From 5baa9b6d87a29bdc0bf339765e995772f0cdbec8 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Fri, 10 Dec 2021 21:44:37 +0300
Subject: refactor(tvl-buildkite): Prepare gerrit credentials helper

Currently this functionality is provided by a shell script stored in
/etc/secrets (which has the password value hardcoded).

This needs to happen in a separate commit from the one that changes
the pipeline to avoid breaking it (it needs to be deployed first).

Change-Id: I680754c828ccefbacfcf0d5c813a4bc19493ba4c
---
 ops/modules/tvl-buildkite.nix | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'ops')

diff --git a/ops/modules/tvl-buildkite.nix b/ops/modules/tvl-buildkite.nix
index f7d7223a037d..fc0f45b8c029 100644
--- a/ops/modules/tvl-buildkite.nix
+++ b/ops/modules/tvl-buildkite.nix
@@ -17,6 +17,11 @@ let
     mkdir -p $out/bin
     ln -s ${besadiiWithConfig "post-command"} $out/bin/post-command
   '';
+
+  credentialHelper = pkgs.writeShellScriptBin "gerrit-creds" ''
+    echo 'username=buildkite'
+    echo "password=$(jq -r '.gerritPassword' /run/agenix/buildkite-besadii-config)"
+  '';
 in {
   options.services.depot.buildkite = {
     enable = lib.mkEnableOption description;
@@ -39,6 +44,7 @@ in {
         runtimePackages = with pkgs; [
           bash
           coreutils
+          credentialHelper
           curl
           git
           gnutar
-- 
cgit 1.4.1