Skip to content

Commit

Permalink
Update ci pipeline with new credhub entries
Browse files Browse the repository at this point in the history
  • Loading branch information
jpalermo committed Jan 14, 2023
1 parent 81144d7 commit de327b1
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 23 deletions.
3 changes: 1 addition & 2 deletions ci/configure.sh
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,5 @@
set -eu

fly -t bosh-ecosystem sp -p bosh-aws-cpi \
-c ci/pipeline.yml \
-l <( lpass show --notes "aws cpi concourse secrets")
-c ci/pipeline.yml

44 changes: 23 additions & 21 deletions ci/pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,10 @@ shared:
image: aws-cpi-image
params: &prepare-director-params
INFRASTRUCTURE: aws
DIRECTOR_VARS_FILE: {{aws_director_vars_file}}
DIRECTOR_VARS_FILE: |
access_key_id: ((aws-cpi-integration-tests_aws_access_key.username))
secret_access_key: ((aws-cpi-integration-tests_aws_access_key.password))
region: us-west-1
- &deploy-director
task: deploy-director
Expand All @@ -29,7 +32,7 @@ shared:
file: bosh-cpi-src/ci/tasks/run-e2e.yml
image: aws-cpi-image
params:
BOSH_AWS_KMS_KEY_ARN: {{aws_kms_key_arn}}
BOSH_AWS_KMS_KEY_ARN: ((arn_keys.aws_kms_key_arn))

- &ensure-terminated
task: ensure-terminated
Expand All @@ -38,7 +41,7 @@ shared:
params:
AWS_ACCESS_KEY_ID: ((bosh_cpis_aws_access_key.username))
AWS_SECRET_ACCESS_KEY: ((bosh_cpis_aws_access_key.password))
AWS_DEFAULT_REGION: {{aws_region__primary}}
AWS_DEFAULT_REGION: us-west-1

- &teardown
task: teardown
Expand Down Expand Up @@ -81,13 +84,13 @@ jobs:
file: bosh-cpi-src/ci/tasks/run-integration.yml
image: aws-cpi-image
params:
AWS_ACCESS_KEY_ID: {{aws_access_key__cpi}}
AWS_SECRET_ACCESS_KEY: {{aws_secret_key__cpi}}
BOSH_AWS_PERMISSIONS_AUDITOR_KEY_ID: {{aws_access_key__auditor}}
BOSH_AWS_PERMISSIONS_AUDITOR_SECRET_KEY: {{aws_secret_key__auditor}}
AWS_DEFAULT_REGION: {{aws_region__primary}}
BOSH_AWS_KMS_KEY_ARN: {{aws_kms_key_arn}}
BOSH_AWS_KMS_KEY_ARN_OVERRIDE: {{aws_kms_key_arn_override}}
AWS_ACCESS_KEY_ID: ((aws-cpi-integration-tests_aws_access_key.username))
AWS_SECRET_ACCESS_KEY: ((aws-cpi-integration-tests_aws_access_key.password))
BOSH_AWS_PERMISSIONS_AUDITOR_KEY_ID: ((iam-permission-auditor_aws_access_key.username))
BOSH_AWS_PERMISSIONS_AUDITOR_SECRET_KEY: ((iam-permission-auditor_aws_access_key.password))
AWS_DEFAULT_REGION: us-west-1
BOSH_AWS_KMS_KEY_ARN: ((arn_keys.aws_kms_key_arn))
BOSH_AWS_KMS_KEY_ARN_OVERRIDE: ((arn_keys.aws_kms_key_arn_override))
BOSH_AWS_WINDOWS_IMAGE_ID: ami-01073c012a14da808 # This is the us-west-1 AMI inside the Windows 2019.53 stemcell
ensure:
do:
Expand Down Expand Up @@ -235,24 +238,23 @@ resources:
type: s3
source:
regexp: bosh-aws-cpi-(\d+\.\d+\.\d+)\.tgz
bucket: {{s3_aws_cpi_pipeline_bucket}}
region_name: {{s3_aws_cpi_pipeline_bucket_region}}
bucket: bosh-aws-cpi-pipeline
region_name: us-east-1
access_key_id: ((bosh_cpis_aws_access_key.username))
secret_access_key: ((bosh_cpis_aws_access_key.password))
- name: bosh-cpi-src-in
type: git
source:
uri: https://github.com/cloudfoundry-incubator/bosh-aws-cpi-release.git
branch: master
private_key: ((github_deploy_key_bosh-aws-cpi-release.private_key))
ignore_paths:
- .final_builds/**/*.yml
- releases/**/*.yml
- name: bosh-cpi-src-out
type: git
source:
uri: git@github.com:cloudfoundry-incubator/bosh-aws-cpi-release.git
branch: master
private_key: {{github_deployment_key__bosh-aws-cpi-release}}
private_key: ((github_deploy_key_bosh-aws-cpi-release.private_key))
- name: bosh-cpi-src-dockerfiles
type: git
source:
Expand All @@ -264,14 +266,14 @@ resources:
type: semver
source:
key: current-version # dev-release version
bucket: {{s3_aws_cpi_pipeline_bucket}}
bucket: bosh-aws-cpi-pipeline
access_key_id: ((bosh_cpis_aws_access_key.username))
secret_access_key: ((bosh_cpis_aws_access_key.password))
- name: release-version-semver
type: semver
source:
key: release-current-version
bucket: {{s3_aws_cpi_pipeline_bucket}}
bucket: bosh-aws-cpi-pipeline
access_key_id: ((bosh_cpis_aws_access_key.username))
secret_access_key: ((bosh_cpis_aws_access_key.password))
- name: environment
Expand All @@ -282,18 +284,18 @@ resources:
access_key: ((bosh_cpis_aws_access_key.username))
secret_key: ((bosh_cpis_aws_access_key.password))
region: us-east-1
bucket: {{terraform_bucket}}
bucket: bosh-aws-cpi-terraform
key: terraform.tfstate
migrate_from_storage:
access_key_id: ((bosh_cpis_aws_access_key.username))
secret_access_key: ((bosh_cpis_aws_access_key.password))
bucket: {{terraform_bucket}}
bucket: bosh-aws-cpi-terraform
bucket_path: terraform-state
vars:
access_key: ((bosh_cpis_aws_access_key.username))
secret_key: ((bosh_cpis_aws_access_key.password))
region: {{aws_region__primary}}
public_key: {{cpi_pipeline_public_key}}
region: us-west-1
public_key: ((integration_vm_keypair.public_key))
- name: bosh-cli
type: s3
source:
Expand Down

0 comments on commit de327b1

Please sign in to comment.