gitlab-ci: make populating secrets into repo more consistent
This commit is contained in:
parent
3b8f4a2472
commit
0cee10a83c
3 changed files with 13 additions and 9 deletions
|
@ -6,8 +6,7 @@ nixCache:
|
|||
stage: build
|
||||
image: "nixos/nix:latest"
|
||||
script:
|
||||
- "mkdir -p ops/secrets"
|
||||
- "cp ${OPS_SECRETS_DEFAULT_NIX} ops/secrets/default.nix"
|
||||
- "./hack/populate_secrets.sh"
|
||||
- "nix build -v -f ./ci-root.nix --substituters \"https://cache.nixos.org s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1\""
|
||||
- "nix copy -v --to 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' ./result"
|
||||
|
||||
|
|
|
@ -2,13 +2,7 @@
|
|||
|
||||
set -euo pipefail
|
||||
|
||||
echo Dropping files into place as defined by manifest...
|
||||
while read -r manifest_line; do
|
||||
IFS='=' read -ra manifest_bits <<< "$manifest_line"
|
||||
if [[ "${#manifest_bits[@]}" -ne 2 ]]; then continue; fi
|
||||
echo -e "\t${manifest_bits[1]}"
|
||||
cp "${!manifest_bits[0]}" "${manifest_bits[1]}"
|
||||
done < "$SECRETS_MANIFEST"
|
||||
./hack/populate_secrets.sh
|
||||
|
||||
ssh_cmd="ssh -o StrictHostKeyChecking=accept-new"
|
||||
|
||||
|
|
11
hack/populate_secrets.sh
Executable file
11
hack/populate_secrets.sh
Executable file
|
@ -0,0 +1,11 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
echo Dropping files into place as defined by manifest...
|
||||
while read -r manifest_line; do
|
||||
IFS='=' read -ra manifest_bits <<< "$manifest_line"
|
||||
if [[ "${#manifest_bits[@]}" -ne 2 ]]; then continue; fi
|
||||
echo -e "\t${manifest_bits[1]}"
|
||||
cp "${!manifest_bits[0]}" "${manifest_bits[1]}"
|
||||
done < "$SECRETS_MANIFEST"
|
Loading…
Reference in a new issue