Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change how CI_OIDC_REQUIRED works #973

Merged
merged 1 commit into from
Oct 11, 2024
Merged

Change how CI_OIDC_REQUIRED works #973

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions k8s/production/runners/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# Gitlab runners

There are three types of runners with increasing levels of access to cluster secrets.

1. `public`
2. `protected`
3. `signing`

## Public & Protected runners

The `public` and `protected` runners provide multiple architectures and base OSs that run across a range of AWS nodes.

* Windows
* `x86_64_v2`
* Linux
* `x86_64_v2`
* `x86_64_v3`
* `x86_64_v4`
* `graviton2`
* `graviton3`

### Special Variables

* `CI_OIDC_REQUIRED`: available to be set for runners with the `service` tag.
This variable can be used to skip OIDC configuration.

## Signing Runners

The `signing` runners use either `x86_64_v3` or `x86_64_v4` Linux machines.
35 changes: 19 additions & 16 deletions k8s/production/runners/public/graviton/2/release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,26 +53,29 @@ spec:
config: |
[[runners]]
pre_build_script = """
echo 'Executing Spack pre-build setup script'
if [ ${CI_OIDC_REQUIRED:-1} == 1 ]; then
echo 'Executing Spack pre-build setup script'
for cmd in "${PY3:-}" python3 python; do
if command -v > /dev/null "$cmd"; then
export PY3="$(command -v "$cmd")"
break
fi
done
for cmd in "${PY3:-}" python3 python; do
if command -v > /dev/null "$cmd"; then
export PY3="$(command -v "$cmd")"
break
fi
done
if [ -z "${PY3:-}" ]; then
echo "Unable to find python3 executable"
exit ${CI_OIDC_REQUIRED:-1}
fi
$PY3 -c "import urllib.request;urllib.request.urlretrieve('https://raw.githubusercontent.com/spack/spack-infrastructure/main/scripts/gitlab_runner_pre_build/pre_build.py', 'pre_build.py')"
$PY3 pre_build.py > envvars
if [ -z "${PY3:-}" ]; then
echo "Unable to find python3 executable"
exit 1
fi
. ./envvars
rm -f envvars
unset GITLAB_OIDC_TOKEN
$PY3 -c "import urllib.request;urllib.request.urlretrieve('https://raw.githubusercontent.com/spack/spack-infrastructure/main/scripts/gitlab_runner_pre_build/pre_build.py', 'pre_build.py')"
$PY3 pre_build.py > envvars
. ./envvars
rm -f envvars
unset GITLAB_OIDC_TOKEN
fi
"""
output_limit = 20480
Expand Down
36 changes: 19 additions & 17 deletions k8s/production/runners/public/x86_64/v2/release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,26 +53,28 @@ spec:
config: |
[[runners]]
pre_build_script = """
echo 'Executing Spack pre-build setup script'
for cmd in "${PY3:-}" python3 python; do
if command -v > /dev/null "$cmd"; then
export PY3="$(command -v "$cmd")"
break
if [ ${CI_OIDC_REQUIRED:-1} == 1 ]; then
echo 'Executing Spack pre-build setup script'
for cmd in "${PY3:-}" python3 python; do
if command -v > /dev/null "$cmd"; then
export PY3="$(command -v "$cmd")"
break
fi
done
if [ -z "${PY3:-}" ]; then
echo "Unable to find python3 executable"
exit 1
fi
done
if [ -z "${PY3:-}" ]; then
echo "Unable to find python3 executable"
exit ${CI_OIDC_REQUIRED:-1}
fi
$PY3 -c "import urllib.request;urllib.request.urlretrieve('https://raw.githubusercontent.com/spack/spack-infrastructure/main/scripts/gitlab_runner_pre_build/pre_build.py', 'pre_build.py')"
$PY3 pre_build.py > envvars
$PY3 -c "import urllib.request;urllib.request.urlretrieve('https://raw.githubusercontent.com/spack/spack-infrastructure/main/scripts/gitlab_runner_pre_build/pre_build.py', 'pre_build.py')"
$PY3 pre_build.py > envvars
. ./envvars
rm -f envvars
unset GITLAB_OIDC_TOKEN
. ./envvars
rm -f envvars
unset GITLAB_OIDC_TOKEN
fi
"""
output_limit = 20480
Expand Down