actions
/
unity-builder
mirror of https://github.com/game-ci/unity-builder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Kubernetes dynamic secrets

pull/273/head
Frostebite 2021-06-06 20:59:34 +01:00
parent 3c511811db
commit c4eb9ffa3a
4 changed files with 124 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

191
dist/index.js vendored
View File

@ -761,8 +761,15 @@ class Kubernetes {
}
run() {
return __awaiter(this, void 0, void 0, function* () {
const defaultSecretsArray = [
{
ParameterKey: 'GithubToken',
EnvironmentVariable: 'GITHUB_TOKEN',
ParameterValue: this.buildParameters.githubToken,
},
];
// setup
yield this.createSecret();
yield this.createSecret(defaultSecretsArray);
yield this.createPersistentVolumeClaim();
// run
yield this.runCloneJob();
@ -770,7 +777,7 @@ class Kubernetes {
core.setOutput('volume', this.pvcName);
});
}
createSecret() {
createSecret(secrets) {
return __awaiter(this, void 0, void 0, function* () {
const secret = new k8s.V1Secret();
secret.apiVersion = 'v1';
@ -780,12 +787,15 @@ class Kubernetes {
name: this.secretName,
};
secret.data = {
GITHUB_TOKEN: base64.encode(this.buildParameters.githubToken),
UNITY_LICENSE: base64.encode(process.env.UNITY_LICENSE),
ANDROID_KEYSTORE_BASE64: base64.encode(this.buildParameters.androidKeystoreBase64),
ANDROID_KEYSTORE_PASS: base64.encode(this.buildParameters.androidKeystorePass),
ANDROID_KEYALIAS_PASS: base64.encode(this.buildParameters.androidKeyaliasPass),
};
for (const buildSecret of secrets) {
secret.data[buildSecret.EnvironmentVariable] = base64.encode(buildSecret.ParameterValue);
secret.data[`${buildSecret.EnvironmentVariable}_NAME`] = buildSecret.ParameterKey;
}
yield this.kubeClient.createNamespacedSecret(this.namespace, secret);
});
}
@ -976,6 +986,7 @@ class Kubernetes {
'-c',
`apk update;
apk add git-lfs;
ls /credentials/
export GITHUB_TOKEN=$(cat /credentials/GITHUB_TOKEN);
cd /data;
git clone https://github.com/${process.env.GITHUB_REPOSITORY}.git repo;
@ -1722,60 +1733,60 @@ class RemoteBuilder {
core.info('Starting step 1/4 clone and restore cache)');
yield aws_build_platform_1.default.runBuild(buildUid, buildParameters.awsStackName, 'alpine/git', [
'-c',
`apk update;
apk add unzip;
apk add git-lfs;
apk add jq;
# Get source repo for project to be built and game-ci repo for utilties
git clone https://${buildParameters.githubToken}@github.com/${process.env.GITHUB_REPOSITORY}.git ${buildUid}/${repositoryDirectoryName} -q
git clone https://${buildParameters.githubToken}@github.com/game-ci/unity-builder.git ${buildUid}/builder -q
git clone https://${buildParameters.githubToken}@github.com/game-ci/steam-deploy.git ${buildUid}/steam -q
cd /${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/
git checkout $GITHUB_SHA
cd /${efsDirectoryName}/
# Look for usable cache
if [ ! -d ${cacheDirectoryName} ]; then
mkdir ${cacheDirectoryName}
fi
cd ${cacheDirectoryName}
if [ ! -d "${branchName}" ]; then
mkdir "${branchName}"
fi
cd "${branchName}"
echo ''
echo "Cached Libraries for ${branchName} from previous builds:"
ls
echo ''
ls "/${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/${buildParameters.projectPath}"
libDir="/${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/${buildParameters.projectPath}/Library"
if [ -d "$libDir" ]; then
rm -r "$libDir"
echo "Setup .gitignore to ignore Library folder and remove it from builds"
fi
echo 'Checking cache'
# Restore cache
latest=$(ls -t | head -1)
if [ ! -z "$latest" ]; then
echo "Library cache exists from build $latest from ${branchName}"
echo 'Creating empty Library folder for cache'
mkdir $libDir
unzip -q $latest -d $libDir
# purge cache
${process.env.PURGE_REMOTE_BUILDER_CACHE === undefined ? '#' : ''} rm -r $libDir
else
echo 'Cache does not exist'
fi
# Print out important directories
echo ''
echo 'Repo:'
ls /${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/
echo ''
echo 'Project:'
ls /${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/${buildParameters.projectPath}
echo ''
echo 'Library:'
ls /${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/${buildParameters.projectPath}/Library/
echo ''
`apk update;
apk add unzip;
apk add git-lfs;
apk add jq;
# Get source repo for project to be built and game-ci repo for utilties
git clone https://${buildParameters.githubToken}@github.com/${process.env.GITHUB_REPOSITORY}.git ${buildUid}/${repositoryDirectoryName} -q
git clone https://${buildParameters.githubToken}@github.com/game-ci/unity-builder.git ${buildUid}/builder -q
git clone https://${buildParameters.githubToken}@github.com/game-ci/steam-deploy.git ${buildUid}/steam -q
cd /${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/
git checkout $GITHUB_SHA
cd /${efsDirectoryName}/
# Look for usable cache
if [ ! -d ${cacheDirectoryName} ]; then
mkdir ${cacheDirectoryName}
fi
cd ${cacheDirectoryName}
if [ ! -d "${branchName}" ]; then
mkdir "${branchName}"
fi
cd "${branchName}"
echo ''
echo "Cached Libraries for ${branchName} from previous builds:"
ls
echo ''
ls "/${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/${buildParameters.projectPath}"
libDir="/${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/${buildParameters.projectPath}/Library"
if [ -d "$libDir" ]; then
rm -r "$libDir"
echo "Setup .gitignore to ignore Library folder and remove it from builds"
fi
echo 'Checking cache'
# Restore cache
latest=$(ls -t | head -1)
if [ ! -z "$latest" ]; then
echo "Library cache exists from build $latest from ${branchName}"
echo 'Creating empty Library folder for cache'
mkdir $libDir
unzip -q $latest -d $libDir
# purge cache
${process.env.PURGE_REMOTE_BUILDER_CACHE === undefined ? '#' : ''} rm -r $libDir
else
echo 'Cache does not exist'
fi
# Print out important directories
echo ''
echo 'Repo:'
ls /${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/
echo ''
echo 'Project:'
ls /${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/${buildParameters.projectPath}
echo ''
echo 'Library:'
ls /${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/${buildParameters.projectPath}/Library/
echo ''
`,
], `/${efsDirectoryName}`, `/${efsDirectoryName}/`, [
{
@ -1834,13 +1845,13 @@ class RemoteBuilder {
core.info('Starting part 2/4 (build unity project)');
yield aws_build_platform_1.default.runBuild(buildUid, buildParameters.awsStackName, baseImage.toString(), [
'-c',
`
cp -r /${efsDirectoryName}/${buildUid}/builder/dist/default-build-script/ /UnityBuilderAction;
cp -r /${efsDirectoryName}/${buildUid}/builder/dist/entrypoint.sh /entrypoint.sh;
cp -r /${efsDirectoryName}/${buildUid}/builder/dist/steps/ /steps;
chmod -R +x /entrypoint.sh;
chmod -R +x /steps;
/entrypoint.sh;
`
cp -r /${efsDirectoryName}/${buildUid}/builder/dist/default-build-script/ /UnityBuilderAction;
cp -r /${efsDirectoryName}/${buildUid}/builder/dist/entrypoint.sh /entrypoint.sh;
cp -r /${efsDirectoryName}/${buildUid}/builder/dist/steps/ /steps;
chmod -R +x /entrypoint.sh;
chmod -R +x /steps;
/entrypoint.sh;
`,
], `/${efsDirectoryName}`, `/${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/`, [
{
@ -1904,18 +1915,18 @@ class RemoteBuilder {
// Cleanup
yield aws_build_platform_1.default.runBuild(buildUid, buildParameters.awsStackName, 'alpine', [
'-c',
`
apk update
apk add zip
cd Library
zip -r lib-${buildUid}.zip .*
mv lib-${buildUid}.zip /${efsDirectoryName}/${cacheDirectoryName}/${branchName}/lib-${buildUid}.zip
cd ../../
ls
echo ' '
ls ${buildParameters.buildPath}
zip -r build-${buildUid}.zip ${buildParameters.buildPath}/*
mv build-${buildUid}.zip /${efsDirectoryName}/${buildUid}/build-${buildUid}.zip
`
apk update
apk add zip
cd Library
zip -r lib-${buildUid}.zip .*
mv lib-${buildUid}.zip /${efsDirectoryName}/${cacheDirectoryName}/${branchName}/lib-${buildUid}.zip
cd ../../
ls
echo ' '
ls ${buildParameters.buildPath}
zip -r build-${buildUid}.zip ${buildParameters.buildPath}/*
mv build-${buildUid}.zip /${efsDirectoryName}/${buildUid}/build-${buildUid}.zip
`,
], `/${efsDirectoryName}`, `/${efsDirectoryName}/${buildUid}/${repositoryDirectoryName}/${buildParameters.projectPath}`, [
{
@ -1931,11 +1942,11 @@ class RemoteBuilder {
core.info('Starting step 4/4 upload build to s3');
yield aws_build_platform_1.default.runBuild(buildUid, buildParameters.awsStackName, 'amazon/aws-cli', [
'-c',
`
aws s3 cp ${buildUid}/build-${buildUid}.zip s3://game-ci-storage/
# no need to upload Library cache for now
# aws s3 cp /${efsDirectoryName}/${cacheDirectoryName}/${branchName}/lib-${buildUid}.zip s3://game-ci-storage/
${this.SteamDeploy ? '#' : ''} rm -r ${buildUid}
`
aws s3 cp ${buildUid}/build-${buildUid}.zip s3://game-ci-storage/
# no need to upload Library cache for now
# aws s3 cp /${efsDirectoryName}/${cacheDirectoryName}/${branchName}/lib-${buildUid}.zip s3://game-ci-storage/
${this.SteamDeploy ? '#' : ''} rm -r ${buildUid}
`,
], `/${efsDirectoryName}`, `/${efsDirectoryName}/`, [
{
@ -1966,15 +1977,15 @@ class RemoteBuilder {
core.info('Starting steam deployment');
yield aws_build_platform_1.default.runBuild(buildUid, buildParameters.awsStackName, 'cm2network/steamcmd:root', [
'-c',
`
ls
ls /
cp -r /${efsDirectoryName}/${buildUid}/steam/action/entrypoint.sh /entrypoint.sh;
cp -r /${efsDirectoryName}/${buildUid}/steam/action/steps/ /steps;
chmod -R +x /entrypoint.sh;
chmod -R +x /steps;
/entrypoint.sh;
rm -r /${efsDirectoryName}/${buildUid}
`
ls
ls /
cp -r /${efsDirectoryName}/${buildUid}/steam/action/entrypoint.sh /entrypoint.sh;
cp -r /${efsDirectoryName}/${buildUid}/steam/action/steps/ /steps;
chmod -R +x /entrypoint.sh;
chmod -R +x /steps;
/entrypoint.sh;
rm -r /${efsDirectoryName}/${buildUid}
`,
], `/${efsDirectoryName}`, `/${efsDirectoryName}/${buildUid}/steam/action/`, [
{

2
dist/index.js.map vendored
View File

File diff suppressed because one or more lines are too long

19
src/model/kubernetes.ts
View File

@ -4,6 +4,7 @@ import * as core from '@actions/core';
import { KubeConfig, Log } from '@kubernetes/client-node';
import { Writable } from 'stream';
import { RemoteBuilderProviderInterface } from './remote-builder/remote-builder-provider-interface';
import RemoteBuilderSecret from './remote-builder/remote-builder-secret';
const base64 = require('base-64');
const pollInterval = 20000;
@ -49,8 +50,15 @@ class Kubernetes implements RemoteBuilderProviderInterface {
}
async run() {
const defaultSecretsArray = [
{
ParameterKey: 'GithubToken',
EnvironmentVariable: 'GITHUB_TOKEN',
ParameterValue: this.buildParameters.githubToken,
},
];
// setup
await this.createSecret();
await this.createSecret(defaultSecretsArray);
await this.createPersistentVolumeClaim();
// run
@ -60,7 +68,7 @@ class Kubernetes implements RemoteBuilderProviderInterface {
core.setOutput('volume', this.pvcName);
}
async createSecret() {
async createSecret(secrets: RemoteBuilderSecret[]) {
const secret = new k8s.V1Secret();
secret.apiVersion = 'v1';
secret.kind = 'Secret';
@ -70,13 +78,17 @@ class Kubernetes implements RemoteBuilderProviderInterface {
};
secret.data = {
GITHUB_TOKEN: base64.encode(this.buildParameters.githubToken),
UNITY_LICENSE: base64.encode(process.env.UNITY_LICENSE),
ANDROID_KEYSTORE_BASE64: base64.encode(this.buildParameters.androidKeystoreBase64),
ANDROID_KEYSTORE_PASS: base64.encode(this.buildParameters.androidKeystorePass),
ANDROID_KEYALIAS_PASS: base64.encode(this.buildParameters.androidKeyaliasPass),
};
for (const buildSecret of secrets) {
secret.data[buildSecret.EnvironmentVariable] = base64.encode(buildSecret.ParameterValue);
secret.data[`${buildSecret.EnvironmentVariable}_NAME`] = buildSecret.ParameterKey;
}
await this.kubeClient.createNamespacedSecret(this.namespace, secret);
}
@ -266,6 +278,7 @@ class Kubernetes implements RemoteBuilderProviderInterface {
'-c',
`apk update;
apk add git-lfs;
ls /credentials/
export GITHUB_TOKEN=$(cat /credentials/GITHUB_TOKEN);
cd /data;
git clone https://github.com/${process.env.GITHUB_REPOSITORY}.git repo;

11
src/model/remote-builder/remote-builder.ts
View File

@ -2,6 +2,7 @@ import AWSBuildPlatform from './aws-build-platform';
import * as core from '@actions/core';
import { BuildParameters } from '..';
import RemoteBuilderNamespace from './remote-builder-namespace';
import RemoteBuilderSecret from './remote-builder-secret';
const repositoryDirectoryName = 'repo';
const efsDirectoryName = 'data';
const cacheDirectoryName = 'cache';
@ -49,7 +50,7 @@ class RemoteBuilder {
buildUid: string,
buildParameters: BuildParameters,
branchName: string | undefined,
defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
defaultSecretsArray: RemoteBuilderSecret[],
) {
core.info('Starting step 1/4 clone and restore cache)');
await AWSBuildPlatform.runBuild(
@ -132,7 +133,7 @@ class RemoteBuilder {
buildUid: string,
buildParameters: BuildParameters,
baseImage: any,
defaultSecretsArray: any[],
defaultSecretsArray: RemoteBuilderSecret[],
) {
const buildSecrets = new Array();
@ -266,7 +267,7 @@ class RemoteBuilder {
buildUid: string,
buildParameters: BuildParameters,
branchName: string | undefined,
defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
defaultSecretsArray: RemoteBuilderSecret[],
) {
core.info('Starting step 3/4 build compression');
// Cleanup
@ -307,7 +308,7 @@ class RemoteBuilder {
buildUid: string,
buildParameters: BuildParameters,
branchName: string | undefined,
defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
defaultSecretsArray: RemoteBuilderSecret[],
) {
core.info('Starting step 4/4 upload build to s3');
await AWSBuildPlatform.runBuild(
@ -354,7 +355,7 @@ class RemoteBuilder {
private static async DeployToSteam(
buildUid: string,
buildParameters: BuildParameters,
defaultSecretsArray: { ParameterKey: string; EnvironmentVariable: string; ParameterValue: string }[],
defaultSecretsArray: RemoteBuilderSecret[],
) {
core.info('Starting steam deployment');
await AWSBuildPlatform.runBuild(