From c94c0a1e36d57602d118199be9955c429a1321ff Mon Sep 17 00:00:00 2001 From: Ian Maia Date: Mon, 1 Jul 2024 20:04:48 +0200 Subject: [PATCH] Use a bot user in a trusted agent for pipelines that require git push operations --- .buildkite/code-freeze.yml | 6 +++--- .../configure-git-for-release-management.sh | 15 ++++++++------- .buildkite/complete-code-freeze.yml | 6 +++--- .buildkite/finalize-release.yml | 6 +++--- .buildkite/new-beta-release.yml | 6 +++--- .buildkite/update-release-notes.yml | 6 +++--- 6 files changed, 23 insertions(+), 22 deletions(-) diff --git a/.buildkite/code-freeze.yml b/.buildkite/code-freeze.yml index 09095a497234..bef42bc2d80f 100644 --- a/.buildkite/code-freeze.yml +++ b/.buildkite/code-freeze.yml @@ -1,15 +1,15 @@ # yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json --- -agents: - queue: "android" steps: - label: "Code Freeze" plugins: [$CI_TOOLKIT] command: | - .buildkite/commands/configure-git-for-release-management.sh + source .buildkite/commands/configure-git-for-release-management.sh install_gems bundle exec fastlane code_freeze skip_confirm:true + agents: + queue: "tumblr-metal" diff --git a/.buildkite/commands/configure-git-for-release-management.sh b/.buildkite/commands/configure-git-for-release-management.sh index eb39be490f66..c7c4a7a0821f 100755 --- a/.buildkite/commands/configure-git-for-release-management.sh +++ b/.buildkite/commands/configure-git-for-release-management.sh @@ -1,10 +1,11 @@ #!/bin/bash -eu -# Git command line client is not configured in Buildkite. Temporarily, we configure it in each step. -# Later on, we should be able to configure the agent instead. -curl -L https://api.github.com/meta | jq -r '.ssh_keys | .[]' | sed -e 's/^/github.com /' >> ~/.ssh/known_hosts -git config --global user.email "mobile+wpmobilebot@automattic.com" -git config --global user.name "Automattic Release Bot" +# This script needs to be source'd as use-bot-for-git exports a variable and this needs to be visible outside +if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then + echo "This script must be 'source'd (instead of being called directly as an executable) to work properly" + exit 1 +fi -# Buildkite is currently using the https url to checkout. We need to override it to be able to use the deploy key. -git remote set-url origin git@github.com:wordpress-mobile/WordPress-Android.git +echo '--- :robot_face: Use bot for git operations' +# shellcheck disable=SC1091 +source use-bot-for-git diff --git a/.buildkite/complete-code-freeze.yml b/.buildkite/complete-code-freeze.yml index 2b378accabdf..ea813bc1dcb5 100644 --- a/.buildkite/complete-code-freeze.yml +++ b/.buildkite/complete-code-freeze.yml @@ -1,16 +1,16 @@ # yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json --- -agents: - queue: "android" steps: - label: "Complete Code Freeze" plugins: [$CI_TOOLKIT] command: | - .buildkite/commands/configure-git-for-release-management.sh + source .buildkite/commands/configure-git-for-release-management.sh .buildkite/commands/checkout-release-branch.sh install_gems bundle exec fastlane complete_code_freeze skip_confirm:true + agents: + queue: "tumblr-metal" diff --git a/.buildkite/finalize-release.yml b/.buildkite/finalize-release.yml index 015ba7cd5d78..2fd0869df661 100644 --- a/.buildkite/finalize-release.yml +++ b/.buildkite/finalize-release.yml @@ -1,14 +1,12 @@ # yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json --- -agents: - queue: "android" steps: - label: "Finalize release" plugins: [$CI_TOOLKIT] command: | - .buildkite/commands/configure-git-for-release-management.sh + source .buildkite/commands/configure-git-for-release-management.sh .buildkite/commands/checkout-release-branch.sh install_gems @@ -16,3 +14,5 @@ steps: cp gradle.properties-example gradle.properties bundle exec fastlane finalize_release skip_confirm:true + agents: + queue: "tumblr-metal" diff --git a/.buildkite/new-beta-release.yml b/.buildkite/new-beta-release.yml index 3c2a9248fc18..4f2b8e441881 100644 --- a/.buildkite/new-beta-release.yml +++ b/.buildkite/new-beta-release.yml @@ -1,17 +1,17 @@ # yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json --- -agents: - queue: "android" steps: - label: "New Beta Release" plugins: [$CI_TOOLKIT] command: | - .buildkite/commands/configure-git-for-release-management.sh + source .buildkite/commands/configure-git-for-release-management.sh install_gems cp gradle.properties-example gradle.properties bundle exec fastlane new_beta_release skip_confirm:true + agents: + queue: "tumblr-metal" diff --git a/.buildkite/update-release-notes.yml b/.buildkite/update-release-notes.yml index e484a67471ab..57ac1df0e312 100644 --- a/.buildkite/update-release-notes.yml +++ b/.buildkite/update-release-notes.yml @@ -1,16 +1,16 @@ # yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json --- -agents: - queue: "android" steps: - label: "Update release notes" plugins: [$CI_TOOLKIT] command: | - .buildkite/commands/configure-git-for-release-management.sh + source .buildkite/commands/configure-git-for-release-management.sh .buildkite/commands/checkout-editorial-branch.sh install_gems bundle exec fastlane update_appstore_strings version:${RELEASE_VERSION} + agents: + queue: "tumblr-metal"