Use keyless authentication for the release (#495) #141

	name: smoke-tests

	on:
	workflow_dispatch:
	inputs:
	smoketest_versions:
	description: Set SMOKETEST_VERSIONS environment variable
	default: latest
	push:
	branches:
	- main

	concurrency: ${{ github.workflow }}

	permissions:
	contents: read
	id-token: write

	jobs:
	test:
	runs-on: ubuntu-latest
	env:
	SSH_KEY: "./id_rsa_terraform"
	TF_VAR_private_key: "./id_rsa_terraform"
	TF_VAR_public_key: "./id_rsa_terraform.pub"
	TF_VAR_user_name: "apm-aws-lambda-${{ github.run_id }}"

	TF_VAR_BUILD_ID: "${{ github.run_id }}"
	TF_VAR_ENVIRONMENT: 'ci'
	TF_VAR_BRANCH: "${{ github.ref_name }}"
	TF_VAR_REPO: "${{ github.repository }}"
	SMOKETEST_VERSIONS: "${{ inputs.smoketest_versions \|\| 'latest' }}"
	SKIP_DESTROY: 0
	permissions:
	contents: read
	id-token: write
	steps:
	- uses: actions/checkout@v4
	- name: Bootstrap Action Workspace
	uses: ./.github/actions/bootstrap
	with:
	goreleaser: 'true'
	- uses: hashicorp/setup-terraform@v3
	with:
	terraform_version: 1.2.3
	- uses: elastic/oblt-actions/aws/auth@v1
	- uses: elastic/oblt-actions/google/auth@v1
	- uses: google-github-actions/get-secretmanager-secrets@dc4a1392bad0fd60aee00bb2097e30ef07a1caae # v2.1.3
	with:
	export_to_environment: true
	secrets: \|-
	EC_API_KEY:elastic-observability/elastic-cloud-observability-team-pro-api-key
	- run: make smoketest/run TEST_DIR=./tf
	- if: always()
	name: Tear down
	run: make smoketest/all/cleanup TEST_DIR=./tf

	- if: always()
	uses: elastic/oblt-actions/slack/[email protected]
	with:
	bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
	channel-id: "#apm-aws-lambda"

Provide feedback