From 55dcd71ad83ab6507eeb8cd0d1a05c2c414ac210 Mon Sep 17 00:00:00 2001 From: Dominik Giger Date: Thu, 15 Aug 2024 09:27:17 +0200 Subject: [PATCH 1/2] Use ephemeral github token for build. --- .buildkite/scripts/release.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/.buildkite/scripts/release.sh b/.buildkite/scripts/release.sh index bd9a567a6..7e7b7c272 100755 --- a/.buildkite/scripts/release.sh +++ b/.buildkite/scripts/release.sh @@ -12,4 +12,5 @@ echo "--- Caching GPG passphrase" echo "$GPG_PASSPHRASE_SECRET" | gpg --armor --detach-sign --passphrase-fd 0 --pinentry-mode loopback echo "--- Release the binaries" +export GITHUB_TOKEN="${VAULT_GITHUB_TOKEN}" make release From bcdf47e094b3fffcb3d628177929700dd595b09f Mon Sep 17 00:00:00 2001 From: Dominik Giger Date: Thu, 15 Aug 2024 13:12:07 +0200 Subject: [PATCH 2/2] replace GITHUB_TOKEN in pre-command --- .buildkite/hooks/pre-command | 2 +- .buildkite/scripts/release.sh | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command index 4849ba1af..850aac259 100755 --- a/.buildkite/hooks/pre-command +++ b/.buildkite/hooks/pre-command @@ -12,5 +12,5 @@ if [[ "$BUILDKITE_PIPELINE_SLUG" == "terraform-provider-elasticstack-release" ]] export GPG_PRIVATE_SECRET=$(scripts/retry.sh 5 vault kv get -field gpg_private ${RELEASE_VAULT_PATH}) export GPG_PASSPHRASE_SECRET=$(scripts/retry.sh 5 vault kv get -field gpg_passphrase ${RELEASE_VAULT_PATH}) export GPG_FINGERPRINT_SECRET=$(scripts/retry.sh 5 vault kv get -field gpg_fingerprint ${RELEASE_VAULT_PATH}) - export GITHUB_TOKEN=$(scripts/retry.sh 5 vault kv get -field gh_personal_access_token ${RELEASE_VAULT_PATH}) + export GITHUB_TOKEN="${VAULT_GITHUB_TOKEN}" fi diff --git a/.buildkite/scripts/release.sh b/.buildkite/scripts/release.sh index 7e7b7c272..bd9a567a6 100755 --- a/.buildkite/scripts/release.sh +++ b/.buildkite/scripts/release.sh @@ -12,5 +12,4 @@ echo "--- Caching GPG passphrase" echo "$GPG_PASSPHRASE_SECRET" | gpg --armor --detach-sign --passphrase-fd 0 --pinentry-mode loopback echo "--- Release the binaries" -export GITHUB_TOKEN="${VAULT_GITHUB_TOKEN}" make release