Skip to content

Commit

Permalink
Merge pull request #973 from kwryankrattiger/improve_no_oidc_behavior
Browse files Browse the repository at this point in the history 
Change how `CI_OIDC_REQUIRED` works
  • Loading branch information
@kwryankrattiger
kwryankrattiger authored Oct 11, 2024
2 parents 13a704c + c1ed657 commit 8774c72
Show file tree
Hide file tree
Showing 3 changed files with 67 additions and 33 deletions.
29 changes: 29 additions & 0 deletions k8s/production/runners/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# Gitlab runners

There are three types of runners with increasing levels of access to cluster secrets.

1. `public`
2. `protected`
3. `signing`

## Public & Protected runners

The `public` and `protected` runners provide multiple architectures and base OSs that run across a range of AWS nodes.

* Windows
* `x86_64_v2`
* Linux
* `x86_64_v2`
* `x86_64_v3`
* `x86_64_v4`
* `graviton2`
* `graviton3`

### Special Variables

* `CI_OIDC_REQUIRED`: available to be set for runners with the `service` tag.
This variable can be used to skip OIDC configuration.

## Signing Runners

The `signing` runners use either `x86_64_v3` or `x86_64_v4` Linux machines.
35 changes: 19 additions & 16 deletions k8s/production/runners/public/graviton/2/release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,26 +53,29 @@ spec:
config: |
[[runners]]
pre_build_script = """
echo 'Executing Spack pre-build setup script'
if [ ${CI_OIDC_REQUIRED:-1} == 1 ]; then
echo 'Executing Spack pre-build setup script'
for cmd in "${PY3:-}" python3 python; do
if command -v > /dev/null "$cmd"; then
export PY3="$(command -v "$cmd")"
break
fi
done
for cmd in "${PY3:-}" python3 python; do
if command -v > /dev/null "$cmd"; then
export PY3="$(command -v "$cmd")"
break
fi
done
if [ -z "${PY3:-}" ]; then
echo "Unable to find python3 executable"
exit ${CI_OIDC_REQUIRED:-1}
fi
$PY3 -c "import urllib.request;urllib.request.urlretrieve('https://raw.githubusercontent.com/spack/spack-infrastructure/main/scripts/gitlab_runner_pre_build/pre_build.py', 'pre_build.py')"
$PY3 pre_build.py > envvars
if [ -z "${PY3:-}" ]; then
echo "Unable to find python3 executable"
exit 1
fi
. ./envvars
rm -f envvars
unset GITLAB_OIDC_TOKEN
$PY3 -c "import urllib.request;urllib.request.urlretrieve('https://raw.githubusercontent.com/spack/spack-infrastructure/main/scripts/gitlab_runner_pre_build/pre_build.py', 'pre_build.py')"
$PY3 pre_build.py > envvars
. ./envvars
rm -f envvars
unset GITLAB_OIDC_TOKEN
fi
"""
output_limit = 20480
Expand Down
36 changes: 19 additions & 17 deletions k8s/production/runners/public/x86_64/v2/release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,26 +53,28 @@ spec:
config: |
[[runners]]
pre_build_script = """
echo 'Executing Spack pre-build setup script'
for cmd in "${PY3:-}" python3 python; do
if command -v > /dev/null "$cmd"; then
export PY3="$(command -v "$cmd")"
break
if [ ${CI_OIDC_REQUIRED:-1} == 1 ]; then
echo 'Executing Spack pre-build setup script'
for cmd in "${PY3:-}" python3 python; do
if command -v > /dev/null "$cmd"; then
export PY3="$(command -v "$cmd")"
break
fi
done
if [ -z "${PY3:-}" ]; then
echo "Unable to find python3 executable"
exit 1
fi
done
if [ -z "${PY3:-}" ]; then
echo "Unable to find python3 executable"
exit ${CI_OIDC_REQUIRED:-1}
fi
$PY3 -c "import urllib.request;urllib.request.urlretrieve('https://raw.githubusercontent.com/spack/spack-infrastructure/main/scripts/gitlab_runner_pre_build/pre_build.py', 'pre_build.py')"
$PY3 pre_build.py > envvars
$PY3 -c "import urllib.request;urllib.request.urlretrieve('https://raw.githubusercontent.com/spack/spack-infrastructure/main/scripts/gitlab_runner_pre_build/pre_build.py', 'pre_build.py')"
$PY3 pre_build.py > envvars
. ./envvars
rm -f envvars
unset GITLAB_OIDC_TOKEN
. ./envvars
rm -f envvars
unset GITLAB_OIDC_TOKEN
fi
"""
output_limit = 20480
Expand Down

0 comments on commit 8774c72

Please sign in to comment.