flipperzero-firmware.upload: use vault to fetch service account token
This commit is contained in:
parent
c801d3db51
commit
978f045378
1 changed files with 11 additions and 1 deletions
|
@ -106,8 +106,18 @@ pkgs.stdenvNoCC.mkDerivation rec {
|
||||||
firmware = depot.nix.pkgs.flipperzero-firmware;
|
firmware = depot.nix.pkgs.flipperzero-firmware;
|
||||||
in pkgs.writeShellApplication {
|
in pkgs.writeShellApplication {
|
||||||
name = "upload-f0";
|
name = "upload-f0";
|
||||||
runtimeInputs = [ pkgs.google-cloud-sdk ];
|
runtimeInputs = [ pkgs.google-cloud-sdk pkgs.vault ];
|
||||||
text = ''
|
text = ''
|
||||||
|
vault_path=unix:///run/tokend/sock
|
||||||
|
|
||||||
|
if [[ "$(groups)" =~ (.* |^)"users"($| .*) ]] || ! test -f /etc/NIXOS; then
|
||||||
|
vault_path=https://vault.int.lukegb.com
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Fetching token from Vault at $vault_path..."
|
||||||
|
token="$(vault read --field=token --address="$vault_path" gcp/roleset/lukegbcom-deployer/token)"
|
||||||
|
export CLOUDSDK_AUTH_ACCESS_TOKEN="$token"
|
||||||
|
|
||||||
echo "Uploading ${firmware.version}"
|
echo "Uploading ${firmware.version}"
|
||||||
gcloud storage cp "${firmware}/f7-C/*-update-*.tgz" "gs://lukegb-flipperzero/${firmware.name}.tgz"
|
gcloud storage cp "${firmware}/f7-C/*-update-*.tgz" "gs://lukegb-flipperzero/${firmware.name}.tgz"
|
||||||
'';
|
'';
|
||||||
|
|
Loading…
Reference in a new issue