Skip to content

Commit

Permalink
added secrets
Browse files Browse the repository at this point in the history
  • Loading branch information
@oakrizan
oakrizan committed Feb 6, 2024
1 parent 0288348 commit 6e6d8fd
Show file tree
Hide file tree
Showing 5 changed files with 27 additions and 10 deletions.
1 change: 0 additions & 1 deletion .buildkite/env-scripts/win-env.sh
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
#!/usr/bin/env bash

echo "--- PLATFORM TYPE: ${PLATFORM_TYPE}"
if [[ ${PLATFORM_TYPE} = MINGW* ]]; then
echo "--- Installing Python on Win"
choco install mingw -y
Expand Down
7 changes: 7 additions & 0 deletions .buildkite/filebeat/scripts/packaging/package.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,10 @@ calculate_tags() {
}

#buildkite-agent annotate "Tag '$TAG' has been created." --style 'success' --context 'ctx-success'

#set_git_config() {
# git config user.name "${GITHUB_USERNAME_SECRET}"
# git config user.email "${GITHUB_EMAIL_SECRET}"
#}
#
#set_git_config
7 changes: 0 additions & 7 deletions .buildkite/filebeat/scripts/packaging/packaging-env.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,3 @@ export SNAPSHOT
export VERSION
export REPO
export IMG_POSTFIX

set_git_config() {
git config user.name "${GITHUB_USERNAME_SECRET}"
git config user.email "${GITHUB_EMAIL_SECRET}"
}

set_git_config
22 changes: 20 additions & 2 deletions .buildkite/hooks/pre-command
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,14 @@

set -euo pipefail

DOCKER_REGISTRY_SECRET_PATH="kv/ci-shared/platform-ingest/docker_registry_prod"
PRIVATE_CI_GCS_CREDENTIALS_PATH="kv/ci-shared/observability-ingest/cloud/gcp"
GITHUB_TOKEN_VAULT_PATH="kv/ci-shared/platform-ingest/github_token"

if [[ "$BUILDKITE_PIPELINE_SLUG" == "filebeat" || "$BUILDKITE_PIPELINE_SLUG" == "auditbeat" ]]; then
source .buildkite/env-scripts/env.sh
source .buildkite/env-scripts/win-env.sh
source .buildkite/env-scripts/util.sh

if [[ -z "${GOLANG_VERSION-""}" ]]; then
export GOLANG_VERSION=$(cat "${WORKSPACE}/.go-version")
Expand All @@ -15,8 +20,21 @@ if [[ "$BUILDKITE_PIPELINE_SLUG" == "filebeat" || "$BUILDKITE_PIPELINE_SLUG" ==
fi

if [[ "$BUILDKITE_STEP_KEY" == package* ]]; then
source .buildkite/filebeat/scripts/packaging/packaging-env.sh
fi
echo "--- Exporting secrets"
source .buildkite/filebeat/scripts/packaging/packaging-env.sh

export PRIVATE_CI_GCS_CREDENTIALS_SECRET=$(retry 5 vault kv get -field=data -format=json ${PRIVATE_CI_GCS_CREDENTIALS_PATH})
export DOCKER_USERNAME_SECRET=$(retry 5 vault kv get -field user "${DOCKER_REGISTRY_SECRET_PATH}")
export DOCKER_PASSWORD_SECRET=$(retry 5 vault kv get -field password "${DOCKER_REGISTRY_SECRET_PATH}")
export GITHUB_TOKEN_SECRET=$(retry 5 vault kv get -field token ${GITHUB_TOKEN_VAULT_PATH})
export GITHUB_USERNAME_SECRET=$(retry 5 vault kv get -field username ${GITHUB_TOKEN_VAULT_PATH})
export GITHUB_EMAIL_SECRET=$(retry 5 vault kv get -field email ${GITHUB_TOKEN_VAULT_PATH})

docker login -u "${DOCKER_USERNAME_SECRET}" -p "${DOCKER_PASSWORD_SECRET}" "${DOCKER_REGISTRY}" 2>/dev/null

git config user.name "${GITHUB_USERNAME_SECRET}"
git config user.email "${GITHUB_EMAIL_SECRET}"

fi

if [[ "$BUILDKITE_PIPELINE_SLUG" == "beats-metricbeat" ]]; then
Expand Down
Empty file modified .buildkite/hooks/scripts/util.sh
100644 → 100755
View file
Empty file.

0 comments on commit 6e6d8fd

Please sign in to comment.