actions
/
unity-builder
mirror of https://github.com/game-ci/unity-builder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Kubernetes dynamic secrets

pull/273/head
Frostebite 2021-06-06 20:59:34 +01:00
parent 3c511811db
commit c4eb9ffa3a
4 changed files with 124 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

191
dist/index.js vendored
View File

@ -761,8 +761,15 @@ class Kubernetes {
} }
run() { run() {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
const defaultSecretsArray = [
{
ParameterKey: 'GithubToken',
EnvironmentVariable: 'GITHUB_TOKEN',
ParameterValue: this.buildParameters.githubToken,
},
];
// setup // setup
yield this.createSecret(); yield this.createSecret(defaultSecretsArray);
yield this.createPersistentVolumeClaim(); yield this.createPersistentVolumeClaim();
// run // run
yield this.runCloneJob(); yield this.runCloneJob();
@ -770,7 +777,7 @@ class Kubernetes {
core.setOutput('volume', this.pvcName); core.setOutput('volume', this.pvcName);
}); });
} }
createSecret() { createSecret(secrets) {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
const secret = new k8s.V1Secret(); const secret = new k8s.V1Secret();
secret.apiVersion = 'v1'; secret.apiVersion = 'v1';
@ -780,12 +787,15 @@ class Kubernetes {
name: this.secretName, name: this.secretName,
}; };
secret.data = { secret.data = {
GITHUB_TOKEN: base64.encode(this.buildParameters.githubToken),
UNITY_LICENSE: base64.encode(process.env.UNITY_LICENSE), UNITY_LICENSE: base64.encode(process.env.UNITY_LICENSE),
ANDROID_KEYSTORE_BASE64: base64.encode(this.buildParameters.androidKeystoreBase64), ANDROID_KEYSTORE_BASE64: base64.encode(this.buildParameters.androidKeystoreBase64),
ANDROID_KEYSTORE_PASS: base64.encode(this.buildParameters.androidKeystorePass), ANDROID_KEYSTORE_PASS: base64.encode(this.buildParameters.androidKeystorePass),
ANDROID_KEYALIAS_PASS: base64.encode(this.buildParameters.androidKeyaliasPass), ANDROID_KEYALIAS_PASS: base64.encode(this.buildParameters.androidKeyaliasPass),
}; };
for (const buildSecret of secrets) {
secret.data[buildSecret.EnvironmentVariable] = base64.encode(buildSecret.ParameterValue);
secret.data[`${buildSecret.EnvironmentVariable}_NAME`] = buildSecret.ParameterKey;
}
yield this.kubeClient.createNamespacedSecret(this.namespace, secret); yield this.kubeClient.createNamespacedSecret(this.namespace, secret);
}); });
} }
@ -976,6 +986,7 @@ class Kubernetes {
'-c', '-c',
`apk update; `apk update;
apk add git-lfs; apk add git-lfs;
ls /credentials/
export GITHUB_TOKEN=$(cat /credentials/GITHUB_TOKEN); export GITHUB_TOKEN=$(cat /credentials/GITHUB_TOKEN);
cd /data; cd /data;
git clone https://github.com/${process.env.GITHUB_REPOSITORY}.git repo; git clone https://github.com/${process.env.GITHUB_REPOSITORY}.git repo;
@ -1722,60 +1733,60 @@ class RemoteBuilder {
core.info('Starting step 1/4 clone and restore cache)'); core.info('Starting step 1/4 clone and restore cache)');
yield aws_build_platform_1.default.runBuild(buildUid, buildParameters.awsStackName, 'alpine/git', [ yield aws_build_platform_1.default.runBuild(buildUid, buildParameters.awsStackName, 'alpine/git', [
'-c', '-c',
`apk update; `apk update;
apk add unzip; apk add unzip;
apk add git-lfs; apk add git-lfs;
apk add jq; apk add jq;
# Get source repo for project to be built and game-ci repo for utilties # Get source repo for project to be built and game-ci repo for utilties
git clone https://${buildParameters.githubToken}@github.com/${process.env.GITHUB_REPOSITORY}.git ${buildUid}/${repositoryDirectoryName} -q git clone https://${buildParameters.githubToken}@github.com/${process.env.GITHUB_REPOSITORY}.git ${buildUid}/${repositoryDirectoryName} -q
git clone https://${buildParameters.githubToken}@github.com/game-ci/unity-builder.git ${buildUid}/builder -q git clone https://${buildParameters.githubToken}@github.com/game-ci/unity-builder.git ${buildUid}/builder -q
git clone https://${buildParameters.githubToken}@github.com/game-ci/steam-deploy.git ${buildUid}/steam -q git clone https://${buildParameters.githubToken}@github.com/game-ci/steam-deploy.git ${buildUid}/steam -q
cd /${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/ cd /${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/
git checkout $GITHUB_SHA git checkout $GITHUB_SHA
cd /${efsDirectoryName}/ cd /${efsDirectoryName}/
# Look for usable cache # Look for usable cache
if [ ! -d ${cacheDirectoryName} ]; then if [ ! -d ${cacheDirectoryName} ]; then
mkdir ${cacheDirectoryName} mkdir ${cacheDirectoryName}
fi fi
cd ${cacheDirectoryName} cd ${cacheDirectoryName}
if [ ! -d "${branchName}" ]; then if [ ! -d "${branchName}" ]; then
mkdir "${branchName}" mkdir "${branchName}"
fi fi
cd "${branchName}" cd "${branchName}"
echo '' echo ''
echo "Cached Libraries for ${branchName} from previous builds:" echo "Cached Libraries for ${branchName} from previous builds:"
ls ls
echo '' echo ''
ls "/${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/${buildParameters.projectPath}" ls "/${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/${buildParameters.projectPath}"
libDir="/${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/${buildParameters.projectPath}/Library" libDir="/${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/${buildParameters.projectPath}/Library"
if [ -d "$libDir" ]; then if [ -d "$libDir" ]; then
rm -r "$libDir" rm -r "$libDir"
echo "Setup .gitignore to ignore Library folder and remove it from builds" echo "Setup .gitignore to ignore Library folder and remove it from builds"
fi fi
echo 'Checking cache' echo 'Checking cache'
# Restore cache # Restore cache
latest=$(ls -t | head -1) latest=$(ls -t | head -1)
if [ ! -z "$latest" ]; then if [ ! -z "$latest" ]; then
echo "Library cache exists from build $latest from ${branchName}" echo "Library cache exists from build $latest from ${branchName}"
echo 'Creating empty Library folder for cache' echo 'Creating empty Library folder for cache'
mkdir $libDir mkdir $libDir
unzip -q $latest -d $libDir unzip -q $latest -d $libDir
# purge cache # purge cache
${process.env.PURGE_REMOTE_BUILDER_CACHE === undefined ? '#' : ''} rm -r $libDir ${process.env.PURGE_REMOTE_BUILDER_CACHE === undefined ? '#' : ''} rm -r $libDir
else else
echo 'Cache does not exist' echo 'Cache does not exist'
fi fi
# Print out important directories # Print out important directories
echo '' echo ''
echo 'Repo:' echo 'Repo:'
ls /${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/ ls /${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/
echo '' echo ''
echo 'Project:' echo 'Project:'
ls /${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/${buildParameters.projectPath} ls /${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/${buildParameters.projectPath}
echo '' echo ''
echo 'Library:' echo 'Library:'
ls /${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/${buildParameters.projectPath}/Library/ ls /${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/${buildParameters.projectPath}/Library/
echo '' echo ''
`, `,
], `/${efsDirectoryName}`, `/${efsDirectoryName}/`, [ ], `/${efsDirectoryName}`, `/${efsDirectoryName}/`, [
{ {
@ -1834,13 +1845,13 @@ class RemoteBuilder {
core.info('Starting part 2/4 (build unity project)'); core.info('Starting part 2/4 (build unity project)');
yield aws_build_platform_1.default.runBuild(buildUid, buildParameters.awsStackName, baseImage.toString(), [ yield aws_build_platform_1.default.runBuild(buildUid, buildParameters.awsStackName, baseImage.toString(), [
'-c', '-c',
` `
cp -r /${efsDirectoryName}/${buildUid}/builder/dist/default-build-script/ /UnityBuilderAction; cp -r /${efsDirectoryName}/${buildUid}/builder/dist/default-build-script/ /UnityBuilderAction;
cp -r /${efsDirectoryName}/${buildUid}/builder/dist/entrypoint.sh /entrypoint.sh; cp -r /${efsDirectoryName}/${buildUid}/builder/dist/entrypoint.sh /entrypoint.sh;
cp -r /${efsDirectoryName}/${buildUid}/builder/dist/steps/ /steps; cp -r /${efsDirectoryName}/${buildUid}/builder/dist/steps/ /steps;
chmod -R +x /entrypoint.sh; chmod -R +x /entrypoint.sh;
chmod -R +x /steps; chmod -R +x /steps;
/entrypoint.sh; /entrypoint.sh;
`, `,
], `/${efsDirectoryName}`, `/${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/`, [ ], `/${efsDirectoryName}`, `/${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/`, [
{ {
@ -1904,18 +1915,18 @@ class RemoteBuilder {
// Cleanup // Cleanup
yield aws_build_platform_1.default.runBuild(buildUid, buildParameters.awsStackName, 'alpine', [ yield aws_build_platform_1.default.runBuild(buildUid, buildParameters.awsStackName, 'alpine', [
'-c', '-c',
` `
apk update apk update
apk add zip apk add zip
cd Library cd Library
zip -r lib-${buildUid}.zip .* zip -r lib-${buildUid}.zip .*
mv lib-${buildUid}.zip /${efsDirectoryName}/${cacheDirectoryName}/${branchName}/lib-${buildUid}.zip mv lib-${buildUid}.zip /${efsDirectoryName}/${cacheDirectoryName}/${branchName}/lib-${buildUid}.zip
cd ../../ cd ../../
ls ls
echo ' ' echo ' '
ls ${buildParameters.buildPath} ls ${buildParameters.buildPath}
zip -r build-${buildUid}.zip ${buildParameters.buildPath}/* zip -r build-${buildUid}.zip ${buildParameters.buildPath}/*
mv build-${buildUid}.zip /${efsDirectoryName}/${buildUid}/build-${buildUid}.zip mv build-${buildUid}.zip /${efsDirectoryName}/${buildUid}/build-${buildUid}.zip
`, `,
], `/${efsDirectoryName}`, `/${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/${buildParameters.projectPath}`, [ ], `/${efsDirectoryName}`, `/${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/${buildParameters.projectPath}`, [
{ {
@ -1931,11 +1942,11 @@ class RemoteBuilder {
core.info('Starting step 4/4 upload build to s3'); core.info('Starting step 4/4 upload build to s3');
yield aws_build_platform_1.default.runBuild(buildUid, buildParameters.awsStackName, 'amazon/aws-cli', [ yield aws_build_platform_1.default.runBuild(buildUid, buildParameters.awsStackName, 'amazon/aws-cli', [
'-c', '-c',
` `
aws s3 cp ${buildUid}/build-${buildUid}.zip s3://game-ci-storage/ aws s3 cp ${buildUid}/build-${buildUid}.zip s3://game-ci-storage/
# no need to upload Library cache for now # no need to upload Library cache for now
# aws s3 cp /${efsDirectoryName}/${cacheDirectoryName}/${branchName}/lib-${buildUid}.zip s3://game-ci-storage/ # aws s3 cp /${efsDirectoryName}/${cacheDirectoryName}/${branchName}/lib-${buildUid}.zip s3://game-ci-storage/
${this.SteamDeploy ? '#' : ''} rm -r ${buildUid} ${this.SteamDeploy ? '#' : ''} rm -r ${buildUid}
`, `,
], `/${efsDirectoryName}`, `/${efsDirectoryName}/`, [ ], `/${efsDirectoryName}`, `/${efsDirectoryName}/`, [
{ {
@ -1966,15 +1977,15 @@ class RemoteBuilder {
core.info('Starting steam deployment'); core.info('Starting steam deployment');
yield aws_build_platform_1.default.runBuild(buildUid, buildParameters.awsStackName, 'cm2network/steamcmd:root', [ yield aws_build_platform_1.default.runBuild(buildUid, buildParameters.awsStackName, 'cm2network/steamcmd:root', [
'-c', '-c',
` `
ls ls
ls / ls /
cp -r /${efsDirectoryName}/${buildUid}/steam/action/entrypoint.sh /entrypoint.sh; cp -r /${efsDirectoryName}/${buildUid}/steam/action/entrypoint.sh /entrypoint.sh;
cp -r /${efsDirectoryName}/${buildUid}/steam/action/steps/ /steps; cp -r /${efsDirectoryName}/${buildUid}/steam/action/steps/ /steps;
chmod -R +x /entrypoint.sh; chmod -R +x /entrypoint.sh;
chmod -R +x /steps; chmod -R +x /steps;
/entrypoint.sh; /entrypoint.sh;
rm -r /${efsDirectoryName}/${buildUid} rm -r /${efsDirectoryName}/${buildUid}
`, `,
], `/${efsDirectoryName}`, `/${efsDirectoryName}/${buildUid}/steam/action/`, [ ], `/${efsDirectoryName}`, `/${efsDirectoryName}/${buildUid}/steam/action/`, [
{ {

2
dist/index.js.map vendored
View File

File diff suppressed because one or more lines are too long

19
src/model/kubernetes.ts
View File

@ -4,6 +4,7 @@ import * as core from '@actions/core';
import { KubeConfig, Log } from '@kubernetes/client-node'; import { KubeConfig, Log } from '@kubernetes/client-node';
import { Writable } from 'stream'; import { Writable } from 'stream';
import { RemoteBuilderProviderInterface } from './remote-builder/remote-builder-provider-interface'; import { RemoteBuilderProviderInterface } from './remote-builder/remote-builder-provider-interface';
import RemoteBuilderSecret from './remote-builder/remote-builder-secret';
const base64 = require('base-64'); const base64 = require('base-64');
const pollInterval = 20000; const pollInterval = 20000;
@ -49,8 +50,15 @@ class Kubernetes implements RemoteBuilderProviderInterface {
} }
async run() { async run() {
const defaultSecretsArray = [
{
ParameterKey: 'GithubToken',
EnvironmentVariable: 'GITHUB_TOKEN',
ParameterValue: this.buildParameters.githubToken,
},
];
// setup // setup
await this.createSecret(); await this.createSecret(defaultSecretsArray);
await this.createPersistentVolumeClaim(); await this.createPersistentVolumeClaim();
// run // run
@ -60,7 +68,7 @@ class Kubernetes implements RemoteBuilderProviderInterface {
core.setOutput('volume', this.pvcName); core.setOutput('volume', this.pvcName);
} }
async createSecret() { async createSecret(secrets: RemoteBuilderSecret[]) {
const secret = new k8s.V1Secret(); const secret = new k8s.V1Secret();
secret.apiVersion = 'v1'; secret.apiVersion = 'v1';
secret.kind = 'Secret'; secret.kind = 'Secret';
@ -70,13 +78,17 @@ class Kubernetes implements RemoteBuilderProviderInterface {
}; };
secret.data = { secret.data = {
GITHUB_TOKEN: base64.encode(this.buildParameters.githubToken),
UNITY_LICENSE: base64.encode(process.env.UNITY_LICENSE), UNITY_LICENSE: base64.encode(process.env.UNITY_LICENSE),
ANDROID_KEYSTORE_BASE64: base64.encode(this.buildParameters.androidKeystoreBase64), ANDROID_KEYSTORE_BASE64: base64.encode(this.buildParameters.androidKeystoreBase64),
ANDROID_KEYSTORE_PASS: base64.encode(this.buildParameters.androidKeystorePass), ANDROID_KEYSTORE_PASS: base64.encode(this.buildParameters.androidKeystorePass),
ANDROID_KEYALIAS_PASS: base64.encode(this.buildParameters.androidKeyaliasPass), ANDROID_KEYALIAS_PASS: base64.encode(this.buildParameters.androidKeyaliasPass),
}; };
for (const buildSecret of secrets) {
secret.data[buildSecret.EnvironmentVariable] = base64.encode(buildSecret.ParameterValue);
secret.data[`${buildSecret.EnvironmentVariable}_NAME`] = buildSecret.ParameterKey;
}
await this.kubeClient.createNamespacedSecret(this.namespace, secret); await this.kubeClient.createNamespacedSecret(this.namespace, secret);
} }
@ -266,6 +278,7 @@ class Kubernetes implements RemoteBuilderProviderInterface {
'-c', '-c',
`apk update; `apk update;
apk add git-lfs; apk add git-lfs;
ls /credentials/
export GITHUB_TOKEN=$(cat /credentials/GITHUB_TOKEN); export GITHUB_TOKEN=$(cat /credentials/GITHUB_TOKEN);
cd /data; cd /data;
git clone https://github.com/${process.env.GITHUB_REPOSITORY}.git repo; git clone https://github.com/${process.env.GITHUB_REPOSITORY}.git repo;

11
src/model/remote-builder/remote-builder.ts
View File

@ -2,6 +2,7 @@ import AWSBuildPlatform from './aws-build-platform';
import * as core from '@actions/core'; import * as core from '@actions/core';
import { BuildParameters } from '..'; import { BuildParameters } from '..';
import RemoteBuilderNamespace from './remote-builder-namespace'; import RemoteBuilderNamespace from './remote-builder-namespace';
import RemoteBuilderSecret from './remote-builder-secret';
const repositoryDirectoryName = 'repo'; const repositoryDirectoryName = 'repo';
const efsDirectoryName = 'data'; const efsDirectoryName = 'data';
const cacheDirectoryName = 'cache'; const cacheDirectoryName = 'cache';
@ -49,7 +50,7 @@ class RemoteBuilder {
buildUid: string, buildUid: string,
buildParameters: BuildParameters, buildParameters: BuildParameters,
branchName: string | undefined, branchName: string | undefined,
defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[], defaultSecretsArray: RemoteBuilderSecret[],
) { ) {
core.info('Starting step 1/4 clone and restore cache)'); core.info('Starting step 1/4 clone and restore cache)');
await AWSBuildPlatform.runBuild( await AWSBuildPlatform.runBuild(
@ -132,7 +133,7 @@ class RemoteBuilder {
buildUid: string, buildUid: string,
buildParameters: BuildParameters, buildParameters: BuildParameters,
baseImage: any, baseImage: any,
defaultSecretsArray: any[], defaultSecretsArray: RemoteBuilderSecret[],
) { ) {
const buildSecrets = new Array(); const buildSecrets = new Array();
@ -266,7 +267,7 @@ class RemoteBuilder {
buildUid: string, buildUid: string,
buildParameters: BuildParameters, buildParameters: BuildParameters,
branchName: string | undefined, branchName: string | undefined,
defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[], defaultSecretsArray: RemoteBuilderSecret[],
) { ) {
core.info('Starting step 3/4 build compression'); core.info('Starting step 3/4 build compression');
// Cleanup // Cleanup
@ -307,7 +308,7 @@ class RemoteBuilder {
buildUid: string, buildUid: string,
buildParameters: BuildParameters, buildParameters: BuildParameters,
branchName: string | undefined, branchName: string | undefined,
defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[], defaultSecretsArray: RemoteBuilderSecret[],
) { ) {
core.info('Starting step 4/4 upload build to s3'); core.info('Starting step 4/4 upload build to s3');
await AWSBuildPlatform.runBuild( await AWSBuildPlatform.runBuild(
@ -354,7 +355,7 @@ class RemoteBuilder {
private static async DeployToSteam( private static async DeployToSteam(
buildUid: string, buildUid: string,
buildParameters: BuildParameters, buildParameters: BuildParameters,
defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[], defaultSecretsArray: RemoteBuilderSecret[],
) { ) {
core.info('Starting steam deployment'); core.info('Starting steam deployment');
await AWSBuildPlatform.runBuild( await AWSBuildPlatform.runBuild(