• R/O
  • HTTP
  • SSH
  • HTTPS

提交

标签
No Tags

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

the default GitOps source repository for booting up Jenkins X


Commit MetaInfo

修订版551d49608e88db15851f4219cbd155844ee133a3 (tree)
时间2019-09-11 18:31:30
作者James Rawlings <rawlingsj80@gmai...>
CommiterJames Rawlings

Log Message

fix: mount secrets into a non workspace dir to avoid checking out code into the same dir and accidentily commiting keys

更改概述

差异

--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,7 @@
1+repos:
2+- repo: git@github.com:Yelp/detect-secrets
3+ rev: v0.12.4
4+ hooks:
5+ - id: detect-secrets
6+ args: ['--baseline', '.secrets.baseline']
7+ exclude: .*/tests/.*
\ No newline at end of file
--- /dev/null
+++ b/.secrets.baseline
@@ -0,0 +1,89 @@
1+{
2+ "exclude": {
3+ "files": null,
4+ "lines": null
5+ },
6+ "generated_at": "2019-09-11T09:31:17Z",
7+ "plugins_used": [
8+ {
9+ "name": "AWSKeyDetector"
10+ },
11+ {
12+ "name": "ArtifactoryDetector"
13+ },
14+ {
15+ "base64_limit": 4.5,
16+ "name": "Base64HighEntropyString"
17+ },
18+ {
19+ "name": "BasicAuthDetector"
20+ },
21+ {
22+ "hex_limit": 3,
23+ "name": "HexHighEntropyString"
24+ },
25+ {
26+ "name": "KeywordDetector"
27+ },
28+ {
29+ "name": "PrivateKeyDetector"
30+ },
31+ {
32+ "name": "SlackDetector"
33+ },
34+ {
35+ "name": "StripeDetector"
36+ }
37+ ],
38+ "results": {
39+ "bdd/bdd.sh": [
40+ {
41+ "hashed_secret": "8ed71d19964ae8169396605379dc4f65ff292fe2",
42+ "is_secret": false,
43+ "line_number": 40,
44+ "type": "Secret Keyword"
45+ }
46+ ],
47+ "env/jenkins-x-platform/values.tmpl.yaml": [
48+ {
49+ "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
50+ "is_secret": false,
51+ "line_number": 20,
52+ "type": "Secret Keyword"
53+ }
54+ ],
55+ "env/jxboot-resources/values.tmpl.yaml": [
56+ {
57+ "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
58+ "is_secret": false,
59+ "line_number": 143,
60+ "type": "Secret Keyword"
61+ }
62+ ],
63+ "env/tekton/values.tmpl.yaml": [
64+ {
65+ "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
66+ "is_secret": false,
67+ "line_number": 21,
68+ "type": "Secret Keyword"
69+ }
70+ ],
71+ "kubeProviders/iks/README.md": [
72+ {
73+ "hashed_secret": "aa5c16139fb7160196bad6d4a1ae97b677ff0d81",
74+ "is_secret": false,
75+ "line_number": 198,
76+ "type": "Secret Keyword"
77+ }
78+ ],
79+ "systems/external-dns/values.tmpl.yaml": [
80+ {
81+ "hashed_secret": "8aa3771c4ae26feb2df06246de60d7620aad7bb7",
82+ "is_secret": false,
83+ "line_number": 7,
84+ "type": "Secret Keyword"
85+ }
86+ ]
87+ },
88+ "version": "0.12.4"
89+}
--- a/bdd/bdd.sh
+++ b/bdd/bdd.sh
@@ -15,7 +15,6 @@ export GH_OWNER="cb-kubecd"
1515
1616 export GH_CREDS_PSW="$(jx step credential -s jenkins-x-bot-test-github)"
1717 export JENKINS_CREDS_PSW="$(jx step credential -s test-jenkins-user)"
18-export GKE_SA="$(jx step credential -k bdd-credentials.json -s bdd-secret -f sa.json)"
1918
2019 # fix broken `BUILD_NUMBER` env var
2120 export BUILD_NUMBER="$BUILD_ID"
--- a/jenkins-x-bdd-local.yml
+++ b/jenkins-x-bdd-local.yml
@@ -15,10 +15,24 @@ pipelineConfig:
1515 environment:
1616 - name: GOPROXY
1717 value: http://jenkins-x-athens-proxy:80
18+ - name: GKE_SA
19+ value: /secrets/bdd/sa.json
1820 agent:
1921 image: gcr.io/jenkinsxio/builder-go-maven
2022 stages:
2123 - name: ci
24+ options:
25+ volumes:
26+ - name: sa
27+ secret:
28+ secretName: bdd-secret
29+ items:
30+ - key: bdd-credentials.json
31+ path: bdd/sa.json
32+ containerOptions:
33+ volumeMounts:
34+ - mountPath: /secrets
35+ name: sa
2236 steps:
2337 - name: run-bdd
2438 command: bdd/bdd.sh
--- a/jenkins-x-bdd-vault.yml
+++ b/jenkins-x-bdd-vault.yml
@@ -21,10 +21,24 @@ pipelineConfig:
2121 value: "boot"
2222 - name: DOMAIN_SUFFIX
2323 value: ".bdd.jenkins-x.rocks"
24+ - name: GKE_SA
25+ value: /secrets/bdd/sa.json
2426 agent:
2527 image: gcr.io/jenkinsxio/builder-go-maven
2628 stages:
2729 - name: ci
30+ options:
31+ volumes:
32+ - name: sa
33+ secret:
34+ secretName: bdd-secret
35+ items:
36+ - key: bdd-credentials.json
37+ path: bdd/sa.json
38+ containerOptions:
39+ volumeMounts:
40+ - mountPath: /secrets
41+ name: sa
2842 steps:
2943 - name: run-bdd
3044 command: bdd/bdd.sh