diff --git a/.buildkite/env-scripts/win-env.sh b/.buildkite/env-scripts/win-env.sh index ccf5479b46e1..931051d550af 100644 --- a/.buildkite/env-scripts/win-env.sh +++ b/.buildkite/env-scripts/win-env.sh @@ -1,6 +1,5 @@ #!/usr/bin/env bash -echo "--- PLATFORM TYPE: ${PLATFORM_TYPE}" if [[ ${PLATFORM_TYPE} = MINGW* ]]; then echo "--- Installing Python on Win" choco install mingw -y diff --git a/.buildkite/filebeat/scripts/packaging/package.sh b/.buildkite/filebeat/scripts/packaging/package.sh index 9cce3b1dc66d..29faa4495197 100755 --- a/.buildkite/filebeat/scripts/packaging/package.sh +++ b/.buildkite/filebeat/scripts/packaging/package.sh @@ -27,3 +27,10 @@ calculate_tags() { } #buildkite-agent annotate "Tag '$TAG' has been created." --style 'success' --context 'ctx-success' + +#set_git_config() { +# git config user.name "${GITHUB_USERNAME_SECRET}" +# git config user.email "${GITHUB_EMAIL_SECRET}" +#} +# +#set_git_config diff --git a/.buildkite/filebeat/scripts/packaging/packaging-env.sh b/.buildkite/filebeat/scripts/packaging/packaging-env.sh index ad4957bd9114..ab8f8f68257a 100755 --- a/.buildkite/filebeat/scripts/packaging/packaging-env.sh +++ b/.buildkite/filebeat/scripts/packaging/packaging-env.sh @@ -24,10 +24,3 @@ export SNAPSHOT export VERSION export REPO export IMG_POSTFIX - -set_git_config() { - git config user.name "${GITHUB_USERNAME_SECRET}" - git config user.email "${GITHUB_EMAIL_SECRET}" -} - -set_git_config diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command index b26a3f9c7cdd..d7b3b90e2c97 100644 --- a/.buildkite/hooks/pre-command +++ b/.buildkite/hooks/pre-command @@ -2,9 +2,14 @@ set -euo pipefail +DOCKER_REGISTRY_SECRET_PATH="kv/ci-shared/platform-ingest/docker_registry_prod" +PRIVATE_CI_GCS_CREDENTIALS_PATH="kv/ci-shared/observability-ingest/cloud/gcp" +GITHUB_TOKEN_VAULT_PATH="kv/ci-shared/platform-ingest/github_token" + if [[ "$BUILDKITE_PIPELINE_SLUG" == "filebeat" || "$BUILDKITE_PIPELINE_SLUG" == "auditbeat" ]]; then source .buildkite/env-scripts/env.sh source .buildkite/env-scripts/win-env.sh + source .buildkite/env-scripts/util.sh if [[ -z "${GOLANG_VERSION-""}" ]]; then export GOLANG_VERSION=$(cat "${WORKSPACE}/.go-version") @@ -15,8 +20,21 @@ if [[ "$BUILDKITE_PIPELINE_SLUG" == "filebeat" || "$BUILDKITE_PIPELINE_SLUG" == fi if [[ "$BUILDKITE_STEP_KEY" == package* ]]; then - source .buildkite/filebeat/scripts/packaging/packaging-env.sh - fi + echo "--- Exporting secrets" + source .buildkite/filebeat/scripts/packaging/packaging-env.sh + + export PRIVATE_CI_GCS_CREDENTIALS_SECRET=$(retry 5 vault kv get -field=data -format=json ${PRIVATE_CI_GCS_CREDENTIALS_PATH}) + export DOCKER_USERNAME_SECRET=$(retry 5 vault kv get -field user "${DOCKER_REGISTRY_SECRET_PATH}") + export DOCKER_PASSWORD_SECRET=$(retry 5 vault kv get -field password "${DOCKER_REGISTRY_SECRET_PATH}") + export GITHUB_TOKEN_SECRET=$(retry 5 vault kv get -field token ${GITHUB_TOKEN_VAULT_PATH}) + export GITHUB_USERNAME_SECRET=$(retry 5 vault kv get -field username ${GITHUB_TOKEN_VAULT_PATH}) + export GITHUB_EMAIL_SECRET=$(retry 5 vault kv get -field email ${GITHUB_TOKEN_VAULT_PATH}) + + docker login -u "${DOCKER_USERNAME_SECRET}" -p "${DOCKER_PASSWORD_SECRET}" "${DOCKER_REGISTRY}" 2>/dev/null + + git config user.name "${GITHUB_USERNAME_SECRET}" + git config user.email "${GITHUB_EMAIL_SECRET}" + fi if [[ "$BUILDKITE_PIPELINE_SLUG" == "beats-metricbeat" ]]; then diff --git a/.buildkite/hooks/scripts/util.sh b/.buildkite/hooks/scripts/util.sh old mode 100644 new mode 100755