[Qa-jenkins-scm] [Git][qa/jenkins.debian.net][master] 3 commits: reproducible Debian live: Use credentials-binding instead of credentials to pass along the secrets

Holger Levsen (@holger) gitlab at salsa.debian.org
Thu Sep 22 17:52:12 BST 2022



Holger Levsen pushed to branch master at Debian QA / jenkins.debian.net


Commits:
1e482258 by Roland Clobus at 2022-09-22T18:46:27+02:00
reproducible Debian live: Use credentials-binding instead of credentials to pass along the secrets

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -
cd0f3ddd by Roland Clobus at 2022-09-22T18:46:37+02:00
reproducible Debian live: Generate a warning header in the r00t-me folder

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -
c76b7880 by Holger Levsen at 2022-09-22T18:46:48+02:00
reproducible Debian live: improve warning text

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -


2 changed files:

- bin/reproducible_debian_live_sync_result.sh
- job-cfg/reproducible.yaml


Changes:

=====================================
bin/reproducible_debian_live_sync_result.sh
=====================================
@@ -31,6 +31,19 @@ rsync_remote_results() {
         local EXTRADIR=artifacts/r00t-me/
         mkdir -p $EXTRADIR
         cd $EXTRADIR
+        # Generate a warning
+        local msg="These generated ISO files have been preserved for your convenience.\n"
+        msg="${msg}They will be available for 24h only, so download them now.\n"
+        msg="${msg}WARNING: You shouldn't trust the ISO files downloaded from this host, they could contain malware or anything else, including the worst of your fears, packaged nicely as a bootable ISO image."
+        log_info "$msg"
+        # Place the warning as a heading in the directory view
+        # This is embedded HTML, so no <HTML>-tag etc. are required
+        PAGE=".HEADER.html"
+        rm -f ${PAGE}
+        write_page "<p>"
+        write_page "$(printf ${msg} | sed 's#$#<br/>#g')"
+        write_page "These artifacts were created by one of the <a href=\"https://jenkins.debian.net/view/live/\">live-build jobs</a>"
+        write_page "</p>"
     else
         local EXTRADIR=""
     fi


=====================================
job-cfg/reproducible.yaml
=====================================
@@ -235,19 +235,14 @@
           option: category
           categories:
             - debian_live_build
-    parameters:
-      - credentials:
-          name: OPENQA_APIKEY
-          type: secrettext
-          required: true
-          default: openqa-live-apikey
-          description: The key from https://openqa.debian.net/api_keys, generated by rclobus-guest
-      - credentials:
-          name: OPENQA_APISECRET
-          type: secrettext
-          required: true
-          default: openqa-live-apisecret
-          description: The key from https://openqa.debian.net/api_keys, generated by rclobus-guest
+    wrappers:
+      - credentials-binding:
+          - text:
+              credential-id: openqa-live-apikey
+              variable: OPENQA_APIKEY
+          - text:
+              credential-id: openqa-live-apisecret
+              variable: OPENQA_APISECRET
     logrotate:
       daysToKeep: '{my_keep_build_days}'
       numToKeep: 50



View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/compare/c7a50b5252643ea88601b576519f42e4ba7a7d4e...c76b78804e0b02778f212955fdc822d97debf539

-- 
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/compare/c7a50b5252643ea88601b576519f42e4ba7a7d4e...c76b78804e0b02778f212955fdc822d97debf539
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20220922/086f601a/attachment-0001.htm>


More information about the Qa-jenkins-scm mailing list