From 70ce2ee364ea21745c4e9504f03e4bd502b98979 Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Molins Date: Tue, 30 Jul 2024 09:39:15 +0200 Subject: [PATCH] [CI] Use ephemeral token for git push commands (#1991) --- .buildkite/hooks/pre-command | 2 ++ .buildkite/scripts/test-with-integrations.sh | 10 ++++------ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command index f54721dbd..5b66549c5 100644 --- a/.buildkite/hooks/pre-command +++ b/.buildkite/hooks/pre-command @@ -110,9 +110,11 @@ if [[ "$BUILDKITE_PIPELINE_SLUG" == "elastic-package" && "$BUILDKITE_STEP_KEY" = fi if [[ "$BUILDKITE_PIPELINE_SLUG" == "elastic-package-test-with-integrations" && "$BUILDKITE_STEP_KEY" == "pr-integrations" ]]; then + # required to set the git commit information GITHUB_USERNAME_SECRET="elasticmachine" export GITHUB_USERNAME_SECRET=$GITHUB_USERNAME_SECRET export GITHUB_EMAIL_SECRET="elasticmachine@elastic.co" + # required by `gh` commands export GITHUB_TOKEN=$VAULT_GITHUB_TOKEN fi diff --git a/.buildkite/scripts/test-with-integrations.sh b/.buildkite/scripts/test-with-integrations.sh index 7da2e0856..2410e3efe 100755 --- a/.buildkite/scripts/test-with-integrations.sh +++ b/.buildkite/scripts/test-with-integrations.sh @@ -43,12 +43,10 @@ set_git_config() { git config user.email "${GITHUB_EMAIL_SECRET}" } -git_push_with_auth() { - local owner="$1" - local repository="$2" - local branch="$3" +git_push() { + local branch="$1" - retry 3 git push https://${GITHUB_USERNAME_SECRET}:${GITHUB_TOKEN}@github.com/${owner}/${repository}.git "${branch}" + retry 3 git push origin "${branch}" } clone_repository() { @@ -141,7 +139,7 @@ create_or_update_pull_request() { update_dependency echo "--- Pushing branch ${INTEGRATIONS_PR_BRANCH} to integrations repository..." - git_push_with_auth "${INTEGRATIONS_GITHUB_OWNER}" "${INTEGRATIONS_GITHUB_REPO_NAME}" "${INTEGRATIONS_PR_BRANCH}" + git_push "${INTEGRATIONS_PR_BRANCH}" if [ -z "${integrations_pr_number}" ]; then echo "--- Creating pull request :github:"