-
-
Save rail/bb477a7318aefa205627d9d3fffdf337 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# How to create the secret | |
# 1. Generate macaroon: | |
# 1.1 use https://gist.github.com/rail/cd052897ae16ebd4c90078920cb131cd | |
# 1.2 python3 generate_macaroon.py | base64 -w 0 | |
# 1.2.1 Use the credentials from the private repo. The generated macaroon will be valid for a year | |
# 1.3 copy the output to taskcluste secret {"content": "output goes here"} | |
# 1.4 I used project/releng/snapcraft/firefox/edge to store the secrets | |
# 2. Modify the snap task to: | |
# 2.1 add scopes to read the secret: | |
# secrets:get:project/releng/snapcraft/firefox/edge | |
# 2.2 Add payload.features.taskclusterProxy, set to true | |
# 3. call this scipt passing the url of the secret: | |
# bash $0 http://taskcluster/secrets/v1/secret/project/releng/snapcraft/firefox/edge | |
# 4. Modfify the runme.sh script to call `snapcraft upload firefox.snap`, | |
# probably with some extra arguments to upload to the "edge" channel only. | |
# We can add a check and run this command only if the config file exists. | |
url=$1 | |
config=~/.snapcraft/snapcraft.cfg | |
mkdir -p ~/.snapcraft | |
curl -s $url | \ | |
python -c 'import json, sys; a = json.load(sys.stdin); print a["secret"]["content"]' | \ | |
base64 -d > \ | |
$config | |
chmod 600 $config |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Fix at line 4:
You shouldn't base64 the whole command. Otherwise, the whole stdout gets in base64'd data. This includes:
Therefore, the best way to base64 is to copy and paste the output yourself.