Unverified Commit 45800385 authored by Sergejs Kostjucenko's avatar Sergejs Kostjucenko Committed by GitHub
Browse files

Change CI variables source to Vault (#890)

* Change pipeline to use vault secrets

Add more vault CI variables

Add more vault CI variables

Add comment line

Pass Vault url var to downstream job

Pass Vault path and role vars to downstream job

Comment out vault-secrets from ink-waterfall

Test vault-secrets on another job

Revert last change

Hardcoded Vault variables

Remove hardcoded vars

Try to get vault vars from another stage

Populate secrets directly in the job

Move Vault access variables to the top

Add secrets to non related jobs for test

Add secrets to non related jobs for test purpose

From secrets from non related jobs

Fix typo

Move vault vars to anchor

Move anchor call after job vars

* Move vault access vars to the top
parent eabb1170
Pipeline #154102 failed with stages
in 8 minutes and 29 seconds
......@@ -25,6 +25,9 @@ variables:
# read more https://github.com/paritytech/scripts/pull/244
ALL_CRATES: "${PURELY_STD_CRATES} ${ALSO_WASM_CRATES}"
DELEGATOR_SUBCONTRACTS: "accumulator adder subber"
VAULT_SERVER_URL: "https://vault.parity-mgmt-vault.parity.io"
VAULT_AUTH_PATH: "gitlab-parity-io-jwt"
VAULT_AUTH_ROLE: "cicd_gitlab_parity_${CI_PROJECT_NAME}"
workflow:
rules:
......@@ -84,6 +87,28 @@ workflow:
tags:
- kubernetes-parity-build
#### Vault secrets
.vault-secrets: &vault-secrets
secrets:
CODECOV_P_TOKEN:
vault: cicd/gitlab/$CI_PROJECT_PATH/CODECOV_P_TOKEN@kv
file: false
CODECOV_TOKEN:
vault: cicd/gitlab/$CI_PROJECT_PATH/CODECOV_TOKEN@kv
file: false
GITHUB_EMAIL:
vault: cicd/gitlab/$CI_PROJECT_PATH/GITHUB_EMAIL@kv
file: false
GITHUB_USER:
vault: cicd/gitlab/$CI_PROJECT_PATH/GITHUB_USER@kv
file: false
GITHUB_TOKEN:
vault: cicd/gitlab/$CI_PROJECT_PATH/GITHUB_TOKEN@kv
file: false
PIPELINE_TOKEN:
vault: cicd/gitlab/$CI_PROJECT_PATH/PIPELINE_TOKEN@kv
file: false
#### stage: check
check-std:
......@@ -339,6 +364,7 @@ ink-waterfall:
image: paritytech/tools:latest
<<: *kubernetes-env
<<: *test-refs
<<: *vault-secrets
variables:
TRGR_PROJECT: ${CI_PROJECT_NAME}
TRGR_REF: ${CI_COMMIT_REF_NAME}
......@@ -355,6 +381,7 @@ publish-docs:
stage: publish
<<: *docker-env
<<: *test-refs
<<: *vault-secrets
needs:
- job: docs
artifacts: true
......@@ -409,6 +436,7 @@ fuzz-tests:
stage: fuzz
<<: *docker-env
<<: *test-refs
<<: *vault-secrets
variables:
# The QUICKCHECK_TESTS default is 100
QUICKCHECK_TESTS: 5000
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment