actions
/
unity-builder
mirror of https://github.com/game-ci/unity-builder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Kubernetes dynamic secrets

pull/273/head
Frostebite 2021-06-06 20:59:34 +01:00
parent 3c511811db
commit c4eb9ffa3a
4 changed files with 124 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
dist/index.js vendored
View File

@ -761,8 +761,15 @@ class Kubernetes {
} }
run() { run() {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
const defaultSecretsArray = [
{
ParameterKey: 'GithubToken',
EnvironmentVariable: 'GITHUB_TOKEN',
ParameterValue: this.buildParameters.githubToken,
},
];
// setup // setup
yield this.createSecret(); yield this.createSecret(defaultSecretsArray);
yield this.createPersistentVolumeClaim(); yield this.createPersistentVolumeClaim();
// run // run
yield this.runCloneJob(); yield this.runCloneJob();
@ -770,7 +777,7 @@ class Kubernetes {
core.setOutput('volume', this.pvcName); core.setOutput('volume', this.pvcName);
}); });
} }
createSecret() { createSecret(secrets) {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
const secret = new k8s.V1Secret(); const secret = new k8s.V1Secret();
secret.apiVersion = 'v1'; secret.apiVersion = 'v1';
@ -780,12 +787,15 @@ class Kubernetes {
name: this.secretName, name: this.secretName,
}; };
secret.data = { secret.data = {
GITHUB_TOKEN: base64.encode(this.buildParameters.githubToken),
UNITY_LICENSE: base64.encode(process.env.UNITY_LICENSE), UNITY_LICENSE: base64.encode(process.env.UNITY_LICENSE),
ANDROID_KEYSTORE_BASE64: base64.encode(this.buildParameters.androidKeystoreBase64), ANDROID_KEYSTORE_BASE64: base64.encode(this.buildParameters.androidKeystoreBase64),
ANDROID_KEYSTORE_PASS: base64.encode(this.buildParameters.androidKeystorePass), ANDROID_KEYSTORE_PASS: base64.encode(this.buildParameters.androidKeystorePass),
ANDROID_KEYALIAS_PASS: base64.encode(this.buildParameters.androidKeyaliasPass), ANDROID_KEYALIAS_PASS: base64.encode(this.buildParameters.androidKeyaliasPass),
}; };
for (const buildSecret of secrets) {
secret.data[buildSecret.EnvironmentVariable] = base64.encode(buildSecret.ParameterValue);
secret.data[`${buildSecret.EnvironmentVariable}_NAME`] = buildSecret.ParameterKey;
}
yield this.kubeClient.createNamespacedSecret(this.namespace, secret); yield this.kubeClient.createNamespacedSecret(this.namespace, secret);
}); });
} }
@ -976,6 +986,7 @@ class Kubernetes {
'-c', '-c',
`apk update; `apk update;
apk add git-lfs; apk add git-lfs;
ls /credentials/
export GITHUB_TOKEN=$(cat /credentials/GITHUB_TOKEN); export GITHUB_TOKEN=$(cat /credentials/GITHUB_TOKEN);
cd /data; cd /data;
git clone https://github.com/${process.env.GITHUB_REPOSITORY}.git repo; git clone https://github.com/${process.env.GITHUB_REPOSITORY}.git repo;

2
dist/index.js.map vendored
View File

File diff suppressed because one or more lines are too long

19
src/model/kubernetes.ts
View File

@ -4,6 +4,7 @@ import * as core from '@actions/core';
import { KubeConfig, Log } from '@kubernetes/client-node'; import { KubeConfig, Log } from '@kubernetes/client-node';
import { Writable } from 'stream'; import { Writable } from 'stream';
import { RemoteBuilderProviderInterface } from './remote-builder/remote-builder-provider-interface'; import { RemoteBuilderProviderInterface } from './remote-builder/remote-builder-provider-interface';
import RemoteBuilderSecret from './remote-builder/remote-builder-secret';
const base64 = require('base-64'); const base64 = require('base-64');
const pollInterval = 20000; const pollInterval = 20000;
@ -49,8 +50,15 @@ class Kubernetes implements RemoteBuilderProviderInterface {
} }
async run() { async run() {
const defaultSecretsArray = [
{
ParameterKey: 'GithubToken',
EnvironmentVariable: 'GITHUB_TOKEN',
ParameterValue: this.buildParameters.githubToken,
},
];
// setup // setup
await this.createSecret(); await this.createSecret(defaultSecretsArray);
await this.createPersistentVolumeClaim(); await this.createPersistentVolumeClaim();
// run // run
@ -60,7 +68,7 @@ class Kubernetes implements RemoteBuilderProviderInterface {
core.setOutput('volume', this.pvcName); core.setOutput('volume', this.pvcName);
} }
async createSecret() { async createSecret(secrets: RemoteBuilderSecret[]) {
const secret = new k8s.V1Secret(); const secret = new k8s.V1Secret();
secret.apiVersion = 'v1'; secret.apiVersion = 'v1';
secret.kind = 'Secret'; secret.kind = 'Secret';
@ -70,13 +78,17 @@ class Kubernetes implements RemoteBuilderProviderInterface {
}; };
secret.data = { secret.data = {
GITHUB_TOKEN: base64.encode(this.buildParameters.githubToken),
UNITY_LICENSE: base64.encode(process.env.UNITY_LICENSE), UNITY_LICENSE: base64.encode(process.env.UNITY_LICENSE),
ANDROID_KEYSTORE_BASE64: base64.encode(this.buildParameters.androidKeystoreBase64), ANDROID_KEYSTORE_BASE64: base64.encode(this.buildParameters.androidKeystoreBase64),
ANDROID_KEYSTORE_PASS: base64.encode(this.buildParameters.androidKeystorePass), ANDROID_KEYSTORE_PASS: base64.encode(this.buildParameters.androidKeystorePass),
ANDROID_KEYALIAS_PASS: base64.encode(this.buildParameters.androidKeyaliasPass), ANDROID_KEYALIAS_PASS: base64.encode(this.buildParameters.androidKeyaliasPass),
}; };
for (const buildSecret of secrets) {
secret.data[buildSecret.EnvironmentVariable] = base64.encode(buildSecret.ParameterValue);
secret.data[`${buildSecret.EnvironmentVariable}_NAME`] = buildSecret.ParameterKey;
}
await this.kubeClient.createNamespacedSecret(this.namespace, secret); await this.kubeClient.createNamespacedSecret(this.namespace, secret);
} }
@ -266,6 +278,7 @@ class Kubernetes implements RemoteBuilderProviderInterface {
'-c', '-c',
`apk update; `apk update;
apk add git-lfs; apk add git-lfs;
ls /credentials/
export GITHUB_TOKEN=$(cat /credentials/GITHUB_TOKEN); export GITHUB_TOKEN=$(cat /credentials/GITHUB_TOKEN);
cd /data; cd /data;
git clone https://github.com/${process.env.GITHUB_REPOSITORY}.git repo; git clone https://github.com/${process.env.GITHUB_REPOSITORY}.git repo;

11
src/model/remote-builder/remote-builder.ts
View File

@ -2,6 +2,7 @@ import AWSBuildPlatform from './aws-build-platform';
import * as core from '@actions/core'; import * as core from '@actions/core';
import { BuildParameters } from '..'; import { BuildParameters } from '..';
import RemoteBuilderNamespace from './remote-builder-namespace'; import RemoteBuilderNamespace from './remote-builder-namespace';
import RemoteBuilderSecret from './remote-builder-secret';
const repositoryDirectoryName = 'repo'; const repositoryDirectoryName = 'repo';
const efsDirectoryName = 'data'; const efsDirectoryName = 'data';
const cacheDirectoryName = 'cache'; const cacheDirectoryName = 'cache';
@ -49,7 +50,7 @@ class RemoteBuilder {
buildUid: string, buildUid: string,
buildParameters: BuildParameters, buildParameters: BuildParameters,
branchName: string | undefined, branchName: string | undefined,
defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[], defaultSecretsArray: RemoteBuilderSecret[],
) { ) {
core.info('Starting step 1/4 clone and restore cache)'); core.info('Starting step 1/4 clone and restore cache)');
await AWSBuildPlatform.runBuild( await AWSBuildPlatform.runBuild(
@ -132,7 +133,7 @@ class RemoteBuilder {
buildUid: string, buildUid: string,
buildParameters: BuildParameters, buildParameters: BuildParameters,
baseImage: any, baseImage: any,
defaultSecretsArray: any[], defaultSecretsArray: RemoteBuilderSecret[],
) { ) {
const buildSecrets = new Array(); const buildSecrets = new Array();
@ -266,7 +267,7 @@ class RemoteBuilder {
buildUid: string, buildUid: string,
buildParameters: BuildParameters, buildParameters: BuildParameters,
branchName: string | undefined, branchName: string | undefined,
defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[], defaultSecretsArray: RemoteBuilderSecret[],
) { ) {
core.info('Starting step 3/4 build compression'); core.info('Starting step 3/4 build compression');
// Cleanup // Cleanup
@ -307,7 +308,7 @@ class RemoteBuilder {
buildUid: string, buildUid: string,
buildParameters: BuildParameters, buildParameters: BuildParameters,
branchName: string | undefined, branchName: string | undefined,
defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[], defaultSecretsArray: RemoteBuilderSecret[],
) { ) {
core.info('Starting step 4/4 upload build to s3'); core.info('Starting step 4/4 upload build to s3');
await AWSBuildPlatform.runBuild( await AWSBuildPlatform.runBuild(
@ -354,7 +355,7 @@ class RemoteBuilder {
private static async DeployToSteam( private static async DeployToSteam(
buildUid: string, buildUid: string,
buildParameters: BuildParameters, buildParameters: BuildParameters,
defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[], defaultSecretsArray: RemoteBuilderSecret[],
) { ) {
core.info('Starting steam deployment'); core.info('Starting steam deployment');
await AWSBuildPlatform.runBuild( await AWSBuildPlatform.runBuild(