Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| abf9e6471b |
@@ -10,7 +10,7 @@ jobs:
|
|||||||
runs-on: almalinux-8
|
runs-on: almalinux-8
|
||||||
container:
|
container:
|
||||||
image: git.unkin.net/unkin/almalinux8-actionsdind:latest
|
image: git.unkin.net/unkin/almalinux8-actionsdind:latest
|
||||||
options: "--privileged --volume /etc/pki/tls/vault:/etc/pki/tls/vault:ro"
|
options: --privileged
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
@@ -36,7 +36,7 @@ jobs:
|
|||||||
runs-on: almalinux-8
|
runs-on: almalinux-8
|
||||||
container:
|
container:
|
||||||
image: git.unkin.net/unkin/almalinux9-actionsdind:latest
|
image: git.unkin.net/unkin/almalinux9-actionsdind:latest
|
||||||
options: "--privileged --volume /etc/pki/tls/vault:/etc/pki/tls/vault:ro"
|
options: --privileged
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
|
|||||||
+2
-7
@@ -47,11 +47,8 @@ def get_vault_client() -> hvac.Client:
|
|||||||
logger.error("VAULT_ROLE_ID environment variable is required")
|
logger.error("VAULT_ROLE_ID environment variable is required")
|
||||||
raise ValueError("VAULT_ROLE_ID environment variable is required")
|
raise ValueError("VAULT_ROLE_ID environment variable is required")
|
||||||
|
|
||||||
# Initialize Vault client with CA certificate
|
# Initialize Vault client
|
||||||
client = hvac.Client(
|
client = hvac.Client(url=vault_addr)
|
||||||
url=vault_addr,
|
|
||||||
verify='/etc/pki/tls/cert.pem'
|
|
||||||
)
|
|
||||||
|
|
||||||
# Authenticate using AppRole
|
# Authenticate using AppRole
|
||||||
try:
|
try:
|
||||||
@@ -87,7 +84,6 @@ def get_api_tokens() -> Tuple[str, str]:
|
|||||||
# Read GitHub token
|
# Read GitHub token
|
||||||
try:
|
try:
|
||||||
github_secret = client.secrets.kv.v2.read_secret_version(
|
github_secret = client.secrets.kv.v2.read_secret_version(
|
||||||
mount_point='kv',
|
|
||||||
path='service/github/neoloc/tokens/read-only-token'
|
path='service/github/neoloc/tokens/read-only-token'
|
||||||
)
|
)
|
||||||
github_token = github_secret['data']['data']['token']
|
github_token = github_secret['data']['data']['token']
|
||||||
@@ -99,7 +95,6 @@ def get_api_tokens() -> Tuple[str, str]:
|
|||||||
# Read Gitea token
|
# Read Gitea token
|
||||||
try:
|
try:
|
||||||
gitea_secret = client.secrets.kv.v2.read_secret_version(
|
gitea_secret = client.secrets.kv.v2.read_secret_version(
|
||||||
mount_point='kv',
|
|
||||||
path='service/gitea/unkinben/tokens/read-only-packages'
|
path='service/gitea/unkinben/tokens/read-only-packages'
|
||||||
)
|
)
|
||||||
gitea_token = gitea_secret['data']['data']['token']
|
gitea_token = gitea_secret['data']['data']['token']
|
||||||
|
|||||||
+2
-7
@@ -47,11 +47,8 @@ def get_vault_client() -> hvac.Client:
|
|||||||
logger.error("VAULT_ROLE_ID environment variable is required")
|
logger.error("VAULT_ROLE_ID environment variable is required")
|
||||||
raise ValueError("VAULT_ROLE_ID environment variable is required")
|
raise ValueError("VAULT_ROLE_ID environment variable is required")
|
||||||
|
|
||||||
# Initialize Vault client with CA certificate
|
# Initialize Vault client
|
||||||
client = hvac.Client(
|
client = hvac.Client(url=vault_addr)
|
||||||
url=vault_addr,
|
|
||||||
verify='/etc/pki/tls/cert.pem'
|
|
||||||
)
|
|
||||||
|
|
||||||
# Authenticate using AppRole
|
# Authenticate using AppRole
|
||||||
try:
|
try:
|
||||||
@@ -87,7 +84,6 @@ def get_api_tokens() -> Tuple[str, str]:
|
|||||||
# Read GitHub token
|
# Read GitHub token
|
||||||
try:
|
try:
|
||||||
github_secret = client.secrets.kv.v2.read_secret_version(
|
github_secret = client.secrets.kv.v2.read_secret_version(
|
||||||
mount_point='kv',
|
|
||||||
path='service/github/neoloc/tokens/read-only-token'
|
path='service/github/neoloc/tokens/read-only-token'
|
||||||
)
|
)
|
||||||
github_token = github_secret['data']['data']['token']
|
github_token = github_secret['data']['data']['token']
|
||||||
@@ -99,7 +95,6 @@ def get_api_tokens() -> Tuple[str, str]:
|
|||||||
# Read Gitea token
|
# Read Gitea token
|
||||||
try:
|
try:
|
||||||
gitea_secret = client.secrets.kv.v2.read_secret_version(
|
gitea_secret = client.secrets.kv.v2.read_secret_version(
|
||||||
mount_point='kv',
|
|
||||||
path='service/gitea/unkinben/tokens/read-only-packages'
|
path='service/gitea/unkinben/tokens/read-only-packages'
|
||||||
)
|
)
|
||||||
gitea_token = gitea_secret['data']['data']['token']
|
gitea_token = gitea_secret['data']['data']['token']
|
||||||
|
|||||||
Reference in New Issue
Block a user