setup publish task

tomzo · tomzo · commit 947618fa9ed7 · 2019-04-23T09:57:26.000Z
diff --git a/pipeline.gocd.yaml b/pipeline.gocd.yaml
@@ -35,6 +35,8 @@ pipelines:
           clean_workspace: true
           jobs:
             code:
+              secure_variables:
+                VAULT_TOKEN: "AES:oo4qyY+eEf1piu8V4vy4hg==:nnH/4ulwI2JgjBtBiR+LGtB+PLLWVdtsCm+CIgjNHwj+qYXlvxWbN0+RS/tSi60N"
               elastic_profile_id: w.c1.m1024.e5
               tasks:
                 - exec:
diff --git a/tasks b/tasks
@@ -2,15 +2,25 @@
 
 set -e
 
+SECRET_OPS_VERSION="0.6.2"
 RELEASER_VERSION="2.1.0"
+
 RELEASER_FILE="ops/releaser-${RELEASER_VERSION}"
+SECRET_OPS_FILE="ops/secret-ops"
+SECRET_OPS_TAR_FILE="ops/secret-ops-${SECRET_OPS_VERSION}.tar.gz"
 
 mkdir -p ops
 if [[ ! -f $RELEASER_FILE ]];then
   wget --quiet -O $RELEASER_FILE https://github.com/kudulab/releaser/releases/download/${RELEASER_VERSION}/releaser
 fi
 source $RELEASER_FILE
 
+if [[ ! -f $SECRET_OPS_TAR_FILE ]];then
+  wget --quiet -O $SECRET_OPS_TAR_FILE https://github.com/kudulab/secret-ops/releases/download/${SECRET_OPS_VERSION}/secret-ops.tar.gz
+  tar -xf $SECRET_OPS_TAR_FILE -C ops
+fi
+source $SECRET_OPS_FILE
+
 command="$1"
 case "${command}" in
   set_version)
@@ -31,6 +41,8 @@ case "${command}" in
       ;;
   publish)
       # publish the just released version
+      GITHUB_TOKEN=$(vault read -field=token secret/gocd/github_releases)
+      export GITHUB_TOKEN
       VERSION=$(releaser::get_last_git_tagged_version)
       releaser::prepare_github_release_bin
       $GHRELEASE_BIN release \
@@ -46,6 +58,12 @@ case "${command}" in
         --name "docker-ops" \
         --file src/docker-ops
       ;;
+  generate_vault_token)
+      vault_token=$(vault token create -ttl=48h -policy=gocd -field token -metadata gocd_renew=true)
+      secured_token_gocd=$(secret_ops::encrypt_with_gocd_top "${vault_token}")
+      echo "Generated token: ${vault_token} and encrypted by GoCD server"
+      secret_ops::insert_vault_token_gocd_yaml "${secured_token_gocd}"
+      ;;
   *)
       echo "Invalid command: '${command}'"
       exit 1
