launchpad-buildd

Merge ~jugmac00/launchpad-buildd:fix-passing-credentials into launchpad-buildd:master

  1. Git
  2. lp:~jugmac00/launchpad-buildd
  3. fix-passing-credentials
  4. Merge into master
Proposed by Jürgen Gmach
Status: Merged
Approved by: Jürgen Gmach
Approved revision: 45e7f73df75f6e86d091fb3ac94ce857a516287f
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~jugmac00/launchpad-buildd:fix-passing-credentials
Merge into: launchpad-buildd:master
Diff against target: 73 lines (+21/-7)
2 files modified
lpbuildd/target/run_ci.py (+14/-6)
lpbuildd/target/tests/test_run_ci.py (+7/-1)
Reviewer Review Type Date Requested Status
Colin Watson (community) Approve
Review via email: mp+426955@code.launchpad.net

Commit message

Fix secrets handling for CI builds

To post a comment you must log in.
Revision history for this message
Colin Watson (cjwatson) :
review: Approve
Revision history for this message
Jürgen Gmach (jugmac00) :

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/lpbuildd/target/run_ci.py b/lpbuildd/target/run_ci.py
2index e9353c8..82f9740 100644
3--- a/lpbuildd/target/run_ci.py
4+++ b/lpbuildd/target/run_ci.py
5@@ -4,7 +4,6 @@
6 import logging
7 import os
8 import tempfile
9-from pathlib import Path
10
11 import yaml
12
13@@ -121,9 +120,12 @@ class RunCI(BuilderProxyOperationMixin, Operation):
14 help="plugin setting where the key and value are separated by =",
15 )
16 parser.add_argument(
17- "--secrets",
18- type=Path,
19- help="secrets provided in a YAML configuration file",
20+ "--secret",
21+ dest="secrets",
22+ type=str,
23+ action="append",
24+ default=[],
25+ help="secrets where the key and the value are separated by =",
26 )
27
28 def run_job(self):
29@@ -158,10 +160,16 @@ class RunCI(BuilderProxyOperationMixin, Operation):
30 )
31 for key, value in plugin_settings.items():
32 lpcraft_args.extend(["--plugin-setting", f"{key}={value}"])
33- if self.args.secrets:
34- text = yaml.dump(self.args.secrets)
35+
36+ secrets = dict(
37+ pair.split("=", maxsplit=1)
38+ for pair in self.args.secrets
39+ )
40+ if secrets:
41+ text = yaml.dump(secrets)
42 with tempfile.NamedTemporaryFile(mode="w") as f:
43 f.write(text)
44+ f.flush()
45 path_to_secrets = f.name
46 self.backend.copy_in(
47 source_path=path_to_secrets,
48diff --git a/lpbuildd/target/tests/test_run_ci.py b/lpbuildd/target/tests/test_run_ci.py
49index 8bd5d34..1ca31dc 100644
50--- a/lpbuildd/target/tests/test_run_ci.py
51+++ b/lpbuildd/target/tests/test_run_ci.py
52@@ -423,7 +423,8 @@ class TestRunCI(TestCase):
53 args = [
54 "run-ci",
55 "--backend=fake", "--series=focal", "--arch=amd64", "1",
56- "--secrets", "path/to/tempfile",
57+ "--secret", "soss=user:pass",
58+ "--secret", "another_project=token:123",
59 "test", "0",
60 ]
61 run_ci = parse_args(args=args).operation
62@@ -439,6 +440,11 @@ class TestRunCI(TestCase):
63 "| tee /build/output/test:0.log",
64 ], cwd="/build/tree"),
65 ]))
66+ content, _ = run_ci.backend.backend_fs[
67+ "/build/.launchpad-secrets.yaml"]
68+ self.assertEqual(
69+ "another_project: token:123\nsoss: user:pass\n", content.decode()
70+ )
71
72 def test_run_succeeds(self):
73 args = [

Subscribers

People subscribed via source and target branches