws_credentials %}
-{% raw %}
-  SENTRY_PYTHON_TEST_AWS_ACCESS_KEY_ID: ${{ secrets.SENTRY_PYTHON_TEST_AWS_ACCESS_KEY_ID }}
-  SENTRY_PYTHON_TEST_AWS_SECRET_ACCESS_KEY: ${{ secrets.SENTRY_PYTHON_TEST_AWS_SECRET_ACCESS_KEY }}
-{% endraw %}
-{% endif %}
   BUILD_CACHE_KEY: {% raw %}${{ github.sha }}{% endraw %}
   CACHED_BUILD_PATHS: |
     {% raw %}${{ github.workspace }}/dist-serverless{% endraw %}
 
 jobs:
-{% if needs_github_secrets %}
-{% include "check_permissions.jinja" %}
-{% endif %}
-
 {% for category in categories %}
 {% include "test_group.jinja" %}
 {% endfor %}
diff --git a/scripts/split_tox_gh_actions/templates/check_permissions.jinja b/scripts/split_tox_gh_actions/templates/check_permissions.jinja
diff --git a/scripts/split_tox_gh_actions/templates/test_group.jinja b/scripts/split_tox_gh_actions/templates/test_group.jinja
@@ -12,10 +12,6 @@
         # see https://github.com/actions/setup-python/issues/544#issuecomment-1332535877
         os: [ubuntu-20.04]
 
-    {% if needs_github_secrets %}
-    needs: check-permissions
-    {% endif %}
-
     {% if needs_postgres %}
     services:
       postgres:
@@ -40,12 +36,6 @@
 
     steps:
       - uses: actions/checkout@v4.2.2
-      {% if needs_github_secrets %}
-      {% raw %}
-        with:
-          ref: ${{ github.event.pull_request.head.sha || github.ref }}
-      {% endraw %}
-      {% endif %}
       - uses: actions/setup-python@v5
         with:
           python-version: {% raw %}${{ matrix.python-version }}{% endraw %}
diff --git a/tests/integrations/aws_lambda/client.py b/tests/integrations/aws_lambda/client.py
@@ -1,11 +1,3 @@
-import os
-
-AWS_CREDENTIALS = {
-    "aws_access_key_id": os.environ["SENTRY_PYTHON_TEST_AWS_ACCESS_KEY_ID"],
-    "aws_secret_access_key": os.environ["SENTRY_PYTHON_TEST_AWS_SECRET_ACCESS_KEY"],
-}
-
-
 # This is for inspecting new Python runtime environments in AWS Lambda
 # If you need to debug a new runtime, use this REPL to run arbitrary Python or bash commands
 # in that runtime in a Lambda function:
diff --git a/tox.ini b/tox.ini
@@ -798,8 +798,6 @@ setenv =
     socket: TESTPATH=tests/integrations/socket
 
 passenv =
-    SENTRY_PYTHON_TEST_AWS_ACCESS_KEY_ID
-    SENTRY_PYTHON_TEST_AWS_SECRET_ACCESS_KEY
     SENTRY_PYTHON_TEST_POSTGRES_HOST
     SENTRY_PYTHON_TEST_POSTGRES_USER
     SENTRY_PYTHON_TEST_POSTGRES_PASSWORD
