Skip to content
This repository has been archived by the owner on Sep 26, 2023. It is now read-only.

Commit

Permalink
added short-lived credentials from assume-rol to the container execution
Browse files Browse the repository at this point in the history
  • Loading branch information
adrianriobo committed Feb 17, 2023
1 parent 138c8db commit 960a0bd
Showing 1 changed file with 63 additions and 36 deletions.
99 changes: 63 additions & 36 deletions .github/workflows/crc-cloud.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,39 +16,66 @@ jobs:
contents: write

steps:
- name: Write pullsecret
env:
PULLSECRET_BASE64: ${{ secrets.PS_64 }}
run: |
echo $PULLSECRET_BASE64 | base64 --decode > pullsecret.txt
- name: Write boot key
run: echo "${{ secrets.KEY }}" > key.txt

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.ROLE }}
aws-region: eu-west-2

- run: |
docker run \
-v ${PWD}:/workspace:z \
-e AWS_DEFAULT_REGION=eu-west-2 quay.io/crcont/crc-cloud:v0.0.2 \
create aws \
--project-name "crc-ocp412" \
--backed-url "file:///workspace" \
--output "/workspace" \
--aws-ami-id "ami-019669c0960dbcf14" \
--pullsecret-filepath /workspace/pullsecret.txt \
--key-filepath /workspace/key.txt
- run: |
docker run \
-v ${PWD}:/workspace:z \
-e AWS_DEFAULT_REGION=eu-west-2 \
quay.io/crcont/crc-cloud:v0.0.2 \
destroy \
--project-name "crc-ocp412" \
--backed-url "file:///workspace" \
--provider "aws"
- name: Write pullsecret
env:
PULLSECRET_BASE64: ${{ secrets.PS_64 }}
run: |
echo $PULLSECRET_BASE64 | base64 --decode > pullsecret.txt
- name: Write boot key
run: |
echo "${{ secrets.ID_ECDSA }}" > key.txt
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.ROLE }}
aws-region: eu-west-2

- name: Create cluster
run: |
docker run -d --name crc-cloud-create --rm \
-v ${PWD}:/workspace:z \
-e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
-e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
-e AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN} \
-e AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION} \
quay.io/crcont/crc-cloud:v0.0.2 \
create aws \
--project-name "crc-ocp412" \
--backed-url "file:///workspace" \
--output "/workspace" \
--aws-ami-id "ami-019669c0960dbcf14" \
--pullsecret-filepath /workspace/pullsecret.txt \
--key-filepath /workspace/key.txt
- name: View cluster creation logs
continue-on-error: true
run: |
docker logs -f crc-cloud-create
- name: Check cluster config
continue-on-error: true
run: |
ls -al /tmp
pwd
ls -al
ssh -i id_rsa core@$(cat host) "cat /opt/kubeconfig"
- name: Destroy cluster
run: |
docker run -d --name crccloud-destroy --rm \
-v ${PWD}:/workspace:z \
-e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
-e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
-e AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN} \
-e AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION} \
quay.io/crcont/crc-cloud:v0.0.2 \
destroy \
--project-name "crc-ocp412" \
--backed-url "file:///workspace" \
--provider "aws"
- name: View cluster destroy logs
run: |
docker logs -f crccloud-destroy

0 comments on commit 960a0bd

Please sign in to comment.