Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v9] Adds optional deployment key for CI (#10506) #12590

Merged
merged 3 commits into from
May 12, 2022
Merged

[v9] Adds optional deployment key for CI (#10506) #12590

merged 3 commits into from
May 12, 2022

Conversation

tcsc
Copy link
Contributor

@tcsc tcsc commented May 11, 2022

There are private copies of the teleport repo that require the use of
deployment keys to perform operations on the code repository (e.g.
git fetch --unshallow).

This patch adds the ability for a GCB build trigger to optionally pass
in the location of a secret deployment key, which will be fetched and
used if supplied.

If no such deployment key is supplied (i.e. in the public teleport repo),
the build will have access to neither the location of the deployment key,
nor the key itself, and thus cannot leak it during CI.

This patch also pulls the unshallow operation into the main build script (as
opposed to being a separate build step) so it can use the deployment key
to grant access to the remote repo.

Most of the new interaction with the repository is via shelling out to the
command-line git installed on the buildbox. My original intention was to
use go-git to manage the unshallow directly from code, but this was not
supported by the library.

@tcsc
Adds optional deployment key for CI (#10506)
69ba4f7 
There are private copies of the teleport repo that require the use of
deployment keys to perform operations on the code repository (e.g.
`git fetch --unshallow`).

This patch adds the ability for a GCB build trigger to optionally pass
in the location of a secret deployment key, which will be fetched and
used if supplied.

If no such deployment key is supplied (i.e. in the public teleport repo),
the build will have access to neither the location of the deployment key,
nor the key itself, and thus cannot leak it during CI.

This patch also pulls the unshallow operation into the main build script (as
opposed to being a separate build step) so it can use the deployment key
to grant access to the remote repo.

Most of the new interaction with the repository is via shelling out to the
command-line git installed on the buildbox. My original intention was to
use go-git to manage the unshallow directly from code, but this was not
supported by the library.
@tcsc tcsc added the backport label May 11, 2022
@tcsc tcsc marked this pull request as ready for review May 11, 2022 23:14
@tcsc tcsc enabled auto-merge (squash) May 11, 2022 23:38
@tcsc tcsc merged commit b8089ea into branch/v9 May 12, 2022
r0mant added a commit that referenced this pull request May 12, 2022
@r0mant
Revert "Adds optional deployment key for CI (#10506) (#12590)"
b92c7f8 
This reverts commit b8089ea.
@r0mant r0mant mentioned this pull request May 12, 2022
Merged
r0mant added a commit that referenced this pull request May 12, 2022
@r0mant
Revert "Adds optional deployment key for CI (#10506) (#12590)" (#12603)
94e8e4f 
This reverts commit b8089ea.
tcsc added a commit that referenced this pull request May 13, 2022
@tcsc
Restore "Adds optional deployment key for CI (#10506) (#12590)"
e9b62ee 
This reverts commit 94e8e4f.
tcsc added a commit that referenced this pull request May 16, 2022
@tcsc
Restore "Adds optional deployment key for CI (#10506) (#12590)" (#12624)
5c00265 
This reverts commit 94e8e4f, restoring the deployment key options
tcsc added a commit that referenced this pull request May 19, 2022
@tcsc
Adds optional deployment key for CI (#10506) (#12590)" (#12624)
1747520 
Backports
 1. the use of an optional deployment key, and
 2. the ability to optionally disable the unshallowing action

...when checking out teleport

See-Also: #10506
See-Also: #12590
See-Also: #12624
@tcsc tcsc mentioned this pull request May 19, 2022
Merged
tcsc added a commit that referenced this pull request May 23, 2022
@tcsc
Backports buid features to work with teleport.e and teleport-private
19d4144 
Backports
  1. the use of an optional deployment key, and
  2. the ability to optionally disable the unshallowing action

  ...when checking out teleport

See-Also: #10506
See-Also: #12590
See-Also: #12624
@tcsc tcsc mentioned this pull request May 23, 2022
Merged
tcsc added a commit that referenced this pull request May 23, 2022
@tcsc
[v7] Backports build features to work with teleport.e and `teleport…
4f89b30 
…-private` (#12814)

Backports
  1. the use of an optional deployment key, and
  2. the ability to optionally disable the unshallowing action

  ...when checking out teleport

See-Also: #10506
See-Also: #12590
See-Also: #12624
tcsc added a commit that referenced this pull request May 24, 2022
@tcsc
Backport build features to work with teleport.e and teleport-private
17326a0 
Backports
 1. the use of an optional deployment key, and
 2. the ability to optionally disable the unshallowing action

...when checking out teleport

See-Also: #10506
See-Also: #12590
See-Also: #12624
@webvictim webvictim mentioned this pull request Jun 8, 2022
Closed
@zmb3 zmb3 deleted the tcsc/branch/v9/ci-key-deployment branch April 26, 2023 21:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakule jakule jakule approved these changes

@espadolini espadolini Awaiting requested review from espadolini

@greedy52 greedy52 Awaiting requested review from greedy52

@r0mant r0mant Awaiting requested review from r0mant

@russjones russjones Awaiting requested review from russjones

@zmb3 zmb3 Awaiting requested review from zmb3

Assignees
No one assigned
Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tcsc @r0mant @jakule