mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-11-25 12:31:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

ci-automation: Fix credentials handling in digital ocean

Browse Source
This commit is contained in:
Krzesimir Nowak 2022-05-06 09:16:04 +02:00
parent 3c119f14b2
commit 3b3cffabc8
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ci-automation/ci-config.env
View File

@ -94,4 +94,4 @@ GCE_PARALLEL="${PARALLEL_TESTS:-4}"
: ${DIGITALOCEAN_MACHINE_SIZE:='s-2vcpu-2gb'} : ${DIGITALOCEAN_MACHINE_SIZE:='s-2vcpu-2gb'}
DIGITALOCEAN_PARALLEL="${PARALLEL_TESTS:-8}" DIGITALOCEAN_PARALLEL="${PARALLEL_TESTS:-8}"
# DIGITALOCEAN_TOKEN_JSON env var is used for credentials, and should # DIGITALOCEAN_TOKEN_JSON env var is used for credentials, and should
# come from sdk_container/.env # come from sdk_container/.env. It must be base64-encoded.

7
ci-automation/ci_automation_common.sh
View File

@ -275,8 +275,9 @@ function url_from_template() {
# -- # --
# Puts a secret into a file, while trying for the secret to not end up # Puts a secret into a file, while trying for the secret to not end up
# on a filesystem at all. A path to the file with the secret in # on a filesystem at all. A path to the file with the secret in /proc
# /proc in put into the chosen variable. # in put into the chosen variable. The secret is assumed to be
# base64-encoded.
# #
# Typical use: # Typical use:
# secret_file='' # secret_file=''
@ -294,7 +295,7 @@ function secret_to_file() {
exec {fd}<>"${tmpfile}" exec {fd}<>"${tmpfile}"
rm -f "${tmpfile}" rm -f "${tmpfile}"
echo "${secret}" >&${fd} echo "${secret}" | base64 --decode >&${fd}
config_ref="/proc/${$}/fd/${fd}" config_ref="/proc/${$}/fd/${fd}"
} }
# -- # --