Skip to content

Commit

Permalink
create-buildpack-dev-release task: support aws assume roles
Browse files Browse the repository at this point in the history 
This is done for the pipeline in private ci calling this task.
Bosh cli version is already updated in the previous commit.

https://bosh.io/docs/s3-release-blobstore/#assume-role
  • Loading branch information
@arjun024 @robdimsdale
arjun024 authored and robdimsdale committed Oct 4, 2023
1 parent 8f28c9a commit d1ce935
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 0 deletions.
1 change: 1 addition & 0 deletions pipelines/cf-release/cf-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,7 @@ jobs:
- task: create-buildpack-dev-release
file: buildpacks-ci/tasks/cf-release/create-buildpack-dev-release/task.yml
params:
#!# TODO pass in the role ARN when this AWS account access is moved to cloudgate-based service user
AWS_ACCESS_KEY_ID: ((pivotal-buildpacks-s3-access-key))
AWS_SECRET_ACCESS_KEY: ((pivotal-buildpacks-s3-secret-key))
- put: #@ language.name + "-buildpack-release"
Expand Down
6 changes: 6 additions & 0 deletions tasks/cf-release/create-buildpack-dev-release/run
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,12 @@ blobstore:
access_key_id: ${AWS_ACCESS_KEY_ID}
secret_access_key: ${AWS_SECRET_ACCESS_KEY}
EOF

if [ -n "${AWS_ASSUME_ROLE_ARN:-}" ]; then
cat >>release/config/private.yml <<-EOF
assume_role_arn: ${AWS_ASSUME_ROLE_ARN}
EOF
fi
}

upload_blobs() {
Expand Down
1 change: 1 addition & 0 deletions tasks/cf-release/create-buildpack-dev-release/task.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,5 +23,6 @@ outputs:
params:
AWS_ACCESS_KEY_ID:
AWS_SECRET_ACCESS_KEY:
AWS_ASSUME_ROLE_ARN:
run:
path: buildpacks-ci/tasks/cf-release/create-buildpack-dev-release/run

0 comments on commit d1ce935

Please sign in to comment.