From 0e50f6cfd200996e41ba9c4f82b6faf82630e738 Mon Sep 17 00:00:00 2001 From: Daniel Azuma Date: Tue, 19 Nov 2024 03:49:43 +0000 Subject: [PATCH] fix(gas): Get rubygems key from keystore --- .kokoro/gas/trigger-cloud.cfg | 13 ++++++++++++- .kokoro/gas/trigger-generic.cfg | 21 +++++++++++++-------- .kokoro/gas/trigger-protobuf.cfg | 13 ++++++++++++- gas/.toys/gas/kokoro-trigger.rb | 10 +++++++--- 4 files changed, 44 insertions(+), 13 deletions(-) diff --git a/.kokoro/gas/trigger-cloud.cfg b/.kokoro/gas/trigger-cloud.cfg index e54cf6f7..7e8214f0 100644 --- a/.kokoro/gas/trigger-cloud.cfg +++ b/.kokoro/gas/trigger-cloud.cfg @@ -37,7 +37,18 @@ env_vars: { # Path to the RubyGems API key file for the google-cloud account. env_vars: { key: "GAS_RUBYGEMS_KEY_FILE" - value: "rubygems-token-cloud.txt" + value: "73713_rubygems-publish-key" +} + +# Pick up Rubygems key from internal keystore +before_action { + fetch_keystore { + keystore_resource { + keystore_config_id: 73713 + keyname: "rubygems-publish-key" + backend: "blade:keystore-fastconfigpush" + } + } } # Store the packages uploaded to rubygems.org, which diff --git a/.kokoro/gas/trigger-generic.cfg b/.kokoro/gas/trigger-generic.cfg index 293a87cb..5b6f5dad 100644 --- a/.kokoro/gas/trigger-generic.cfg +++ b/.kokoro/gas/trigger-generic.cfg @@ -7,19 +7,13 @@ action { } } -# Download Ruby-cloud resources -gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/google-cloud-ruby" - -# Download trampoline resources -gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/trampoline" - # Use the trampoline script to run in docker. build_file: "ruby-common-tools/.kokoro/gas/trigger_trampoline.sh" # Configure the docker image for kokoro-trampoline. env_vars: { key: "TRAMPOLINE_IMAGE" - value: "gcr.io/cloud-devrel-kokoro-resources/yoshi-ruby/release" + value: "us-central1-docker.pkg.dev/cloud-sdk-release-custom-pool/release-images/ruby-multi" } # Entrypoint @@ -43,7 +37,18 @@ env_vars: { # This must be set when invoking the job. env_vars: { key: "GAS_RUBYGEMS_KEY_FILE" - value: "rubygems-token-generic.txt" + value: "73713_rubygems-publish-key" +} + +# Pick up Rubygems key from internal keystore +before_action { + fetch_keystore { + keystore_resource { + keystore_config_id: 73713 + keyname: "rubygems-publish-key" + backend: "blade:keystore-fastconfigpush" + } + } } # Store the packages uploaded to rubygems.org, which diff --git a/.kokoro/gas/trigger-protobuf.cfg b/.kokoro/gas/trigger-protobuf.cfg index 92df7f8c..ef388ce7 100644 --- a/.kokoro/gas/trigger-protobuf.cfg +++ b/.kokoro/gas/trigger-protobuf.cfg @@ -37,7 +37,18 @@ env_vars: { # Path to the RubyGems API key file for the protobuf account. env_vars: { key: "GAS_RUBYGEMS_KEY_FILE" - value: "rubygems-token-protobuf.txt" + value: "73713_rubygems-token-protobuf" +} + +# Pick up Rubygems key from internal keystore +before_action { + fetch_keystore { + keystore_resource { + keystore_config_id: 73713 + keyname: "rubygems-token-protobuf" + backend: "blade:keystore-fastconfigpush" + } + } } # Store the packages uploaded to rubygems.org, which diff --git a/gas/.toys/gas/kokoro-trigger.rb b/gas/.toys/gas/kokoro-trigger.rb index dd378f96..51f6dcc4 100644 --- a/gas/.toys/gas/kokoro-trigger.rb +++ b/gas/.toys/gas/kokoro-trigger.rb @@ -25,6 +25,8 @@ "", "KOKORO_GFILE_DIR - Base directory for gfile inclusion. Should be set by " \ "the Kokoro environment. (Required.)", + "KOKORO_KEYSTORE_DIR - Base directory for keystore data. Should be set by " \ + "the Kokoro environment. (Required.)", "GAS_SOURCE_GEM - The gfile path (i.e. relative to KOKORO_GFILE_DIR) for " \ "the source gem input. If a directory is provided, it must contain, " \ "recursively, exactly one source gem. Required.", @@ -36,8 +38,9 @@ "built into binary gems. Optional.", "GAS_RUBY_VERSIONS - Colon-delimited list of Ruby versions that should " \ "be built against. Optional.", - "GAS_RUBYGEMS_KEY_FILE - The gfile path to a file that contains the API " \ - "token for Rubygems, to use for publication. Required." + "GAS_RUBYGEMS_KEY_FILE - The keystore path to a file that contains the API " \ + "token for Rubygems, to use for publication. Should be in the form " \ + "{keystoreConfigId}_{keyName}. Required." include :fileutils include :exec, e: true @@ -56,6 +59,7 @@ def run # See the long description for details. def read_input gfile_dir = ENV["KOKORO_GFILE_DIR"] + keystore_dir = ENV["KOKORO_KEYSTORE_DIR"] @source_gem = File.join gfile_dir, ENV["GAS_SOURCE_GEM"] if File.directory? @source_gem candidates = Dir.glob "#{@source_gem}/**/*.gem" @@ -65,7 +69,7 @@ def read_input @additional_gems = ENV["GAS_ADDITIONAL_GEMS"].to_s.split(":").map { |path| File.join gfile_dir, path } @platforms = ENV["GAS_PLATFORMS"].tr ":", "," @ruby_versions = ENV["GAS_RUBY_VERSIONS"].tr ":", "," - @rubygems_key_file = File.join gfile_dir, ENV["GAS_RUBYGEMS_KEY_FILE"] + @rubygems_key_file = File.join keystore_dir, ENV["GAS_RUBYGEMS_KEY_FILE"] @dry_run = !ENV["GAS_DRY_RUN"].to_s.empty? @workspace_dir = ENV["GAS_WORKSPACE_DIR"] || "workspace" @artifacts_dir = ENV["GAS_ARTIFACTS_DIR"] || "artifacts"