From 1082db7a85c29109549053eba58cddcfce6a2ddd Mon Sep 17 00:00:00 2001
From: Kevin Hooke <kh816@cam.ac.uk>
Date: Wed, 6 Nov 2024 14:20:30 +0000
Subject: [PATCH] added script
---
auto-devops/maven.gitlab-ci.yml | 61 +++++++++++++++++----------------
1 file changed, 31 insertions(+), 30 deletions(-)
diff --git a/auto-devops/maven.gitlab-ci.yml b/auto-devops/maven.gitlab-ci.yml
index da90d19..0dbff7c 100644
--- a/auto-devops/maven.gitlab-ci.yml
+++ b/auto-devops/maven.gitlab-ci.yml
@@ -29,41 +29,42 @@ variables:
rules:
- if: $MAVEN_ACCESS_TOKENS_DISABLED
when: never
- - !reference [".maven.deploy_tokens"]
+ - !reference [".maven.deploy_tokens", script]
-.maven.deploy_tokens: |
- if ! [ -x "$(command -v apt-get)" ]; then
- apk add --no-cache curl jq git
- else
- apt-get update && apt-get install -y curl jq git
- fi
+.maven.deploy_tokens:
+ script: |
+ if ! [ -x "$(command -v apt-get)" ]; then
+ apk add --no-cache curl jq git
+ else
+ apt-get update && apt-get install -y curl jq git
+ fi
- echo "Retrieving an access token for the default service account of the runner pod..."
- DEFAULT_TOKEN=$(
- curl --fail-with-body -s -S -H "Metadata-Flavor: Google" \
- "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token" \
- | jq -r ".access_token"
- )
+ echo "Retrieving an access token for the default service account of the runner pod..."
+ DEFAULT_TOKEN=$(
+ curl --fail-with-body -s -S -H "Metadata-Flavor: Google" \
+ "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token" \
+ | jq -r ".access_token"
+ )
- echo "Generating an access token for the $GITLAB_TOKEN_ACCESSOR_SERVICE_ACCOUNT service account..."
- ACCESS_TOKEN=$(
- curl --fail-with-body -s -S -X POST \
- -H "Authorization: Bearer $DEFAULT_TOKEN" \
- -H "Content-Type: application/json; charset=utf-8" \
- "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/${GITLAB_TOKEN_ACCESSOR_SERVICE_ACCOUNT/@/%40}:generateAccessToken" \
- -d '{"scope": ["https://www.googleapis.com/auth/cloud-platform"]}' \
- | jq -r ".accessToken"
- )
+ echo "Generating an access token for the $GITLAB_TOKEN_ACCESSOR_SERVICE_ACCOUNT service account..."
+ ACCESS_TOKEN=$(
+ curl --fail-with-body -s -S -X POST \
+ -H "Authorization: Bearer $DEFAULT_TOKEN" \
+ -H "Content-Type: application/json; charset=utf-8" \
+ "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/${GITLAB_TOKEN_ACCESSOR_SERVICE_ACCOUNT/@/%40}:generateAccessToken" \
+ -d '{"scope": ["https://www.googleapis.com/auth/cloud-platform"]}' \
+ | jq -r ".accessToken"
+ )
- echo "Retrieving the GitLab bot access token from Google Secret Manager..."
- export GITLAB_TOKEN=$(
- curl --fail-with-body -s -S -H "Authorization: Bearer $ACCESS_TOKEN" \
- -H "Content-Type: application/json" \
- "https://secretmanager.googleapis.com/v1/projects/$GITLAB_DEPLOY_GROUP_DEPLOY_TOKEN_SECRET_PROJECT/secrets/$GITLAB_DEPLOY_GROUP_DEPLOY_TOKEN_SECRET_NAME/versions/latest:access" \
- | jq -r ".payload.data" | base64 -d
- )
+ echo "Retrieving the GitLab bot access token from Google Secret Manager..."
+ export GITLAB_TOKEN=$(
+ curl --fail-with-body -s -S -H "Authorization: Bearer $ACCESS_TOKEN" \
+ -H "Content-Type: application/json" \
+ "https://secretmanager.googleapis.com/v1/projects/$GITLAB_DEPLOY_GROUP_DEPLOY_TOKEN_SECRET_PROJECT/secrets/$GITLAB_DEPLOY_GROUP_DEPLOY_TOKEN_SECRET_NAME/versions/latest:access" \
+ | jq -r ".payload.data" | base64 -d
+ )
- export AUTO_DEVOPS_BUILD_IMAGE_EXTRA_ARGS=--build-arg="GITLAB_TOKEN=${GITLAB_TOKEN}"
+ export AUTO_DEVOPS_BUILD_IMAGE_EXTRA_ARGS=--build-arg="GITLAB_TOKEN=${GITLAB_TOKEN}"
# Template maven job.
.maven:
--
GitLab