[DDO-3749] use gsm instead of vault #1632
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
jyang-broad
commented
Jun 21, 2024
•
jyang-broad
commented
- Submitter: Include the JIRA issue number in the PR description
- Submitter: Check documentation and code comments. Add explanatory PR comments if helpful.
- Submitter: If you changed a URL that is used elsewhere (e.g. in an email), comment about where it is used and ensure the dependent code is updated.
- Submitter: JIRA ticket checks:
- Acceptance criteria exists and is met
- Note any changes to implementation from the description
- To Demo flag is set
- Release Summary is filled out, if applicable
- Add notes on how to QA
- Submitter: Update RC_XXX release ticket with any config or environment changes necessary
- Submitter: Update FISMA documentation if changes to:
- Authentication
- Authorization
- Encryption
- Audit trails
- Submitter: If you're adding new libraries, sign us up to security updates for them
- Submitter: If you're adding new automated UI tests, review the test plan with QA
- Review cycle:
- LR reviews
- Rest of team may comment on PR at will
- LR assigns to submitter for feedback fixes
- Submitter rebases to develop again if necessary
- Submitter makes further commits. DO NOT SQUASH
- Submitter updates documentation as needed
- Submitter reassigns to LR for further feedback
- TL sign off
- LR sign off
- Product Owner sign off
- Submitter: Verify all tests go green, including CI tests and automated UI tests.
- Submitter: Squash commits and merge to develop. If adding test code, merge application code and test code at the same time.
- Submitter: Delete branch after merge
- Submitter: Test this change works on dev environment after deployment. YOU own getting it fixed if dev isn't working for ANY reason!
- Submitter: Mark JIRA issue as resolved once this checklist is completed
aednichols
approved these changes
Jun 21, 2024
|
|
||
| SECRET_ACCESS_ACCOUNT=jenkins-firecloud@broad-dsp-techops.iam.gserviceaccount.com | ||
| # Expand the array of args and pass them to `docker` | ||
| JSON_CREDS=$(docker ${DOCKER_ARGS[*]} /bin/bash -c "gcloud config set account ${SECRET_ACCESS_ACCOUNT} && gcloud secrets versions access latest --project broad-dsde-dev --secret firecloud-sa") |
There was a problem hiding this comment.
Because you are mounting the gcloud root directory from the host OS, running this command could mutate the active gcloud user for all jobs not just this one running on the same jenkins node as this job
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.