CI specific init script updates (#45016)
- Add a vault integration so that we don't need Jenkins to do that for us - This will make it easier to enable for windows too - Move everything to a single file so we can read other secrets in the same way
This commit is contained in:
parent
56083ba1ff
commit
f3570aa27b
|
@ -1,18 +0,0 @@
|
|||
if (System.getenv('GRADLE_BUILD_CACHE_URL')) {
|
||||
gradle.settingsEvaluated { settings ->
|
||||
settings.buildCache {
|
||||
remote(HttpBuildCache) {
|
||||
url = System.getenv('GRADLE_BUILD_CACHE_URL')
|
||||
push = Boolean.valueOf(System.getenv('GRADLE_BUILD_CACHE_PUSH') ?: 'false')
|
||||
if (System.getenv('GRADLE_BUILD_CACHE_USERNAME') && System.getenv('GRADLE_BUILD_CACHE_PASSWORD')) {
|
||||
credentials {
|
||||
username = System.getenv('GRADLE_BUILD_CACHE_USERNAME')
|
||||
password = System.getenv('GRADLE_BUILD_CACHE_PASSWORD')
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
throw new GradleException("You must supply a value for GRADLE_BUILD_CACHE_URL environment variable when applying build-cache.gradle init script")
|
||||
}
|
120
.ci/init.gradle
120
.ci/init.gradle
|
@ -1,46 +1,90 @@
|
|||
if (System.env.ELASTIC_ARTIFACTORY_USERNAME == null || System.env.ELASTIC_ARTIFACTORY_TOKEN == null) {
|
||||
throw new GradleException("Using init script without configuration")
|
||||
} else {
|
||||
logger.info("Using elastic artifactory repos")
|
||||
settingsEvaluated { settings ->
|
||||
settings.pluginManagement {
|
||||
repositories {
|
||||
maven {
|
||||
name "artifactory-gradle-plugins"
|
||||
url "https://artifactory.elstc.co/artifactory/gradle-plugins"
|
||||
credentials {
|
||||
username System.env.ELASTIC_ARTIFACTORY_USERNAME
|
||||
password System.env.ELASTIC_ARTIFACTORY_TOKEN
|
||||
}
|
||||
}
|
||||
gradlePluginPortal()
|
||||
}
|
||||
import com.bettercloud.vault.VaultConfig;
|
||||
import com.bettercloud.vault.Vault;
|
||||
|
||||
initscript {
|
||||
repositories {
|
||||
mavenCentral()
|
||||
}
|
||||
dependencies {
|
||||
classpath 'com.bettercloud:vault-java-driver:4.1.0'
|
||||
}
|
||||
}
|
||||
|
||||
['VAULT_ADDR', 'VAULT_ROLE_ID', 'VAULT_SECRET_ID'].each {
|
||||
if (System.env."$it" == null) {
|
||||
throw new GradleException("$it must be set!")
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
final String vaultToken = new Vault(
|
||||
new VaultConfig()
|
||||
.address(System.env.VAULT_ADDR)
|
||||
.engineVersion(1)
|
||||
.build()
|
||||
)
|
||||
.auth()
|
||||
.loginByAppRole("approle", System.env.VAULT_ROLE_ID, System.env.VAULT_SECRET_ID)
|
||||
.getAuthClientToken();
|
||||
|
||||
final Vault vault = new Vault(
|
||||
new VaultConfig()
|
||||
.address(System.env.VAULT_ADDR)
|
||||
.engineVersion(1)
|
||||
.token(vaultToken)
|
||||
.build()
|
||||
)
|
||||
|
||||
final Map<String,String> artifactoryCredentials = vault.logical()
|
||||
.read("secret/elasticsearch-ci/artifactory.elstc.co")
|
||||
.getData();
|
||||
|
||||
logger.info("Using elastic artifactory repos")
|
||||
Closure configCache = {
|
||||
return {
|
||||
name "artifactory-gradle-release"
|
||||
url "https://artifactory.elstc.co/artifactory/gradle-release"
|
||||
credentials {
|
||||
username artifactoryCredentials.get("username")
|
||||
password artifactoryCredentials.get("token")
|
||||
}
|
||||
}
|
||||
projectsLoaded {
|
||||
allprojects {
|
||||
buildscript {
|
||||
repositories {
|
||||
maven {
|
||||
name "artifactory-gradle-release"
|
||||
url "https://artifactory.elstc.co/artifactory/gradle-release/"
|
||||
credentials {
|
||||
username System.env.ELASTIC_ARTIFACTORY_USERNAME
|
||||
password System.env.ELASTIC_ARTIFACTORY_TOKEN
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
settingsEvaluated { settings ->
|
||||
settings.pluginManagement {
|
||||
repositories {
|
||||
maven configCache()
|
||||
}
|
||||
}
|
||||
}
|
||||
projectsLoaded {
|
||||
allprojects {
|
||||
buildscript {
|
||||
repositories {
|
||||
maven {
|
||||
name "artifactory-gradle-release"
|
||||
url "https://artifactory.elstc.co/artifactory/gradle-release/"
|
||||
credentials {
|
||||
username System.env.ELASTIC_ARTIFACTORY_USERNAME
|
||||
password System.env.ELASTIC_ARTIFACTORY_TOKEN
|
||||
}
|
||||
maven configCache()
|
||||
}
|
||||
}
|
||||
repositories {
|
||||
maven configCache()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (System.env.GRADLE_BUILD_CACHE_URL != null) {
|
||||
final Map<String,String> buildCacheCredentials = vault.logical()
|
||||
.read("secret/elasticsearch-ci/gradle-build-cache")
|
||||
.getData();
|
||||
gradle.settingsEvaluated { settings ->
|
||||
settings.buildCache {
|
||||
remote(HttpBuildCache) {
|
||||
url = System.getenv('GRADLE_BUILD_CACHE_URL')
|
||||
push = Boolean.valueOf(System.getenv('GRADLE_BUILD_CACHE_PUSH') ?: 'false')
|
||||
credentials {
|
||||
username = buildCacheCredentials.get("username")
|
||||
password = buildCacheCredentials.get("password")
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue