From 18947ccdfd9188a7cc3cadb2474e30d22b3bccfd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Appr=C3=A9derisse=20Benjamin?= Date: Mon, 15 Mar 2021 02:40:33 +0800 Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=A7=20Add=20kinto=20core=20secret=20al?= =?UTF-8?q?lowing=20builder=20to=20call=20core=20(#15)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- images/entrypoint.sh | 1 + images/kinto-cli/README.md | 29 +++++++------ .../cmd-release/cmd-release-commit-sha.go | 5 ++- .../cmd-release/cmd-release-status.go | 5 ++- .../cmd-release/kintoCoreReleaseClient.go | 27 +++++++++--- images/kinto-cli/cmd/root.go | 16 +++++-- kinto-build/.env-example | 43 ++++++++++--------- kinto-build/internal/build/argo/argo.go | 15 ++++--- kinto-build/internal/build/argo/templates.go | 24 ++++++++--- kinto-build/internal/config/config.go | 6 ++- 10 files changed, 106 insertions(+), 65 deletions(-) diff --git a/images/entrypoint.sh b/images/entrypoint.sh index a7e64f3..0aaaf71 100755 --- a/images/entrypoint.sh +++ b/images/entrypoint.sh @@ -11,6 +11,7 @@ if [ "$KINTO_CLI_GIT_INIT_ENABLED" == "true" ]; then "$KINTO_PATH"/kintocli release commit \ --kintoCoreHost="$KINTO_CLI_RELEASE_COMMIT_KINTO_CORE_HOST" \ --kintoCoreOverTls="$KINTO_CLI_RELEASE_COMMIT_KINTO_CORE_OVER_TLS" \ + --kintoCoreSecretKey="$KINTO_CLI_RELEASE_COMMIT_KINTO_CORE_SECRET_KEY" \ --envId="$KINTO_CLI_RELEASE_COMMIT_ENV_ID" \ --blockName="$KINTO_CLI_RELEASE_COMMIT_BLOCK_NAME" \ --releaseId="$KINTO_CLI_RELEASE_COMMIT_RELEASE_ID" \ diff --git a/images/kinto-cli/README.md b/images/kinto-cli/README.md index df5bea3..2e62c46 100644 --- a/images/kinto-cli/README.md +++ b/images/kinto-cli/README.md @@ -47,23 +47,24 @@ kintocli dockerfile \ ```shell script kinto-cli release status \ - --kintoCoreHost="$KINTO_CORE_HOST" \ - --kintoCoreOverTls="$IS_KINTO_CORE_OVER_TLS" \ - --envId="$ENVIRONMENT_ID" \ - --blockName="$BLOCK_NAME" \ - --releaseId="$RELEASE_ID" \ - --status="$STATUS" + --kintoCoreHost="$KINTO_CLI_RELEASE_STATUS_KINTO_CORE_HOST" \ + --kintoCoreOverTls="$KINTO_CLI_RELEASE_STATUS_IS_KINTO_CORE_OVER_TLS" \ + --kintoCoreSecretKey="$KINTO_CLI_RELEASE_STATUS_KINTO_CORE_SECRET_KEY" \ + --envId="$KINTO_CLI_RELEASE_STATUS_ENVIRONMENT_ID" \ + --blockName="$KINTO_CLI_RELEASE_STATUS_BLOCK_NAME" \ + --releaseId="$KINTO_CLI_RELEASE_STATUS_RELEASE_ID" \ + --status="$KINTO_CLI_RELEASE_STATUS_STATUS" ``` ### Update release commit sha ```shell script kintocli release commit \ - --kintoCoreHost="$KINTO_CLI_RELEASE_COMMIT_KINTO_CORE_HOST" \ - --kintoCoreOverTls="$KINTO_CLI_RELEASE_COMMIT_KINTO_CORE_OVER_TLS" \ - --envId="$KINTO_CLI_RELEASE_COMMIT_ENV_ID" \ - --blockName="$KINTO_CLI_RELEASE_COMMIT_BLOCK_NAME" \ - --releaseId="$KINTO_CLI_RELEASE_COMMIT_RELEASE_ID" \ - --commitSha="$(cat /workspace/.git/`cat /workspace/.git/HEAD | cut -d \ -f 2`)" -``` - + --kintoCoreHost="$KINTO_CLI_RELEASE_COMMIT_KINTO_CORE_HOST" \ + --kintoCoreOverTls="$KINTO_CLI_RELEASE_COMMIT_KINTO_CORE_OVER_TLS" \ + --kintoCoreSecretKey="$KINTO_CLI_RELEASE_COMMIT_KINTO_CORE_SECRET_KEY" \ + --envId="$KINTO_CLI_RELEASE_COMMIT_ENV_ID" \ + --blockName="$KINTO_CLI_RELEASE_COMMIT_BLOCK_NAME" \ + --releaseId="$KINTO_CLI_RELEASE_COMMIT_RELEASE_ID" \ + --commitSha="$(cat /workspace/.git/`cat /workspace/.git/HEAD | cut -d \ -f 2`)" +``` \ No newline at end of file diff --git a/images/kinto-cli/cmd-release/cmd-release-commit-sha.go b/images/kinto-cli/cmd-release/cmd-release-commit-sha.go index fa668f4..fb696be 100644 --- a/images/kinto-cli/cmd-release/cmd-release-commit-sha.go +++ b/images/kinto-cli/cmd-release/cmd-release-commit-sha.go @@ -5,7 +5,8 @@ import ( "github.com/kintoproj/kinto-core/pkg/types" ) -func UpdateReleaseCommitSha(kintoCoreHost, envId, blockName, releaseId, commitSha string, kintoCoreOverTls bool) error { +func UpdateReleaseCommitSha( + kintoCoreHost, envId, blockName, releaseId, commitSha string, kintoCoreOverTls bool, kintoCoreSecretKey string) error { commitShaRequest := &types.UpdateBuildCommitShaRequest{ BlockName: blockName, EnvId: envId, @@ -13,7 +14,7 @@ func UpdateReleaseCommitSha(kintoCoreHost, envId, blockName, releaseId, commitSh CommitSha: commitSha, } - kintoCoreClient, err := newKintoCoreReleaseClient(kintoCoreHost, kintoCoreOverTls) + kintoCoreClient, err := newKintoCoreReleaseClient(kintoCoreHost, kintoCoreOverTls, kintoCoreSecretKey) if err != nil { return err } diff --git a/images/kinto-cli/cmd-release/cmd-release-status.go b/images/kinto-cli/cmd-release/cmd-release-status.go index a8ffa10..dc10aab 100644 --- a/images/kinto-cli/cmd-release/cmd-release-status.go +++ b/images/kinto-cli/cmd-release/cmd-release-status.go @@ -7,13 +7,14 @@ import ( "github.com/kintoproj/kinto-core/pkg/types" ) -func UpdateReleaseStatus(kintoCoreHost, envId, blockName, releaseId, status string, kintoCoreOverTls bool) error { +func UpdateReleaseStatus( + kintoCoreHost, envId, blockName, releaseId, status string, kintoCoreOverTls bool, kintoCoreSecretKey string) error { buildStatus, err := convertToBuildStatusRequest(envId, blockName, releaseId, status) if err != nil { return err } - kintoCoreClient, err := newKintoCoreReleaseClient(kintoCoreHost, kintoCoreOverTls) + kintoCoreClient, err := newKintoCoreReleaseClient(kintoCoreHost, kintoCoreOverTls, kintoCoreSecretKey) if err != nil { return err } diff --git a/images/kinto-cli/cmd-release/kintoCoreReleaseClient.go b/images/kinto-cli/cmd-release/kintoCoreReleaseClient.go index c1f736b..207a59e 100644 --- a/images/kinto-cli/cmd-release/kintoCoreReleaseClient.go +++ b/images/kinto-cli/cmd-release/kintoCoreReleaseClient.go @@ -7,10 +7,12 @@ import ( "github.com/kintoproj/kinto-core/pkg/types" "google.golang.org/grpc" "google.golang.org/grpc/credentials" + "google.golang.org/grpc/metadata" ) type kintoCoreReleaseClient struct { - client types.KintoCoreServiceClient + client types.KintoCoreServiceClient + kintoCoreSecretKey string } type kintoCoreReleaseClientInterface interface { @@ -18,7 +20,7 @@ type kintoCoreReleaseClientInterface interface { updateBuildCommitSha(req *types.UpdateBuildCommitShaRequest) error } -func newKintoCoreReleaseClient(kintoCoreHost string, isOverTLS bool) (kintoCoreReleaseClientInterface, error) { +func newKintoCoreReleaseClient(kintoCoreHost string, isOverTLS bool, kintoCoreSecretKey string) (kintoCoreReleaseClientInterface, error) { dialOption := grpc.WithInsecure() if isOverTLS { @@ -38,22 +40,33 @@ func newKintoCoreReleaseClient(kintoCoreHost string, isOverTLS bool) (kintoCoreR buildClient := types.NewKintoCoreServiceClient(conn) return &kintoCoreReleaseClient{ - client: buildClient, + client: buildClient, + kintoCoreSecretKey: kintoCoreSecretKey, }, nil } -func (r *kintoCoreReleaseClient) updateBuildStatus(buildStatusRequest *types.UpdateBuildStatusRequest) (string, error) { - resp, err := r.client.UpdateBuildStatus(context.Background(), buildStatusRequest) +func (k *kintoCoreReleaseClient) updateBuildStatus(buildStatusRequest *types.UpdateBuildStatusRequest) (string, error) { + ctx := k.setAuthorization(context.Background()) + resp, err := k.client.UpdateBuildStatus(ctx, buildStatusRequest) if err != nil { return "", err } return resp.Id, nil } -func (r *kintoCoreReleaseClient) updateBuildCommitSha(req *types.UpdateBuildCommitShaRequest) error { - _, err := r.client.UpdateBuildCommitSha(context.Background(), req) +func (k *kintoCoreReleaseClient) updateBuildCommitSha(req *types.UpdateBuildCommitShaRequest) error { + ctx := k.setAuthorization(context.Background()) + _, err := k.client.UpdateBuildCommitSha(ctx, req) if err != nil { return err } return nil } + +func (k *kintoCoreReleaseClient) setAuthorization(ctx context.Context) context.Context { + if k.kintoCoreSecretKey != "" { + return metadata.AppendToOutgoingContext(ctx, "authorization", k.kintoCoreSecretKey) + } else { + return ctx + } +} diff --git a/images/kinto-cli/cmd/root.go b/images/kinto-cli/cmd/root.go index 821c0e9..6ad9b74 100644 --- a/images/kinto-cli/cmd/root.go +++ b/images/kinto-cli/cmd/root.go @@ -139,7 +139,7 @@ func NewReleaseCommand() *cobra.Command { } func NewReleaseStatusCommand() *cobra.Command { - var kintoCoreHost, envId, blockName, releaseId, status string + var kintoCoreHost, envId, blockName, releaseId, status, kintoCoreSecretKey string var kintoCoreOverTls bool c := &cobra.Command{ @@ -151,7 +151,8 @@ func NewReleaseStatusCommand() *cobra.Command { os.Exit(1) } - err := cmd_release.UpdateReleaseStatus(kintoCoreHost, envId, blockName, releaseId, status, kintoCoreOverTls) + err := cmd_release.UpdateReleaseStatus( + kintoCoreHost, envId, blockName, releaseId, status, kintoCoreOverTls, kintoCoreSecretKey) if err != nil { fmt.Printf(chalk.Red.Color("%v"), err) @@ -168,6 +169,9 @@ func NewReleaseStatusCommand() *cobra.Command { c.PersistentFlags().BoolVar( &kintoCoreOverTls, "kintoCoreOverTls", false, "Is Kinto Kube Core API over TLS") + c.PersistentFlags().StringVar( + &kintoCoreSecretKey, "kintoCoreSecretKey", "", + "Kinto Core Secret Key - can be empty if disabled on kinto core") c.PersistentFlags().StringVar( &envId, "envId", "", "Environment Id of the block") @@ -185,7 +189,7 @@ func NewReleaseStatusCommand() *cobra.Command { } func NewReleaseCommitCommand() *cobra.Command { - var kintoCoreHost, envId, blockName, releaseId, commitSha string + var kintoCoreHost, envId, blockName, releaseId, commitSha, kintoCoreSecretKey string var kintoCoreOverTls bool c := &cobra.Command{ @@ -197,7 +201,8 @@ func NewReleaseCommitCommand() *cobra.Command { os.Exit(1) } - err := cmd_release.UpdateReleaseCommitSha(kintoCoreHost, envId, blockName, releaseId, commitSha, kintoCoreOverTls) + err := cmd_release.UpdateReleaseCommitSha( + kintoCoreHost, envId, blockName, releaseId, commitSha, kintoCoreOverTls, kintoCoreSecretKey) if err != nil { fmt.Printf(chalk.Red.Color("%v"), err) @@ -214,6 +219,9 @@ func NewReleaseCommitCommand() *cobra.Command { c.PersistentFlags().BoolVar( &kintoCoreOverTls, "kintoCoreOverTls", false, "Is Kinto Core API over TLS") + c.PersistentFlags().StringVar( + &kintoCoreSecretKey, "kintoCoreSecretKey", "", + "Kinto Core Secret Key - can be empty if disabled on kinto core") c.PersistentFlags().StringVar( &envId, "envId", "", "Environment Id of the block") diff --git a/kinto-build/.env-example b/kinto-build/.env-example index 89ab035..3d9dcbf 100644 --- a/kinto-build/.env-example +++ b/kinto-build/.env-example @@ -7,64 +7,67 @@ SERVER_PORT=8080 IMAGE_REGISTRY_HOST=asia.gcr.io/kinto-development -# Enables friendly / clean non debug related logs from the build service +## Enables friendly / clean non debug related logs from the build service USER_FRIENDLY_BUILD_LOGS_ENABLED=false -# Kinto Core server hostname -# By default, tls is disabled +## Kinto Core server hostname +## By default, tls is disabled KINTO_CORE_HOST_NAME=kinto-core:8080 KINTO_CORE_OVER_TLS=false -# Proxless Fully Qualified Domain Name in Kubernetes +## Proxless Fully Qualified Domain Name in Kubernetes PROXLESS_FQDN=kinto-proxless.kintohub.svc.cluster.local -# Workflow timeout +## Workflow timeout WORKFLOW_TIMEOUT=600 +## See KINTO_CORE_SECRET value on kinto core. +KINTO_CORE_SECRET= + #################################### #### ARGO ENVIRONMENT VARIABLES #### #################################### -# Leave empty if `kinto-build` run in a pod +## Leave empty if `kinto-build` run in a pod ARGO_KUBE_CONFIG_PATH=/Users/benjaminapprederisse/.kube/config -# TTL in seconds for deleting the workflow from kubernetes after completion (success or failure) +## TTL in seconds for deleting the workflow from kubernetes after completion (success or failure) ARGO_WORKFLOW_TTL_SECONDS=600 -# Kubernetes namespace where all the workflows are gonna run +## Kubernetes namespace where all the workflows are gonna run ARGO_WORKFLOW_NAMESPACE=kintohub -# Kubernetes secret used by kaniko to push the image into ${IMAGE_REGISTRY_HOST} -# Must be a docker secret - `kubernetes.io/dockerconfigjson` -# Must be in ${ARGO_WORKFLOW_NAMESPACE} namespace +## Kubernetes secret used by kaniko to push the image into ${IMAGE_REGISTRY_HOST} +## Must be a docker secret - `kubernetes.io/dockerconfigjson` +## Must be in ${ARGO_WORKFLOW_NAMESPACE} namespace ARGO_WORKFLOW_DOCKER_SECRET=kinto-builder-workflow-docker -# Kubernetes service account used by the workflow to interact with the kubernetes api -# Must be in ARGO_WORKFLOW_NAMESPACE namespace +## Kubernetes service account used by the workflow to interact with the kubernetes api +## Must be in ARGO_WORKFLOW_NAMESPACE namespace ARGO_WORKFLOW_SERVICE_ACCOUNT=kinto-builder-workflow -# Hostname for minio which is used for logs storage. Mandatory when Argo Workflows are enabled +## Hostname for minio which is used for logs storage. Mandatory when Argo Workflows are enabled ARGO_WORKFLOW_MINIO_HOST=kinto-minio:9000 -# Access Key for accessing Minio. Mandatory when Argo Workflows are enabled +## Access Key for accessing Minio. Mandatory when Argo Workflows are enabled ARGO_WORKFLOW_MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE -# Secret key for accessing minio. Mandatory when Argo Workflows are enabled +## Secret key for accessing minio. Mandatory when Argo Workflows are enabled ARGO_WORKFLOW_MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY -# Bucket name in minio which the logs exists. Mandatory when Argo Workflows are enabled +## Bucket name in minio which the logs exists. Mandatory when Argo Workflows are enabled ARGO_WORKFLOW_MINIO_BUCKET=argo-artifacts -# Kubernetes Container Pull Policy that every argo step will follow. +## Kubernetes Container Pull Policy that every argo step will follow. ARGO_WORKFLOW_IMAGE_PULL_POLICY=IfNotPresent ARGO_WORKFLOW_MAIN_IMAGE=kintohub/kinto-workflow-main:latest ARGO_WORKFLOW_CLI_IMAGE=kintohub/kinto-workflow-cli:latest -# Argo workflow use an `emptyDir` ephemeral storage. Be careful setting up this limit since it's gonna use the node volume. +## Argo workflow use an `emptyDir` ephemeral storage. Be careful setting up this limit since it's gonna use the node volume. ARGO_WORKFLOW_VOLUME_SIZE=1Gi -# Resources for the main step +## Resources for the main step ARGO_WORKFLOW_MEMORY_LIMIT=2Gi # must be > 2Gi ARGO_WORKFLOW_CPU_LIMIT=1 # must be > 500m ARGO_WORKFLOW_MEMORY_REQUEST= diff --git a/kinto-build/internal/build/argo/argo.go b/kinto-build/internal/build/argo/argo.go index 71357de..ef35f6f 100644 --- a/kinto-build/internal/build/argo/argo.go +++ b/kinto-build/internal/build/argo/argo.go @@ -156,10 +156,11 @@ func (c *BuildClient) BuildAndDeployRelease(req *types.BuildAndDeployRequest) (* templates := []v1alpha1.Template{ genStepsTemplate(true), genBuildAndDeployWorkflow( - req.Namespace, req.BlockName, req.ReleaseId, config.KintoCoreHostname, req.BuildConfig, config.KintoCoreOverTls, req.IsStaticBuild), + req.Namespace, req.BlockName, req.ReleaseId, config.KintoCoreHostname, req.BuildConfig, + config.KintoCoreOverTls, req.IsStaticBuild, config.KintoCoreSecretKey), genOnExitHandlerStepsTemplate(), genWorkflowUpdateStatusTemplate( - req.Namespace, req.BlockName, req.ReleaseId, config.KintoCoreHostname, config.KintoCoreOverTls), + req.Namespace, req.BlockName, req.ReleaseId, config.KintoCoreHostname, config.KintoCoreOverTls, config.KintoCoreSecretKey), } if config.ArgoWorkflowNodePoolLabelValue != "" { @@ -189,7 +190,7 @@ func (c *BuildClient) DeployRelease(req *types.DeployRequest) (*types.WorkflowRe genDeployOnlyWorkflow(req.Namespace, req.BlockName, req.ReleaseId, types.Release_DEPLOY), genOnExitHandlerStepsTemplate(), genWorkflowUpdateStatusTemplate( - req.Namespace, req.BlockName, req.ReleaseId, config.KintoCoreHostname, config.KintoCoreOverTls), + req.Namespace, req.BlockName, req.ReleaseId, config.KintoCoreHostname, config.KintoCoreOverTls, config.KintoCoreSecretKey), } if config.ArgoWorkflowNodePoolLabelValue != "" { @@ -217,10 +218,10 @@ func (c *BuildClient) DeployReleaseFromCatalog(req *types.DeployCatalogRequest) templates := []v1alpha1.Template{ genStepsTemplate(true), genDeployCatalogWorkflow( - req.Namespace, req.BlockName, req.ReleaseId, config.KintoCoreHostname, req.Repo, config.KintoCoreOverTls), + req.Namespace, req.BlockName, req.ReleaseId, config.KintoCoreHostname, req.Repo, config.KintoCoreOverTls, config.KintoCoreSecretKey), genOnExitHandlerStepsTemplate(), genWorkflowUpdateStatusTemplate( - req.Namespace, req.BlockName, req.ReleaseId, config.KintoCoreHostname, config.KintoCoreOverTls), + req.Namespace, req.BlockName, req.ReleaseId, config.KintoCoreHostname, config.KintoCoreOverTls, config.KintoCoreSecretKey), } if config.ArgoWorkflowNodePoolLabelValue != "" { @@ -250,7 +251,7 @@ func (c *BuildClient) UndeployRelease(req *types.UndeployRequest) (*types.Workfl genDeployOnlyWorkflow(req.Namespace, req.BlockName, "", types.Release_UNDEPLOY), // we are forced to generated the update status template even if `false`. otherwise argo fails genWorkflowUpdateStatusTemplate( - req.Namespace, req.BlockName, "", config.KintoCoreHostname, config.KintoCoreOverTls), + req.Namespace, req.BlockName, "", config.KintoCoreHostname, config.KintoCoreOverTls, config.KintoCoreSecretKey), } if config.ArgoWorkflowNodePoolLabelValue != "" { @@ -280,7 +281,7 @@ func (c *BuildClient) SuspendRelease(req *types.SuspendRequest) (*types.Workflow genDeployOnlyWorkflow(req.Namespace, req.BlockName, req.ReleaseId, types.Release_SUSPEND), genOnExitHandlerStepsTemplate(), genWorkflowUpdateStatusTemplate( - req.Namespace, req.BlockName, req.ReleaseId, config.KintoCoreHostname, config.KintoCoreOverTls), + req.Namespace, req.BlockName, req.ReleaseId, config.KintoCoreHostname, config.KintoCoreOverTls, config.KintoCoreSecretKey), } if config.ArgoWorkflowNodePoolLabelValue != "" { diff --git a/kinto-build/internal/build/argo/templates.go b/kinto-build/internal/build/argo/templates.go index 57a8b73..6b8f786 100644 --- a/kinto-build/internal/build/argo/templates.go +++ b/kinto-build/internal/build/argo/templates.go @@ -80,7 +80,8 @@ func genOnExitHandlerStepsTemplate() v1alpha1.Template { } } -func genWorkflowUpdateStatusTemplate(envId, blockName, releaseId, kintoCoreHost string, kintoCoreOverTls bool) v1alpha1.Template { +func genWorkflowUpdateStatusTemplate( + envId, blockName, releaseId, kintoCoreHost string, kintoCoreOverTls bool, kintoCoreSecretKey string) v1alpha1.Template { return v1alpha1.Template{ Name: utils.WorkflowUpdateReleaseStatusTemplateName, Inputs: v1alpha1.Inputs{ @@ -99,6 +100,7 @@ func genWorkflowUpdateStatusTemplate(envId, blockName, releaseId, kintoCoreHost "status", fmt.Sprintf("--kintoCoreHost=%s", kintoCoreHost), fmt.Sprintf("--kintoCoreOverTls=%t", kintoCoreOverTls), + fmt.Sprintf("--kintoCoreSecretKey=%s", kintoCoreSecretKey), fmt.Sprintf("--envId=%s", envId), fmt.Sprintf("--blockName=%s", blockName), fmt.Sprintf("--releaseId=%s", releaseId), @@ -172,13 +174,15 @@ func genWorkflowResource() corev1.ResourceRequirements { func genBuildAndDeployWorkflow( envId, blockName, releaseId, kintoCoreHost string, buildConfig *types.BuildConfig, - kintoCoreOverTls, isStaticBuild bool) v1alpha1.Template { + kintoCoreOverTls, isStaticBuild bool, + kintoCoreSecretKey string) v1alpha1.Template { var envVars []corev1.EnvVar envVars = append(envVars, corev1.EnvVar{Name: envVarGitInitEnabled, Value: "true"}) - envVars = append(envVars, - genEnvVarsGitInit(buildConfig.Repository, envId, blockName, releaseId, kintoCoreHost, kintoCoreOverTls)...) + envVars = append( + envVars, + genEnvVarsGitInit(buildConfig.Repository, envId, blockName, releaseId, kintoCoreHost, kintoCoreOverTls, kintoCoreSecretKey)...) if buildConfig.Language != types.BuildConfig_DOCKERFILE { envVars = append(envVars, corev1.EnvVar{Name: envVarKintoCliDockerEnabled, Value: "true"}) @@ -210,12 +214,14 @@ func genDeployOnlyWorkflow(envId, blockName, releaseId string, releaseType types } func genDeployCatalogWorkflow( - envId, blockName, releaseId, kintoCoreHost string, repo *types.Repository, kintoCoreOverTls bool) v1alpha1.Template { + envId, blockName, releaseId, kintoCoreHost string, repo *types.Repository, kintoCoreOverTls bool, kintoCoreSecretKey string) v1alpha1.Template { var envVars []corev1.EnvVar envVars = append(envVars, corev1.EnvVar{Name: envVarGitInitEnabled, Value: "true"}) - envVars = append(envVars, genEnvVarsGitInit(repo, envId, blockName, releaseId, kintoCoreHost, kintoCoreOverTls)...) + envVars = append( + envVars, + genEnvVarsGitInit(repo, envId, blockName, releaseId, kintoCoreHost, kintoCoreOverTls, kintoCoreSecretKey)...) envVars = append(envVars, genEnvVarsKintoDeploy(envId, blockName, releaseId, types.Release_DEPLOY)...) @@ -226,7 +232,7 @@ func genDeployCatalogWorkflow( } func genEnvVarsGitInit( - repo *types.Repository, envId, blockName, releaseId, kintoCoreHost string, kintoCoreOverTls bool) []corev1.EnvVar { + repo *types.Repository, envId, blockName, releaseId, kintoCoreHost string, kintoCoreOverTls bool, kintoCoreSecretKey string) []corev1.EnvVar { return []corev1.EnvVar{ { @@ -241,6 +247,10 @@ func genEnvVarsGitInit( Name: "KINTO_CLI_RELEASE_COMMIT_KINTO_CORE_HOST", Value: kintoCoreHost, }, + { + Name: "KINTO_CLI_RELEASE_COMMIT_KINTO_CORE_SECRET_KEY", + Value: kintoCoreSecretKey, + }, { Name: "KINTO_CLI_RELEASE_COMMIT_KINTO_CORE_OVER_TLS", Value: strconv.FormatBool(kintoCoreOverTls), diff --git a/kinto-build/internal/config/config.go b/kinto-build/internal/config/config.go index 25b51db..040c880 100644 --- a/kinto-build/internal/config/config.go +++ b/kinto-build/internal/config/config.go @@ -14,8 +14,9 @@ var ( UserFriendlyBuildLogsEnabled bool - KintoCoreHostname string - KintoCoreOverTls bool + KintoCoreHostname string + KintoCoreOverTls bool + KintoCoreSecretKey string ProxlessFQDN string @@ -51,6 +52,7 @@ func LoadConfig() { KintoCoreHostname = config.GetStringOrDie("KINTO_CORE_HOST_NAME") KintoCoreOverTls = config.GetBool("KINTO_CORE_OVER_TLS", false) + KintoCoreSecretKey = os.Getenv("KINTO_CORE_SECRET") ProxlessFQDN = config.GetStringOrDie("PROXLESS_FQDN")