Skip to content
This repository has been archived by the owner on Nov 15, 2023. It is now read-only.

Commit

Permalink
Change pipeline to use Vault (#3722)
Browse files Browse the repository at this point in the history 
* Change pipeline to use Vault
  • Loading branch information
@sergejparity
sergejparity authored Sep 8, 2021
1 parent c0a3e56 commit eb12f83
Showing 1 changed file with 61 additions and 2 deletions.
63 changes: 61 additions & 2 deletions .gitlab-ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,9 @@ variables:
CI_SERVER_NAME: "GitLab CI"
DOCKER_OS: "debian:stretch"
ARCH: "x86_64"
VAULT_SERVER_URL: "https://vault.parity-mgmt-vault.parity.io"
VAULT_AUTH_PATH: "gitlab-parity-io-jwt"
VAULT_AUTH_ROLE: "cicd_gitlab_parity_${CI_PROJECT_NAME}"

default:
cache: {}
Expand Down Expand Up @@ -84,13 +87,63 @@ default:
when: never
- if: $CI_COMMIT_REF_NAME =~ /^[0-9]+$/ # PRs

#### Vault secrets
.vault-secrets: &vault-secrets
secrets:
AWS_ACCESS_KEY_ID:
vault: cicd/gitlab/$CI_PROJECT_PATH/AWS_ACCESS_KEY_ID@kv
file: false
AWS_SECRET_ACCESS_KEY:
vault: cicd/gitlab/$CI_PROJECT_PATH/AWS_SECRET_ACCESS_KEY@kv
file: false
DOCKER_HUB_USER:
vault: cicd/gitlab/parity/DOCKER_HUB_USER@kv
file: false
DOCKER_HUB_PASS:
vault: cicd/gitlab/parity/DOCKER_HUB_PASS@kv
file: false
GITHUB_PR_TOKEN:
vault: cicd/gitlab/parity/GITHUB_PR_TOKEN@kv
file: false
GITHUB_USER:
vault: cicd/gitlab/$CI_PROJECT_PATH/GITHUB_USER@kv
file: false
GITHUB_RELEASE_TOKEN:
vault: cicd/gitlab/$CI_PROJECT_PATH/GITHUB_RELEASE_TOKEN@kv
file: false
GITHUB_TOKEN:
vault: cicd/gitlab/$CI_PROJECT_PATH/GITHUB_TOKEN@kv
file: false
MATRIX_ACCESS_TOKEN:
vault: cicd/gitlab/$CI_PROJECT_PATH/MATRIX_ACCESS_TOKEN@kv
file: false
MATRIX_ROOM_ID:
vault: cicd/gitlab/$CI_PROJECT_PATH/MATRIX_ROOM_ID@kv
file: false
PARITYPR_USER:
vault: cicd/gitlab/$CI_PROJECT_PATH/PARITYPR_USER@kv
file: false
PARITYPR_PASS:
vault: cicd/gitlab/$CI_PROJECT_PATH/PARITYPR_PASS@kv
file: false
PIPELINE_TOKEN:
vault: cicd/gitlab/$CI_PROJECT_PATH/PIPELINE_TOKEN@kv
file: false
REL_MAN_ROOM_ID:
vault: cicd/gitlab/$CI_PROJECT_PATH/REL_MAN_ROOM_ID@kv
file: false
SSH_PRIVATE_KEY:
vault: cicd/gitlab/$CI_PROJECT_PATH/SSH_PRIVATE_KEY@kv
file: false

#### stage: test

check-runtime:
stage: test
image: paritytech/tools:latest
<<: *kubernetes-env
<<: *rules-pr-only
<<: *vault-secrets
variables:
GITLAB_API: "https://gitlab.parity.io/api/v4"
GITHUB_API_PROJECT: "parity%2Finfrastructure%2Fgithub-api"
Expand Down Expand Up @@ -120,6 +173,7 @@ test-deterministic-wasm:
<<: *rules-test
<<: *docker-env
<<: *compiler-info
<<: *vault-secrets
script:
- ./scripts/gitlab/test_deterministic_wasm.sh

Expand All @@ -128,6 +182,7 @@ test-build-linux-stable:
<<: *docker-env
<<: *compiler-info
<<: *collect-artifacts
<<: *vault-secrets
variables:
RUST_TOOLCHAIN: stable
# Enable debug assertions since we are running optimized builds for testing
Expand Down Expand Up @@ -162,6 +217,7 @@ check-runtime-benchmarks:
<<: *rules-test
<<: *docker-env
<<: *compiler-info
<<: *vault-secrets
script:
# Check that the node will compile with `runtime-benchmarks` feature flag.
- ./scripts/gitlab/check_runtime_benchmarks.sh
Expand Down Expand Up @@ -207,6 +263,7 @@ check-transaction-versions:
stage: build
<<: *rules-test
<<: *docker-env
<<: *vault-secrets
needs:
- job: test-build-linux-stable
artifacts: true
Expand Down Expand Up @@ -251,6 +308,7 @@ build-rustdoc:

.build-push-image: &build-push-image
<<: *kubernetes-env
<<: *vault-secrets
image: quay.io/buildah/stable
variables: &image-variables
GIT_STRATEGY: none
Expand Down Expand Up @@ -303,8 +361,8 @@ publish-polkadot-image:
variables:
<<: *image-variables
IMAGE_NAME: docker.io/parity/rococo
DOCKER_USER: ${Docker_Hub_User_Parity}
DOCKER_PASS: ${Docker_Hub_Pass_Parity}
DOCKER_USER: ${DOCKER_HUB_USER}
DOCKER_PASS: ${DOCKER_HUB_PASS}
needs:
- job: test-build-linux-stable
artifacts: true
Expand Down Expand Up @@ -380,6 +438,7 @@ publish-s3-release: &publish-s3
- job: test-build-linux-stable
artifacts: true
<<: *kubernetes-env
<<: *vault-secrets
image: paritytech/awscli:latest
variables:
GIT_STRATEGY: none
Expand Down

0 comments on commit eb12f83

Please sign in to comment.