Conversation
afrittoli
requested review from
ZainRizvi,
jeanschmidt and
zxiiro
as code owners
Collaborator
Author
|
CI fails because the adds to two layers in one go. I need to split this into two, the first PR for 01_infra and the second for 02_helm |
zxiiro
approved these changes
Mar 24, 2026
zxiiro
approved these changes
Apr 14, 2026
| */ | ||
|
|
||
| data "aws_secretsmanager_secret_version" "gharts_arc_github_app" { | ||
| secret_id = "pytorch-arc-github-app" |
Collaborator
There was a problem hiding this comment.
Don't have to do in this PR but I was wondering if maybe we should create a separate GitHub App just for GHARTS? Keep a clean separation of service access?
Collaborator
Author
There was a problem hiding this comment.
Yes, we can do. I would say we should do that once we move to a prod implementation.
afrittoli
force-pushed
the
gharts_setup_db
branch
from
4c7eae1 to
8a3f73c
Compare
|
|
Collaborator
Author
Yes, fixed now, thank you |
github-merge-queue bot
pushed a commit
that referenced
this pull request
Apr 15, 2026
Provisions the AWS infrastructure required by the gharts service on the arc dev cluster. - RDS db.t3.micro PostgreSQL instance with IAM authentication enabled - Security group allowing PostgreSQL access from within the VPC - DB subnet group covering private subnets - IAM role and rds-db:connect policy for IRSA - Outputs: `gharts_rds_host`, `gharts_irsa_role_arn` (consumed by 02_helm) ## Stack 1. **This PR** — 01_infra: RDS instance, security group, subnet group, IRSA role and policy, outputs 2. **PR #404** — 02_helm: gharts Helm release (depends on this PR) Signed-off-by: Andrea Frittoli <andrea.frittoli@uk.ibm.com>
Deploys the GitHub Actions Runner Token Service (gharts) to the arc dev cluster using the OCI chart from ghcr.io/afrittoli/gharts (v0.0.3). - Reuses GitHub App credentials from the pytorch-arc-github-app secret - OIDC authentication via Linux Foundation SSO (sso.linuxfoundation.org) - RDS IAM authentication via IRSA — no password required - Ingress at gharts.pytorch.org with Let's Encrypt TLS Depends on the 01_infra gharts outputs (gharts_rds_host, gharts_irsa_role_arn). Signed-off-by: Andrea Frittoli <andrea.frittoli@uk.ibm.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Deploys the GitHub Actions Runner Token Service (gharts) to the arc dev cluster in us-east-1, using RDS PostgreSQL with IAM authentication via IRSA.