actions
/
unity-builder
mirror of https://github.com/game-ci/unity-builder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Kubernetes use env var based secrets

pull/310/head
Frostebite 2021-12-29 20:49:13 +00:00
parent f7757c35c1
commit 06c3e2d4f9
5 changed files with 30 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
dist/index.js vendored
View File

@ -1782,7 +1782,7 @@ class Kubernetes {
this.jobName = `unity-builder-job-${buildGuid}`; this.jobName = `unity-builder-job-${buildGuid}`;
this.containerName = `main`; this.containerName = `main`;
yield kubernetes_secret_1.default.createSecret(secrets, this.secretName, this.namespace, this.kubeClient); yield kubernetes_secret_1.default.createSecret(secrets, this.secretName, this.namespace, this.kubeClient);
const jobSpec = kubernetes_job_spec_factory_1.default.getJobSpec(commands, image, mountdir, workingdir, environment, this.buildGuid, this.buildParameters, this.secretName, this.pvcName, this.jobName, k8s); const jobSpec = kubernetes_job_spec_factory_1.default.getJobSpec(commands, image, mountdir, workingdir, environment, secrets, this.buildGuid, this.buildParameters, this.secretName, this.pvcName, this.jobName, k8s);
//run //run
cloud_runner_logger_1.default.log('Creating build job'); cloud_runner_logger_1.default.log('Creating build job');
yield this.kubeClientBatch.createNamespacedJob(this.namespace, jobSpec); yield this.kubeClientBatch.createNamespacedJob(this.namespace, jobSpec);
@ -1866,10 +1866,11 @@ exports.default = Kubernetes;
"use strict"; "use strict";
Object.defineProperty(exports, "__esModule", ({ value: true })); Object.defineProperty(exports, "__esModule", ({ value: true }));
const client_node_1 = __webpack_require__(89679);
const cloud_runner_build_command_process_1 = __webpack_require__(71899); const cloud_runner_build_command_process_1 = __webpack_require__(71899);
const cloud_runner_state_1 = __webpack_require__(70912); const cloud_runner_state_1 = __webpack_require__(70912);
class KubernetesJobSpecFactory { class KubernetesJobSpecFactory {
static getJobSpec(command, image, mountdir, workingDirectory, environment, buildGuid, buildParameters, secretName, pvcName, jobName, k8s) { static getJobSpec(command, image, mountdir, workingDirectory, environment, secrets, buildGuid, buildParameters, secretName, pvcName, jobName, k8s) {
environment.push(...[ environment.push(...[
{ {
name: 'GITHUB_SHA', name: 'GITHUB_SHA',
@ -1965,7 +1966,15 @@ class KubernetesJobSpecFactory {
cpu: buildParameters.cloudRunnerCpu, cpu: buildParameters.cloudRunnerCpu,
}, },
}, },
env: environment, env: [
...environment,
...secrets.map((x) => {
const secret = new client_node_1.V1SecretKeySelector();
secret.key = x.ParameterKey;
secret.name = secretName;
return { name: x.EnvironmentVariable, valueFrom: secret };
}),
],
volumeMounts: [ volumeMounts: [
{ {
name: 'build-mount', name: 'build-mount',
@ -2403,7 +2412,8 @@ class CloudRunnerBuildCommandProcessor {
} }
static GetSecrets(buildParameters) { static GetSecrets(buildParameters) {
return buildParameters.cloudRunnerCluster === `k8s` return buildParameters.cloudRunnerCluster === `k8s`
? `for f in /credentials; do cat $f | base64 && echo $f; done` ? `cd /credentials
for f in ; do cat $f | base echo $f; done`
: ``; : ``;
} }
} }

2
dist/index.js.map vendored
View File

File diff suppressed because one or more lines are too long

1
src/model/cloud-runner/k8s/index.ts
View File

@ -87,6 +87,7 @@ class Kubernetes implements CloudRunnerProviderInterface {
mountdir, mountdir,
workingdir, workingdir,
environment, environment,
secrets,
this.buildGuid, this.buildGuid,
this.buildParameters, this.buildParameters,
this.secretName, this.secretName,

13
src/model/cloud-runner/k8s/kubernetes-job-spec-factory.ts
View File

@ -1,6 +1,8 @@
import { V1SecretKeySelector } from '@kubernetes/client-node';
import BuildParameters from '../../build-parameters'; import BuildParameters from '../../build-parameters';
import { CloudRunnerBuildCommandProcessor } from '../services/cloud-runner-build-command-process'; import { CloudRunnerBuildCommandProcessor } from '../services/cloud-runner-build-command-process';
import CloudRunnerEnvironmentVariable from '../services/cloud-runner-environment-variable'; import CloudRunnerEnvironmentVariable from '../services/cloud-runner-environment-variable';
import CloudRunnerSecret from '../services/cloud-runner-secret';
import { CloudRunnerState } from '../state/cloud-runner-state'; import { CloudRunnerState } from '../state/cloud-runner-state';
class KubernetesJobSpecFactory { class KubernetesJobSpecFactory {
@ -10,6 +12,7 @@ class KubernetesJobSpecFactory {
mountdir: string, mountdir: string,
workingDirectory: string, workingDirectory: string,
environment: CloudRunnerEnvironmentVariable[], environment: CloudRunnerEnvironmentVariable[],
secrets: CloudRunnerSecret[],
buildGuid: string, buildGuid: string,
buildParameters: BuildParameters, buildParameters: BuildParameters,
secretName, secretName,
@ -115,7 +118,15 @@ class KubernetesJobSpecFactory {
cpu: buildParameters.cloudRunnerCpu, cpu: buildParameters.cloudRunnerCpu,
}, },
}, },
env: environment, env: [
...environment,
...secrets.map((x) => {
const secret = new V1SecretKeySelector();
secret.key = x.ParameterKey;
secret.name = secretName;
return { name: x.EnvironmentVariable, valueFrom: secret };
}),
],
volumeMounts: [ volumeMounts: [
{ {
name: 'build-mount', name: 'build-mount',

3
src/model/cloud-runner/services/cloud-runner-build-command-process.ts
View File

@ -11,7 +11,8 @@ export class CloudRunnerBuildCommandProcessor {
} }
static GetSecrets(buildParameters: BuildParameters) { static GetSecrets(buildParameters: BuildParameters) {
return buildParameters.cloudRunnerCluster === `k8s` return buildParameters.cloudRunnerCluster === `k8s`
? `for f in /credentials; do cat $f | base64 && echo $f; done` ? `cd /credentials
for f in ; do cat $f | base echo $f; done`
: ``; : ``;
} }
} }