switch to new aws account s3 bucket for dev artifacts (#8612)

2025-02-10 12:46:32 +00:00 · 2020-09-03 23:40:23 -04:00 · 2020-09-03 23:40:23 -04:00 · e54758221e
commit e54758221e
parent 82ba6d8bb5
1 changed files with 52 additions and 5 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -19,7 +19,7 @@ references:
    EMAIL: noreply@hashicorp.com
    GIT_AUTHOR_NAME: circleci-consul
    GIT_COMMITTER_NAME: circleci-consul
-    S3_ARTIFACT_BUCKET: consul-dev-artifacts
+    S3_ARTIFACT_BUCKET: consul-dev-artifacts-v2
    BASH_ENV: .circleci/bash_env.sh
    VAULT_BINARY_VERSION: 1.2.2
@ -33,6 +33,54 @@ steps:
      curl -sSL "${url}/v${GOTESTSUM_RELEASE}/gotestsum_${GOTESTSUM_RELEASE}_linux_amd64.tar.gz" | \
      sudo tar -xz --overwrite -C /usr/local/bin gotestsum
  get-aws-cli: &get-aws-cli
    run:
      name: download and install AWS CLI
      command: |
        curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
        echo -e "${AWS_CLI_GPG_KEY}" | gpg --import
        curl -o awscliv2.sig https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip.sig
        gpg --verify awscliv2.sig awscliv2.zip
        unzip awscliv2.zip
        sudo ./aws/install
  aws-assume-role: &aws-assume-role
    run:
      name: assume-role aws creds
      command: |
        # assume role has duration of 15 min (the minimum allowed)
        CREDENTIALS="$(aws sts assume-role --duration-seconds 900 --role-arn ${ROLE_ARN} --role-session-name build-${CIRCLE_SHA1} | jq '.Credentials')"
        echo "export AWS_ACCESS_KEY_ID=$(echo $CREDENTIALS | jq -r '.AccessKeyId')" >> $BASH_ENV
        echo "export AWS_SECRET_ACCESS_KEY=$(echo $CREDENTIALS | jq -r '.SecretAccessKey')" >> $BASH_ENV
        echo "export AWS_SESSION_TOKEN=$(echo $CREDENTIALS | jq -r '.SessionToken')" >> $BASH_ENV
  # This step MUST be at the end of any set of steps due to the 'when' condition
  notify-slack-failure: &notify-slack-failure
    name: notify-slack-failure
    when: on_fail
    command: |
      if [[ $CIRCLE_BRANCH == "master" ]]; then
        CIRCLE_ENDPOINT="https://app.circleci.com/pipelines/github/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}?branch=${CIRCLE_BRANCH}"
        GITHUB_ENDPOINT="https://github.com/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/commit/${CIRCLE_SHA1}"
        COMMIT_MESSAGE=$(git log -1 --pretty=%B | head -n1)
        SHORT_REF=$(git rev-parse --short "${CIRCLE_SHA1}")
        curl -X POST -H 'Content-type: application/json' \
        --data \
        "{ \
        \"attachments\": [ \
            { \
            \"fallback\": \"CircleCI job failed!\", \
            \"text\": \"❌ Failed: \`${CIRCLE_USERNAME}\`'s <${CIRCLE_BUILD_URL}|${CIRCLE_STAGE}> job failed for commit <${GITHUB_ENDPOINT}|${SHORT_REF}> on \`${CIRCLE_BRANCH}\`!\n\n- <${COMMIT_MESSAGE}\", \
            \"footer\": \"${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}\", \
            \"ts\": \"$(date +%s)\", \
            \"color\": \"danger\" \
            } \
        ] \
        }" "${FEED_CONSUL_GH_URL}"
      else
        echo "Not posting slack failure notifications for non-master branch"
      fi
 jobs:
  # lint consul tests
  lint-consul-retry:
@ -307,13 +355,12 @@ jobs:
  # upload development build to s3
  dev-upload-s3:
    docker:
-      - image: circleci/python:stretch
+      - image: *GOLANG_IMAGE
    environment:
      <<: *ENVIRONMENT
    steps:
-      - run:
+      - *get-aws-cli
-          name: Install awscli
+      - *aws-assume-role
          command: sudo pip install awscli
      # get consul binary
      - attach_workspace:
          at: bin/