about summary refs log tree commit diff
path: root/ops
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2021-12-10T18·44+0300
committerclbot <clbot@tvl.fyi>2021-12-10T19·52+0000
commit5baa9b6d87a29bdc0bf339765e995772f0cdbec8 (patch)
treee219f398809980fab1f1579ab3bd504caca1fa13 /ops
parent2fe8d724d7cbc86c68c62ed6233e7b982566ad4d (diff)
refactor(tvl-buildkite): Prepare gerrit credentials helper r/3200
Currently this functionality is provided by a shell script stored in
/etc/secrets (which has the password value hardcoded).

This needs to happen in a separate commit from the one that changes
the pipeline to avoid breaking it (it needs to be deployed first).

Change-Id: I680754c828ccefbacfcf0d5c813a4bc19493ba4c
Diffstat (limited to 'ops')
-rw-r--r--ops/modules/tvl-buildkite.nix6
1 files changed, 6 insertions, 0 deletions
diff --git a/ops/modules/tvl-buildkite.nix b/ops/modules/tvl-buildkite.nix
index f7d7223a037d..fc0f45b8c029 100644
--- a/ops/modules/tvl-buildkite.nix
+++ b/ops/modules/tvl-buildkite.nix
@@ -17,6 +17,11 @@ let
     mkdir -p $out/bin
     ln -s ${besadiiWithConfig "post-command"} $out/bin/post-command
   '';
+
+  credentialHelper = pkgs.writeShellScriptBin "gerrit-creds" ''
+    echo 'username=buildkite'
+    echo "password=$(jq -r '.gerritPassword' /run/agenix/buildkite-besadii-config)"
+  '';
 in {
   options.services.depot.buildkite = {
     enable = lib.mkEnableOption description;
@@ -39,6 +44,7 @@ in {
         runtimePackages = with pkgs; [
           bash
           coreutils
+          credentialHelper
           curl
           git
           gnutar