launchpad-reviewers team mailing list archive

Thread
Date

[Merge] ~jugmac00/launchpad-buildd:fix-passing-credentials into launchpad-buildd:master

To: mp+426955@xxxxxxxxxxxxxxxxxx
From: Jürgen Gmach <mp+426955@xxxxxxxxxxxxxxxxxx>
Date: Fri, 15 Jul 2022 13:00:18 -0000
Reply-to: mp+426955@xxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

Jürgen Gmach has proposed merging ~jugmac00/launchpad-buildd:fix-passing-credentials into launchpad-buildd:master.

Commit message:
Fix secrets handling for CI builds

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~jugmac00/launchpad-buildd/+git/launchpad-buildd/+merge/426955
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~jugmac00/launchpad-buildd:fix-passing-credentials into launchpad-buildd:master.

diff --git a/lpbuildd/target/run_ci.py b/lpbuildd/target/run_ci.py
index e9353c8..82f9740 100644
--- a/lpbuildd/target/run_ci.py
+++ b/lpbuildd/target/run_ci.py
@@ -4,7 +4,6 @@
 import logging
 import os
 import tempfile
-from pathlib import Path
 
 import yaml
 
@@ -121,9 +120,12 @@ class RunCI(BuilderProxyOperationMixin, Operation):
             help="plugin setting where the key and value are separated by =",
         )
         parser.add_argument(
-            "--secrets",
-            type=Path,
-            help="secrets provided in a YAML configuration file",
+            "--secret",
+            dest="secrets",
+            type=str,
+            action="append",
+            default=[],
+            help="secrets where the key and the value are separated by =",
         )
 
     def run_job(self):
@@ -158,10 +160,16 @@ class RunCI(BuilderProxyOperationMixin, Operation):
         )
         for key, value in plugin_settings.items():
             lpcraft_args.extend(["--plugin-setting", f"{key}={value}"])
-        if self.args.secrets:
-            text = yaml.dump(self.args.secrets)
+
+        secrets = dict(
+            pair.split("=", maxsplit=1)
+            for pair in self.args.secrets
+        )
+        if secrets:
+            text = yaml.dump(secrets)
             with tempfile.NamedTemporaryFile(mode="w") as f:
                 f.write(text)
+                f.flush()
                 path_to_secrets = f.name
                 self.backend.copy_in(
                     source_path=path_to_secrets,
diff --git a/lpbuildd/target/tests/test_run_ci.py b/lpbuildd/target/tests/test_run_ci.py
index 8bd5d34..1ca31dc 100644
--- a/lpbuildd/target/tests/test_run_ci.py
+++ b/lpbuildd/target/tests/test_run_ci.py
@@ -423,7 +423,8 @@ class TestRunCI(TestCase):
         args = [
             "run-ci",
             "--backend=fake", "--series=focal", "--arch=amd64", "1",
-            "--secrets", "path/to/tempfile",
+            "--secret", "soss=user:pass",
+            "--secret", "another_project=token:123",
             "test", "0",
             ]
         run_ci = parse_args(args=args).operation
@@ -439,6 +440,11 @@ class TestRunCI(TestCase):
                 "| tee /build/output/test:0.log",
                 ], cwd="/build/tree"),
             ]))
+        content, _ = run_ci.backend.backend_fs[
+            "/build/.launchpad-secrets.yaml"]
+        self.assertEqual(
+            "another_project: token:123\nsoss: user:pass\n", content.decode()
+        )
 
     def test_run_succeeds(self):
         args = [