CI specific init script updates (#45016)

- Add a vault integration so that we don't need Jenkins to do that for
us
   - This will make it easier to enable for windows too
- Move everything to a single file so we can read other secrets in the
same way
This commit is contained in:
Alpar Torok 2019-08-05 13:46:02 +03:00
parent 56083ba1ff
commit f3570aa27b
2 changed files with 82 additions and 56 deletions

View File

@ -1,18 +0,0 @@
if (System.getenv('GRADLE_BUILD_CACHE_URL')) {
gradle.settingsEvaluated { settings ->
settings.buildCache {
remote(HttpBuildCache) {
url = System.getenv('GRADLE_BUILD_CACHE_URL')
push = Boolean.valueOf(System.getenv('GRADLE_BUILD_CACHE_PUSH') ?: 'false')
if (System.getenv('GRADLE_BUILD_CACHE_USERNAME') && System.getenv('GRADLE_BUILD_CACHE_PASSWORD')) {
credentials {
username = System.getenv('GRADLE_BUILD_CACHE_USERNAME')
password = System.getenv('GRADLE_BUILD_CACHE_PASSWORD')
}
}
}
}
}
} else {
throw new GradleException("You must supply a value for GRADLE_BUILD_CACHE_URL environment variable when applying build-cache.gradle init script")
}

View File

@ -1,46 +1,90 @@
if (System.env.ELASTIC_ARTIFACTORY_USERNAME == null || System.env.ELASTIC_ARTIFACTORY_TOKEN == null) {
throw new GradleException("Using init script without configuration")
} else {
logger.info("Using elastic artifactory repos")
settingsEvaluated { settings ->
settings.pluginManagement {
repositories {
maven {
name "artifactory-gradle-plugins"
url "https://artifactory.elstc.co/artifactory/gradle-plugins"
credentials {
username System.env.ELASTIC_ARTIFACTORY_USERNAME
password System.env.ELASTIC_ARTIFACTORY_TOKEN
}
}
gradlePluginPortal()
}
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.Vault;
initscript {
repositories {
mavenCentral()
}
dependencies {
classpath 'com.bettercloud:vault-java-driver:4.1.0'
}
}
['VAULT_ADDR', 'VAULT_ROLE_ID', 'VAULT_SECRET_ID'].each {
if (System.env."$it" == null) {
throw new GradleException("$it must be set!")
}
}
final String vaultToken = new Vault(
new VaultConfig()
.address(System.env.VAULT_ADDR)
.engineVersion(1)
.build()
)
.auth()
.loginByAppRole("approle", System.env.VAULT_ROLE_ID, System.env.VAULT_SECRET_ID)
.getAuthClientToken();
final Vault vault = new Vault(
new VaultConfig()
.address(System.env.VAULT_ADDR)
.engineVersion(1)
.token(vaultToken)
.build()
)
final Map<String,String> artifactoryCredentials = vault.logical()
.read("secret/elasticsearch-ci/artifactory.elstc.co")
.getData();
logger.info("Using elastic artifactory repos")
Closure configCache = {
return {
name "artifactory-gradle-release"
url "https://artifactory.elstc.co/artifactory/gradle-release"
credentials {
username artifactoryCredentials.get("username")
password artifactoryCredentials.get("token")
}
}
projectsLoaded {
allprojects {
buildscript {
repositories {
maven {
name "artifactory-gradle-release"
url "https://artifactory.elstc.co/artifactory/gradle-release/"
credentials {
username System.env.ELASTIC_ARTIFACTORY_USERNAME
password System.env.ELASTIC_ARTIFACTORY_TOKEN
}
}
}
}
}
settingsEvaluated { settings ->
settings.pluginManagement {
repositories {
maven configCache()
}
}
}
projectsLoaded {
allprojects {
buildscript {
repositories {
maven {
name "artifactory-gradle-release"
url "https://artifactory.elstc.co/artifactory/gradle-release/"
credentials {
username System.env.ELASTIC_ARTIFACTORY_USERNAME
password System.env.ELASTIC_ARTIFACTORY_TOKEN
}
maven configCache()
}
}
repositories {
maven configCache()
}
}
}
if (System.env.GRADLE_BUILD_CACHE_URL != null) {
final Map<String,String> buildCacheCredentials = vault.logical()
.read("secret/elasticsearch-ci/gradle-build-cache")
.getData();
gradle.settingsEvaluated { settings ->
settings.buildCache {
remote(HttpBuildCache) {
url = System.getenv('GRADLE_BUILD_CACHE_URL')
push = Boolean.valueOf(System.getenv('GRADLE_BUILD_CACHE_PUSH') ?: 'false')
credentials {
username = buildCacheCredentials.get("username")
password = buildCacheCredentials.get("password")
}
}
}
}
}