mirror of https://github.com/status-im/consul.git
modify aws assume role circleci command
This commit is contained in:
parent
d399690ae4
commit
383dd32bdf
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
version: 2
|
version: 2.1
|
||||||
|
|
||||||
references:
|
references:
|
||||||
images:
|
images:
|
||||||
|
@ -43,16 +43,6 @@ steps:
|
||||||
unzip awscliv2.zip
|
unzip awscliv2.zip
|
||||||
sudo ./aws/install
|
sudo ./aws/install
|
||||||
|
|
||||||
aws-assume-role: &aws-assume-role
|
|
||||||
run:
|
|
||||||
name: assume-role aws creds
|
|
||||||
command: |
|
|
||||||
# assume role has duration of 15 min (the minimum allowed)
|
|
||||||
CREDENTIALS="$(aws sts assume-role --duration-seconds 900 --role-arn ${ROLE_ARN} --role-session-name build-${CIRCLE_SHA1} | jq '.Credentials')"
|
|
||||||
echo "export AWS_ACCESS_KEY_ID=$(echo $CREDENTIALS | jq -r '.AccessKeyId')" >> $BASH_ENV
|
|
||||||
echo "export AWS_SECRET_ACCESS_KEY=$(echo $CREDENTIALS | jq -r '.SecretAccessKey')" >> $BASH_ENV
|
|
||||||
echo "export AWS_SESSION_TOKEN=$(echo $CREDENTIALS | jq -r '.SessionToken')" >> $BASH_ENV
|
|
||||||
|
|
||||||
# This step MUST be at the end of any set of steps due to the 'when' condition
|
# This step MUST be at the end of any set of steps due to the 'when' condition
|
||||||
notify-slack-failure: ¬ify-slack-failure
|
notify-slack-failure: ¬ify-slack-failure
|
||||||
name: notify-slack-failure
|
name: notify-slack-failure
|
||||||
|
@ -80,6 +70,30 @@ steps:
|
||||||
echo "Not posting slack failure notifications for non-master branch"
|
echo "Not posting slack failure notifications for non-master branch"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
commands:
|
||||||
|
assume-role:
|
||||||
|
description: "Assume role to an ARN"
|
||||||
|
parameters:
|
||||||
|
access-key:
|
||||||
|
type: env_var_name
|
||||||
|
default: AWS_ACCESS_KEY_ID
|
||||||
|
secret-key:
|
||||||
|
type: env_var_name
|
||||||
|
default: AWS_SECRET_ACCESS_KEY
|
||||||
|
role-arn:
|
||||||
|
type: env_var_name
|
||||||
|
default: ROLE_ARN
|
||||||
|
steps:
|
||||||
|
- run: |
|
||||||
|
export AWS_ACCESS_KEY_ID="${<< parameters.access-key >>}"
|
||||||
|
export AWS_SECRET_ACCESS_KEY="${<< parameters.secret-key >>}"
|
||||||
|
export ROLE_ARN="${<< parameters.role-arn >>}"
|
||||||
|
# assume role has duration of 15 min (the minimum allowed)
|
||||||
|
CREDENTIALS="$(aws sts assume-role --duration-seconds 900 --role-arn ${ROLE_ARN} --role-session-name build-${CIRCLE_SHA1} | jq '.Credentials')"
|
||||||
|
echo "export AWS_ACCESS_KEY_ID=$(echo $CREDENTIALS | jq -r '.AccessKeyId')" >> $BASH_ENV
|
||||||
|
echo "export AWS_SECRET_ACCESS_KEY=$(echo $CREDENTIALS | jq -r '.SecretAccessKey')" >> $BASH_ENV
|
||||||
|
echo "export AWS_SESSION_TOKEN=$(echo $CREDENTIALS | jq -r '.SessionToken')" >> $BASH_ENV
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
# lint consul tests
|
# lint consul tests
|
||||||
lint-consul-retry:
|
lint-consul-retry:
|
||||||
|
@ -360,7 +374,10 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
- checkout
|
- checkout
|
||||||
- *get-aws-cli
|
- *get-aws-cli
|
||||||
- *aws-assume-role
|
- assume-role:
|
||||||
|
access-key: AWS_ACCESS_KEY_ID_S3_UPLOAD
|
||||||
|
secret-key: AWS_SECRET_ACCESS_KEY_S3_UPLOAD
|
||||||
|
role-arn: ROLE_ARN_S3_UPLOAD
|
||||||
# get consul binary
|
# get consul binary
|
||||||
- attach_workspace:
|
- attach_workspace:
|
||||||
at: bin/
|
at: bin/
|
||||||
|
|
Loading…
Reference in New Issue