Commit 44f285a3 authored by atj's avatar atj
Browse files

Update builder to use gitlab runner secrets

parent 9a3ff915
Pipeline #11543 failed with stages
in 105 minutes and 8 seconds
......@@ -69,7 +69,7 @@ echo "Provisioning the builder"
ssh -o StrictHostKeyChecking=no -i ${KEY_FILE} cades@${VM_IP} 'sudo bash -s' < ${SCRIPT_DIR}/provision-builder.sh
# Copy readonly credentials to the builder, these variables must be set in the gitlab runner that's running this script
echo ${GITLAB_USERNAME} > ./builder_profile
echo ${GITLAB_READONLY_USERNAME} > ./builder_profile
echo ${GITLAB_READONLY_TOKEN} >> ./builder_profile
echo ${DOCKERHUB_READONLY_USERNAME} >> ./builder_profile
echo ${DOCKERHUB_READONLY_TOKEN} >> ./builder_profile
......
......@@ -48,21 +48,19 @@ ssh -o StrictHostKeyChecking=no -i ${KEY_FILE} cades@${VM_IP} 'sudo bash -s' < $
# Copy OpenStack credentials to VM and then move to correct directory
# These credentials are available as environment variables to the runners
unset OS_CACERT
printenv | grep ^OS_ > ./queue_profile # "Reconstruct" openrc.sh
awk '{print "export "$0}' ./queue_profile > tmp_awk && mv tmp_awk ./queue_profile
scp -o StrictHostKeyChecking=no -i ${KEY_FILE} ./queue_profile cades@${VM_IP}:/home/cades/queue_profile
ssh -o StrictHostKeyChecking=no -i ${KEY_FILE} cades@${VM_IP} 'sudo mv /home/cades/queue_profile /home/queue/.profile'
# Reboot to ensure Queue service, added in provisioning, is started
export OS_CACERT=`pwd`/OpenStack.cer
openstack server reboot --wait ${VM_UUID}
echo "Started ${VM_UUID} with external IP ${VM_IP} using ${KEY_FILE}"
# Provide git user information required for commit
git config --global user.email "${GITLAB_USERNAME}@ornl.gov"
git config --global user.name ${GITLAB_USERNAME}
git config --global user.email "${GITLAB_ADMIN_USERNAME}@ornl.gov"
git config --global user.name ${GITLAB_ADMIN_USERNAME}
# Create queue-host file containing IP to the queue
cat << EOF > ${SCRIPT_DIR}/../queue-host
......@@ -73,4 +71,4 @@ EOF
git checkout -B master origin/master
git add ${SCRIPT_DIR}/../queue-host
git commit -m "Updating queue host IP"
git push https://$(cat /gitlab-username):$(cat /gitlab-admin-token)@code.ornl.gov/olcf/container-builder master
\ No newline at end of file
git push https://${GITLAB_ADMIN_USERNAME}:${GITLAB_ADMIN_TOKEN}@code.ornl.gov/olcf/container-builder master
\ No newline at end of file
......@@ -16,8 +16,8 @@ esac
done
# Provide read-only access to gitlab registry and dockerhub
docker ${DEBUG_FLAG} login code.ornl.gov:4567 -u $(cat /home/builder/gitlab-username) -p $(cat /home/builder/gitlab-readonly-token)
docker ${DEBUG_FLAG} login code.ornl.gov:4567 -u $(cat /home/builder/dockerhub-readonly-username) -p $(cat /home/builder/dockerhub-readonly-password)
docker ${DEBUG_FLAG} login code.ornl.gov:4567 -u ${GITLAB_READONLY_USERNAME} -p ${GITLAB_READONLY_TOKEN}
docker ${DEBUG_FLAG} login code.ornl.gov:4567 -u ${DOCKERHUB_READONLY_USERNAME} -p ${DOCKERHUB_READONLY_TOKEN}
# Spin up local registry
docker ${DEBUG_FLAG} run -d -p 5000:5000 --restart=always --name registry registry:2
......
......@@ -20,8 +20,8 @@ grep 'code.ornl.gov:4567' ./container.def
GREP_RC=$?
if [[ ${GREP_RC} -eq 0 ]] ; then
echo "Using container recipes docker registry login credentials"
export SINGULARITY_DOCKER_USERNAME=$(cat /home/builder-gitlab-username)
export SINGULARITY_DOCKER_PASSWORD=$(cat /home/builder/gitlab-readonly-token)
export SINGULARITY_DOCKER_USERNAME=${GITLAB_READONLY_USERNAME}
export SINGULARITY_DOCKER_PASSWORD=${GITLAB_READONLY_TOKEN}
fi
# provide read only access to the private olcf dockerhub repository
......@@ -29,8 +29,8 @@ grep 'FROM olcf/' ./container.def
GREP_RC=$?
if [[ $GREP_RC -eq 0 ]] ; then
echo "Using OLCF Dockerhub registry login credentials"
export SINGULARITY_DOCKER_USERNAME=$(cat /home/builder/dockerhub-readonly-username)
export SINGULARITY_DOCKER_PASSWORD=$(cat /home/builder/dockerhub-readonly-token)
export SINGULARITY_DOCKER_USERNAME=${DOCKERHUB_READONLY_USERNAME}
export SINGULARITY_DOCKER_PASSWORD=${DOCKERHUB_READONLY_TOKEN}
fi
/usr/bin/unbuffer /usr/local/bin/singularity ${DEBUG_FLAG} build ./container.simg ./container.def
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment