milaboratory · DenKoren · Dec 15, 2025 · Dec 16, 2025 · Dec 16, 2025 · Dec 16, 2025
diff --git a/.changeset/slow-news-dream.md b/.changeset/slow-news-dream.md
@@ -0,0 +1,2 @@
+---
+---
diff --git a/.github/workflows/test-k8s-nightly.yaml b/.github/workflows/test-k8s-nightly.yaml
@@ -14,7 +14,7 @@ jobs:
   run:
     needs:
       - init
-    uses: milaboratory/github-ci/.github/workflows/node-simple-pnpm-k8s.yaml@v4
+    uses: milaboratory/github-ci/.github/workflows/node-simple-pnpm-k8s.yaml@v4-beta
     with:
       app-name: Platforma SDK Google Batch Int Tests
       app-name-slug: 'platforma-sdk-gcp'
@@ -23,8 +23,8 @@ jobs:
       pl-version: 'main'
       pnpm-build-command: '--filter "*/workflow-tengo*"'
       pnpm-test-command: '--filter="@platforma-sdk/workflow-tengo-tests" -- --maxConcurrency=5 --maxWorkers=5 --testTimeout=1800000 --no-cache'
-      helm-release-name: 'pl-dev-gcp'
-      helm-chart-values-file: 'helm/gcp/values.yaml'
+      helm-release-name: 'ci-platforma-nightly-${{ github.run_id }}'
+      helm-chart-values-file: 'helm/gcp/ci-nightly-tests.yaml'
       notify-slack: true
       namespace: 'dev-gke'
       npmrc-config: |
@@ -46,9 +46,13 @@ jobs:
           "TEST_CACHE_CRUTCH": "${{ github.sha }}-${{ github.run_id }}" }
     secrets:
       env: |
-        { "PL_CI_TEST_USER": ${{ toJSON(secrets.PL_CI_TEST_USER) }},
-          "PL_CI_TEST_PASSWORD": ${{ toJSON(secrets.PL_CI_TEST_PASSWORD) }},
+        { "PL_CI_TEST_USER": "testuser1",
+          "PL_CI_TEST_PASSWORD": "testpassword1",
+
           "NPMJS_TOKEN": ${{ toJSON(secrets.NPMJS_TOKEN) }},
+          "AWS_CI_IAM_MONOREPO_SIMPLE_ROLE": ${{ toJSON(secrets.AWS_CI_IAM_MONOREPO_SIMPLE_ROLE) }},
+          "AWS_CI_TURBOREPO_S3_BUCKET": ${{ toJSON(secrets.AWS_CI_TURBOREPO_S3_BUCKET) }},
+
           "GCLOUD_CI_GKE_BUCKET_NAME": ${{ toJSON(secrets.GCLOUD_CI_GKE_BUCKET_NAME) }},
           "QUAY_USERNAME": ${{ toJSON(secrets.QUAY_USERNAME) }},
           "QUAY_ROBOT_TOKEN": ${{ toJSON(secrets.QUAY_ROBOT_TOKEN) }} }

diff --git a/helm/gcp/ci-nightly-tests.yaml b/helm/gcp/ci-nightly-tests.yaml
@@ -0,0 +1,121 @@
+# =============================================================================
+# Platforma Helm Chart Configuration
+# =============================================================================
+
+# -- Number of replicas for the deployment
+replicaCount: 1
+
+# -- Image configuration
+image:
+  repository: europe-west3-docker.pkg.dev/mik8s-euwe3-prod-gke-project/pl/pl
+  pullPolicy: Always
+  tag: "main" # or Chart.AppVersion
+
+# -- Service Account configuration
+serviceAccount:
+  create: false
+  name: "platforma-ci-sa"
+  annotations: {}
+    # eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/my-platforma-iam-role
+    # iam.gke.io/sa-name: my-platforma-gsa # For Workload Identity on GKE
+
+deployment:
+  redeployOnUpgrade: true
+  securityContext:
+    privileged: false
+    runAsUser: 0
+    runAsGroup: 0
+    runAsNonRoot: false
+    capabilities:
+      add: []
+      drop: [ "ALL" ]
+
+  podSecurityContext:
+    fsGroup: 3000 # Group ID for volume ownership
+
+resources:
+  limits:
+    cpu: 2000m
+    memory: 8Gi
+  requests:
+    cpu: 1000m
+    memory: 4Gi
+
+env:
+  variables:
+    PL_ENVIRONMENT: "CI"
+
+  secretVariables:
+  - name: PL_LICENSE
+    secretKeyRef:
+      name: pl-license-secret
+      key: pl-license-key
+
+logging:
+  # Supported values:
+  #   - "stream://stdout" (default): Logs are sent to the standard output of the container.
+  #   - "stream://stderr": Logs are sent to the standard error of the container.
+  #   - "dir:///var/log/platforma": Logs are written to files in the specified directory,
+  #     which can be backed by a persistent volume. The path should match `persistence.mountPath`.
+  destination: "stream://stderr"
+
+monitoring:
+  enabled: true
+
+debug:
+  enabled: true
+
+persistence:
+  mainRoot:
+    enabled: false
+
+  dbDir:
+    enabled: true
+    storageClass: "standard-rwo"
+    mountPath: /data/rocksdb
+
+gcp:
+  serviceAccount: "mik8s-platforma-ci-access@mik8s-euwe3-prod-gke-project.iam.gserviceaccount.com"
+  projectId: "mik8s-euwe3-prod-gke-project"
+
+primaryStorage:
+  gcs:
+    enabled: true
+    url: "gs://mik8s-platforma-ci-euwe3-dev-gke/platforma-ci-primary/" # e.g., gs://<bucket>[/<prefix-in-bucket>]
+
+dataLibrary:
+  gcs:
+  - id: "test-assets"
+    enabled: true
+    url: "gs://mik8s-platforma-ci-euwe3-dev-gke/test-assets/"
+
+authOptions:
+  ldap:
+    enabled: true
+    server: "ldap://pl-dev-glauth.dev-gke.svc.cluster.local:3893"
+    dn: "cn=%u,ou=users,ou=users,dc=pldev,dc=io"
+
+extraArgs:
+  - --skip-extended-self-check
+#   - --log-level=debug
+#   - --log-dst=dir:///var/log/platforma
+#   - --log-rotation-size=100MiB
+
+googleBatch:
+  enabled: true
+  region: "europe-west3"
+
+  network: "projects/mik8s-euwe3-prod-gke-project/global/networks/mik8s-euwe3-prod-gke-vpc"
+  subnetwork: "projects/mik8s-euwe3-prod-gke-project/regions/europe-west3/subnetworks/mik8s-euwe3-prod-gke-private-1"
+
+  storage: "/data/nfs=nfs://10.244.108.130/nfs_share"
+  volumes:
+    enabled: true
+    name: "nfs-volume"
+    mountPath: "/data/nfs"
+    workDirName: "ci/custom-nightly-run/work"          # altered by CI, look for googleBatch.volumes.workDirName
+    packagesDirName: "ci/custom-nightly-run/packages"  # altered by CI, look for googleBatch.volumes.packagesDirName
+    existingClaim: "filestore-ci-fast-pvc"
+
+  jobNamePrefix: "platforma-nightly-tests"
+  provisioning: "SPOT"