Browse Source

AIAP: Fix SOPS environment variables

When `exec`ing into a container, bash is not invoked as a login shell,
so .profile is not executed. This moves the exporting of the SOPS
variables from .profile into the .bashrc file, which will be invoked in
this case.

This also moves the SOPS key from the /tmp directory into the root
directory. While the /tmp directory shouldn't ever be cleared during the
execution of a container, it doesn't make sense to store enduring
information there.

Change-Id: I2b5c4c12179fb624ae7c6e6ea7e22c517bec04fc
changes/78/800978/4
Ian Howell 1 year ago committed by Sirajudeen
parent
commit
48816602f1
  1. 18
      tools/airship-in-a-pod/runner/assets/entrypoint.sh

18
tools/airship-in-a-pod/runner/assets/entrypoint.sh

@ -31,18 +31,20 @@ install /tmp/kustomize /usr/local/bin
cp "$ARTIFACTS_DIR/$MANIFEST_REPO_NAME/bin/airshipctl" /usr/local/bin/airshipctl
if [ $MANIFEST_REPO_NAME != "airshipctl" ]
then
export AIRSHIP_CONFIG_PHASE_REPO_URL="https://opendev.org/airship/treasuremap"
cp -r $ARTIFACTS_DIR/airshipctl/ /opt/airshipctl
export AIRSHIP_CONFIG_PHASE_REPO_URL="https://opendev.org/airship/treasuremap"
cp -r $ARTIFACTS_DIR/airshipctl/ /opt/airshipctl
fi
cp -r $ARTIFACTS_DIR/$MANIFEST_REPO_NAME/ /opt/$MANIFEST_REPO_NAME
cd /opt/$MANIFEST_REPO_NAME
curl -fsSL -o /sops-key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc
SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"
curl -fsSL -o /tmp/key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc
echo 'export SOPS_IMPORT_PGP="$(cat /tmp/key.asc)"' >> ~/.profile
echo "export SOPS_PGP_FP=${SOPS_PGP_FP}" >> ~/.profile
source ~/.profile
SOPS_IMPORT_PGP="$(cat /sops-key.asc)"
export SOPS_IMPORT_PGP
export SOPS_PGP_FP
echo 'export SOPS_IMPORT_PGP="$(cat /sops-key.asc)"' >> ~/.bashrc
echo "export SOPS_PGP_FP=${SOPS_PGP_FP}" >> ~/.bashrc
export AIRSHIP_CONFIG_MANIFEST_DIRECTORY="/tmp/airship"
@ -74,9 +76,9 @@ if [[ "$USE_CACHED_ISO" = "true" ]]; then
else
if [ "$MANIFEST_REPO_NAME" == "airshipctl" ]
then
./tools/deployment/24_build_images.sh
./tools/deployment/24_build_images.sh
else
./tools/deployment/airship-core/24_build_images.sh
./tools/deployment/airship-core/24_build_images.sh
fi
tar -czf "$ARTIFACTS_DIR/iso.tar.gz" --directory=/srv/images .

Loading…
Cancel
Save