flipperzero-firmware.upload: use vault to fetch service account token

This commit is contained in:
Luke Granger-Brown 2023-02-15 01:29:03 +00:00
parent c801d3db51
commit 978f045378

View file

@ -106,8 +106,18 @@ pkgs.stdenvNoCC.mkDerivation rec {
firmware = depot.nix.pkgs.flipperzero-firmware; firmware = depot.nix.pkgs.flipperzero-firmware;
in pkgs.writeShellApplication { in pkgs.writeShellApplication {
name = "upload-f0"; name = "upload-f0";
runtimeInputs = [ pkgs.google-cloud-sdk ]; runtimeInputs = [ pkgs.google-cloud-sdk pkgs.vault ];
text = '' text = ''
vault_path=unix:///run/tokend/sock
if [[ "$(groups)" =~ (.* |^)"users"($| .*) ]] || ! test -f /etc/NIXOS; then
vault_path=https://vault.int.lukegb.com
fi
echo "Fetching token from Vault at $vault_path..."
token="$(vault read --field=token --address="$vault_path" gcp/roleset/lukegbcom-deployer/token)"
export CLOUDSDK_AUTH_ACCESS_TOKEN="$token"
echo "Uploading ${firmware.version}" echo "Uploading ${firmware.version}"
gcloud storage cp "${firmware}/f7-C/*-update-*.tgz" "gs://lukegb-flipperzero/${firmware.name}.tgz" gcloud storage cp "${firmware}/f7-C/*-update-*.tgz" "gs://lukegb-flipperzero/${firmware.name}.tgz"
''; '';