flipperzero-firmware.upload: use vault to fetch service account token
This commit is contained in:
parent
c801d3db51
commit
978f045378
1 changed files with 11 additions and 1 deletions
|
@ -106,8 +106,18 @@ pkgs.stdenvNoCC.mkDerivation rec {
|
|||
firmware = depot.nix.pkgs.flipperzero-firmware;
|
||||
in pkgs.writeShellApplication {
|
||||
name = "upload-f0";
|
||||
runtimeInputs = [ pkgs.google-cloud-sdk ];
|
||||
runtimeInputs = [ pkgs.google-cloud-sdk pkgs.vault ];
|
||||
text = ''
|
||||
vault_path=unix:///run/tokend/sock
|
||||
|
||||
if [[ "$(groups)" =~ (.* |^)"users"($| .*) ]] || ! test -f /etc/NIXOS; then
|
||||
vault_path=https://vault.int.lukegb.com
|
||||
fi
|
||||
|
||||
echo "Fetching token from Vault at $vault_path..."
|
||||
token="$(vault read --field=token --address="$vault_path" gcp/roleset/lukegbcom-deployer/token)"
|
||||
export CLOUDSDK_AUTH_ACCESS_TOKEN="$token"
|
||||
|
||||
echo "Uploading ${firmware.version}"
|
||||
gcloud storage cp "${firmware}/f7-C/*-update-*.tgz" "gs://lukegb-flipperzero/${firmware.name}.tgz"
|
||||
'';
|
||||
|
|
Loading…
Reference in a new issue