improves the ci test

xiaozhu36 · xiaozhu36 · commit 4334d335ab34 · 2025-04-21T14:51:19.000+08:00
diff --git a/ci/assets/terraform/terraform.tf b/ci/assets/terraform/terraform.tf
@@ -4,6 +4,9 @@ variable "access_key" {
 variable "secret_key" {
 }
 
+variable "security_token" {
+}
+
 variable "region" {
 }
 
@@ -25,9 +28,10 @@ terraform {
 }
 
 provider "alicloud" {
-  access_key = var.access_key
-  secret_key = var.secret_key
-  region     = var.region
+  access_key     = var.access_key
+  secret_key     = var.secret_key
+  security_token = var.security_token
+  region         = var.region
 }
 
 data "alicloud_zones" "default" {
diff --git a/ci/pipeline-develop.yml b/ci/pipeline-develop.yml
@@ -44,6 +44,7 @@ shared:
     access_key: {{alicloud_access_key__primary}}
     secret_key: {{alicloud_secret_key__primary}}
     region:     {{alicloud_region__primary}}
+    terraform_role_arn: {{terraform_role_arn}}
     remote_state_access_key: {{terraform_backend_access_key}}
     remote_state_secret_key: {{terraform_backend_secret_key}}
     remote_state_bucket:     {{terraform_backend_bucket}}
diff --git a/ci/pipeline.yml b/ci/pipeline.yml
@@ -44,6 +44,7 @@ shared:
     access_key: {{alicloud_access_key__primary}}
     secret_key: {{alicloud_secret_key__primary}}
     region:     {{alicloud_region__primary}}
+    terraform_role_arn: {{terraform_role_arn}}
     remote_state_access_key: {{terraform_backend_access_key}}
     remote_state_secret_key: {{terraform_backend_secret_key}}
     remote_state_bucket:     {{terraform_backend_bucket}}
diff --git a/ci/tasks/build-candidate.yml b/ci/tasks/build-candidate.yml
@@ -1,9 +1,9 @@
 ---
 platform: linux
 image_resource:
-  type: docker-image
+  type: registry-image
   source:
-    repository: boshcpi/gce-cpi-release
+    repository: foundationalinfrastructure/gce-cpi-release
 
 inputs:
   - name: bosh-cpi-src
diff --git a/ci/tasks/put-environment.sh b/ci/tasks/put-environment.sh
@@ -2,6 +2,8 @@
 
 set -e
 
+source bosh-cpi-src/ci/tasks/utils.sh
+
 : ${access_key:?}
 : ${secret_key:?}
 : ${region:?}
@@ -10,11 +12,12 @@ set -e
 : ${delete_on_failure:= true}
 : ${generate_random_name:= false}
 : ${action:=""}
+: ${terraform_role_arn:?}
 : ${terraform_source:?}
 : ${output_module:="metadata"}
 # Remote state parameters
-: ${remote_state_access_key:=${access_key}}
-: ${remote_state_secret_key:=${secret_key}}
+#: ${remote_state_access_key:=${access_key}}
+#: ${remote_state_secret_key:=${secret_key}}
 : ${remote_state_region:=${region}}
 : ${remote_state_bucket:?}
 : ${remote_state_file_path:="terraform-state"}
@@ -44,10 +47,25 @@ wget -qN https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform
 apt-get install unzip
 unzip -o terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /usr/bin
 
+# 调用 AssumeRole API 获取临时凭证
+response=$(aliyun sts AssumeRole --RoleArn ${terraform_role_arn} --RoleSessionName "bosh-cpi-e2e-test" --access-key-id ${access_key} --access-key-secret ${secret_key})
+
+# 解析返回结果中的 AccessKeyId, AccessKeySecret 和 SecurityToken
+ACCESS_KEY_ID=$(echo $response | jq -r '.Credentials.AccessKeyId')
+ACCESS_KEY_SECRET=$(echo $response | jq -r '.Credentials.AccessKeySecret')
+SECURITY_TOKEN=$(echo $response | jq -r '.Credentials.SecurityToken')
+
+# 检查是否成功获取到凭证
+if [ -z "$ACCESS_KEY_ID" ] || [ -z "$ACCESS_KEY_SECRET" ]; then
+  echo "Failed to get credentials."
+  exit 1
+fi
+
 pushd ${terraform_source}
     terraform init \
-        -backend-config="access_key=${remote_state_access_key}" \
-        -backend-config="secret_key=${remote_state_secret_key}" \
+        -backend-config="access_key=${ACCESS_KEY_ID}" \
+        -backend-config="secret_key=${ACCESS_KEY_SECRET}" \
+        -backend-config="security_token=${SECURITY_TOKEN}" \
         -backend-config="region=${remote_state_region}" \
         -backend-config="bucket=${remote_state_bucket}" \
         -backend-config="prefix=${remote_state_file_path}" \
@@ -59,10 +77,10 @@ pushd ${terraform_source}
 
     if [[ ${action} == "destroy" ]]; then
         echo -e "******** Try to delete environment ********\n"
-        terraform apply -destroy -auto-approve -var access_key=${access_key} -var secret_key=${secret_key} -var region=${region} -var env_name=${env_name} -var "public_key=${public_key}"
+        terraform apply -destroy -auto-approve -var access_key=${ACCESS_KEY_ID} -var secret_key=${ACCESS_KEY_SECRET} -var security_token=${SECURITY_TOKEN} -var region=${region} -var env_name=${env_name} -var "public_key=${public_key}"
     else
         echo -e "******** Try to build environment ********\n"
-        terraform apply --auto-approve -var access_key=${access_key} -var secret_key=${secret_key} -var region=${region} -var env_name=${env_name} -var "public_key=${public_key}"
+        terraform apply --auto-approve -var access_key=${ACCESS_KEY_ID} -var secret_key=${ACCESS_KEY_SECRET} -var security_token=${SECURITY_TOKEN} -var region=${region} -var env_name=${env_name} -var "public_key=${public_key}"
         if [[ $? -eq 0 ]]; then
             echo -e "******** Build terraform environment successfully ******** \n"
             ls -al
@@ -72,7 +90,7 @@ pushd ${terraform_source}
             echo "}" >> ${output_path}/${output_module}
         elif [[ ${delete_on_failure} = true ]]; then
             echo -e "******** Destroy terraform environment... ******** \n"
-            terraform apply -destroy -auto-approve -var access_key=${access_key} -var secret_key=${secret_key} -var region=${region} -var env_name=${env_name} -var "public_key=${public_key}"
+            terraform apply -destroy -auto-approve -var access_key=${ACCESS_KEY_ID} -var secret_key=${ACCESS_KEY_SECRET} -var security_token=${SECURITY_TOKEN} -var region=${region} -var env_name=${env_name} -var "public_key=${public_key}"
         fi
     fi
 
diff --git a/ci/tasks/put-environment.yml b/ci/tasks/put-environment.yml
@@ -2,8 +2,9 @@
 platform: linux
 
 image_resource:
-  type: docker-image
-  source: {repository: boshcpi/aws-cpi-release}
+  type: registry-image
+  source:
+    repository: foundationalinfrastructure/gce-cpi-release
 
 inputs:
   - name: bosh-cpi-src
@@ -22,6 +23,7 @@ params:
   delete_on_failure: false
   generate_random_name: false
   action: ""
+  terraform_role_arn: ""
   terraform_source: ""
   output_module: ""
   remote_state_access_key: ""
diff --git a/ci/tasks/run-integration.yml b/ci/tasks/run-integration.yml
@@ -1,8 +1,9 @@
 ---
 platform: linux
 image_resource:
-  type: docker-image
-  source: {repository: boshcpi/gce-cpi-release}
+  type: registry-image
+  source:
+    repository: foundationalinfrastructure/gce-cpi-release
 inputs:
   - name: bosh-cpi-src
   - name: stemcell
diff --git a/ci/tasks/unit-tests.yml b/ci/tasks/unit-tests.yml
@@ -1,9 +1,9 @@
 ---
 platform: linux
 image_resource:
-  type: docker-image
+  type: registry-image
   source:
-    repository: boshcpi/gce-cpi-release
+    repository: foundationalinfrastructure/gce-cpi-release
 inputs:
   - name: bosh-cpi-src
 
diff --git a/ci/tasks/utils.sh b/ci/tasks/utils.sh
@@ -20,6 +20,13 @@ configure_aliyun_cli() {
 }
 configure_aliyun_cli
 
+configure_jq() {
+  wget -q -O jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64
+  chmod +x ./jq
+  cp jq /usr/bin
+}
+configure_jq
+
 check_param() {
   local name=$1
   local value=$(eval echo '$'$name)

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,9 @@ variable "access_key" {`
`4`	`4`	`variable "secret_key" {`
`5`	`5`	`}`
`6`	`6`
	`7`	`+variable "security_token" {`
	`8`	`+}`
	`9`	`+`
`7`	`10`	`variable "region" {`
`8`	`11`	`}`
`9`	`12`
`@@ -25,9 +28,10 @@ terraform {`
`25`	`28`	`}`
`26`	`29`
`27`	`30`	`provider "alicloud" {`
`28`		`- access_key = var.access_key`
`29`		`- secret_key = var.secret_key`
`30`		`- region = var.region`
	`31`	`+ access_key = var.access_key`
	`32`	`+ secret_key = var.secret_key`
	`33`	`+ security_token = var.security_token`
	`34`	`+ region = var.region`
`31`	`35`	`}`
`32`	`36`
`33`	`37`	`data "alicloud_zones" "default" {`