blob: c942fda34aad95f0c9d7ef3150d1b99a98bc8130 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
#!/bin/bash
set -eu
# Only execute in the verify pipeline
[[ "$BUILDKITE_PIPELINE_NAME" =~ verify$ ]] || exit 0
docker ps || true
# Get chef foundation version from the json file
CHEF_FOUNDATION_VERSION=$(cat .buildkite-platform.json | jq -r '.chef_foundation')
export CHEF_FOUNDATION_VERSION
echo $CHEF_FOUNDATION_VERSION
OMNIBUS_TOOLCHAIN_VERSION=$(cat .buildkite-platform.json | jq -r '.omnibus_toolchain')
export OMNIBUS_TOOLCHAIN_VERSION
echo $OMNIBUS_TOOLCHAIN_VERSION
if [ $BUILDKITE_STEP_KEY == "build-windows-2019" ] && [ $BUILDKITE_ORGANIZATION_SLUG == "chef" ]
then
TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
RESPONSE=$(curl -sH "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/iam/security-credentials/default-windows-2019-privileged-chef-Role)
AWS_ACCESS_KEY_ID=$(echo $RESPONSE | jq -r '.AccessKeyId')
export AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY=$(echo $RESPONSE | jq -r '.SecretAccessKey')
export AWS_SECRET_ACCESS_KEY
AWS_SESSION_TOKEN=$(echo $RESPONSE | jq -r '.Token')
export AWS_SESSION_TOKEN
fi
# We've now seen cases where origin/main on the build hosts can get
# out of date. This causes us to build components unnecessarily.
# Fetching it here hopefully will prevent this situation.
echo "Fetching origin/main"
git fetch origin main
# DEBUGGING FOR RELENG
# Fetch the git tags to see if that addresses the weird smart build behavior for Habitat
git fetch --tags --force
# Rebase onto current main to ensure this PR is closer to what happens when it's merged.
# Only do this if it's actually a branch (i.e. a PR or a manually created build), not a
# post-merge CI run of main.
if [[ "$BUILDKITE_BRANCH" != "main" ]]; then
git config user.email "you@example.com" # these are needed for the rebase attempt
git config user.name "Your Name"
main=$(git show-ref -s --abbrev origin/main)
pr_head=$(git show-ref -s --abbrev HEAD)
github="https://github.com/chef/chef/commit/"
if git rebase origin/main >/dev/null; then
buildkite-agent annotate --style success --context "rebase-pr-branch-${main}" \
"Rebased onto main ([${main}](${github}${main}))."
else
git rebase --abort
buildkite-agent annotate --style warning --context "rebase-pr-branch-${main}" \
"Couldn't rebase onto main ([${main}](${github}${main})), building PR HEAD ([${pr_head}](${github}${pr_head}))."
fi
fi
# Only execute if on RHEL/CentOS/SLES
if [[ "$BUILDKITE_LABEL" =~ rhel|sles|centos ]] && [[ $BUILDKITE_ORGANIZATION_SLUG != "chef-oss" ]]; then
export VAULT_ADDR="https://vault.ps.chef.co"
export VAULT_TOKEN="$(vault login -method=aws -path=aws/private-cd -token-only header_value=vault.ps.chef.co role=ci)"
export RPM_SIGNING_KEY="$(vault kv get -field packages_at_chef_io account/static/packages/signing_certs)"
fi
|
