zuul/zuul-jobs
Code Issues Proposed changes
0f662a23d0
zuul-jobs/roles/upload-git-mirror/tasks/main.yaml
Ian Wienand 73951559fc upload-git-mirror: no_log around key writing 
Add no_log here as a fallback against ever leaving the output in the
logs.

Change-Id: Ia3d518d915705b40e0e12e25e0a0787a8cf614d7
2022-07-28 09:31:49 +10:00

74 lines
2.3 KiB
YAML
Raw Blame History

- name: Upload git mirror
block:
- name: Create SSH private key tempfile
tempfile:
state: file
register: ssh_private_key_tmp
- name: Set up private key
copy:
content: "{{ git_mirror_credentials.ssh_key }}"
dest: "{{ ssh_private_key_tmp.path }}"
mode: 0600
no_log: true
# If the markers in an id_rsa don't end with a newline some
# versions of ssh won't read the key.
- name: Ensure ssh_key ends with newline
shell: |
echo >> {{ ssh_private_key_tmp.path }}
- name: Generate SSH configuration
set_fact:
ssh_config: |
host {{ git_mirror_credentials.host }}
HostName {{ git_mirror_credentials.host }}
IdentityFile {{ ssh_private_key_tmp.path }}
User {{ git_mirror_credentials.user }}
- name: Write SSH configuration to ~/.ssh/config
blockinfile:
state: present
path: "{{ ansible_user_dir }}/.ssh/config"
create: yes
mode: 0600
block: "{{ ssh_config }}"
- name: Add host key to known hosts
known_hosts:
state: present
name: "{{ git_mirror_credentials.host }}"
key: "{{ git_mirror_credentials.host_key }}"
- name: Mirror the git repository
command: git push --mirror {{ git_mirror_credentials.user }}@{{ git_mirror_credentials.host }}:{{ git_mirror_repository }}
args:
chdir: "{{ ansible_user_dir }}/{{ zuul.project.src_dir }}"
tags:
- skip_ansible_lint
register: result
retries: 3
delay: 5
until: result is not failed
always:
# Registered variables below are only used for integration testing
- name: Remove SSH private key from disk
command: "shred --remove {{ ssh_private_key_tmp.path }}"
register: git_mirror_key_removed
- name: Remove SSH configuration in ~/.ssh/config
blockinfile:
state: absent
path: "{{ ansible_user_dir }}/.ssh/config"
mode: 0600
block: "{{ ssh_config }}"
register: git_mirror_ssh_config_removed
- name: Remove host key from known hosts
known_hosts:
state: absent
name: "{{ git_mirror_credentials.host }}"
key: "{{ git_mirror_credentials.host_key }}"
register: git_mirror_host_key_removed
View Git Blame Copy Permalink