diff --git a/.drone.yml b/.drone.yml index 8130e6611a36e..98764d9be02bd 100644 --- a/.drone.yml +++ b/.drone.yml @@ -837,7 +837,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -845,7 +845,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY @@ -1547,7 +1547,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -1572,7 +1572,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -1809,7 +1809,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -1817,7 +1817,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID @@ -1981,7 +1981,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -1989,7 +1989,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -2166,7 +2166,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -2174,7 +2174,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -2364,7 +2364,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -2372,7 +2372,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -2547,7 +2547,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -2555,7 +2555,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -2701,7 +2701,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -2709,7 +2709,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -2742,7 +2742,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -2750,7 +2750,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY @@ -2803,7 +2803,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -2811,7 +2811,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -2962,7 +2962,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -2970,7 +2970,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -3001,7 +3001,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -3009,7 +3009,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY @@ -3061,7 +3061,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -3069,7 +3069,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -3226,7 +3226,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -3234,7 +3234,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -3267,7 +3267,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -3275,7 +3275,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY @@ -3319,7 +3319,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -3327,7 +3327,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -3473,7 +3473,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -3481,7 +3481,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -3512,7 +3512,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -3520,7 +3520,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY @@ -3563,7 +3563,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -3571,7 +3571,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -3746,7 +3746,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -3754,7 +3754,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -3900,7 +3900,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -3908,7 +3908,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -3941,7 +3941,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -3949,7 +3949,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY @@ -4002,7 +4002,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -4010,7 +4010,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -4161,7 +4161,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -4169,7 +4169,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -4202,7 +4202,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -4210,7 +4210,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY @@ -4254,7 +4254,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -4262,7 +4262,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -4472,7 +4472,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -4480,7 +4480,7 @@ steps: --output text) \ > /tmp/build-darwin-amd64/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -4644,7 +4644,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -4652,7 +4652,7 @@ steps: --output text) \ > /tmp/build-darwin-amd64-pkg/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -4845,7 +4845,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -4853,7 +4853,7 @@ steps: --output text) \ > /tmp/build-darwin-amd64-pkg-tsh/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -5068,7 +5068,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -5076,7 +5076,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -5251,7 +5251,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -5259,7 +5259,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -5405,7 +5405,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -5413,7 +5413,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -5446,7 +5446,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -5454,7 +5454,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY @@ -5498,7 +5498,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -5506,7 +5506,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -5652,7 +5652,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -5660,7 +5660,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -5693,7 +5693,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -5701,7 +5701,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY @@ -5745,7 +5745,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -5753,7 +5753,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -5899,7 +5899,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -5907,7 +5907,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -5940,7 +5940,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -5948,7 +5948,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY @@ -6001,7 +6001,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -6009,7 +6009,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -6160,7 +6160,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -6168,7 +6168,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -6201,7 +6201,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -6209,7 +6209,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY @@ -6262,7 +6262,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -6270,7 +6270,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -6453,7 +6453,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -6461,7 +6461,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -6597,7 +6597,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -6605,7 +6605,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY @@ -6718,7 +6718,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -6726,7 +6726,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -6757,7 +6757,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -6765,7 +6765,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_PACKER_ACCESS_KEY_ID @@ -6804,7 +6804,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -6812,7 +6812,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -6892,7 +6892,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -6900,7 +6900,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -6932,7 +6932,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -6940,7 +6940,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_PACKER_ACCESS_KEY_ID @@ -6980,7 +6980,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -6988,7 +6988,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -7070,12 +7070,12 @@ steps: volumes: - name: dockersock path: /var/run -- name: Assume Staging buildbox AWS Role +- name: Configure Staging AWS Profile image: amazon/aws-cli commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -7083,7 +7083,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile staging environment: AWS_ACCESS_KEY_ID: from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_KEY @@ -7094,35 +7094,20 @@ steps: volumes: - name: awsconfig path: /root/.aws -- name: Build buildbox and push to Staging - image: docker - commands: - - apk add --no-cache make aws-cli - - chown -R $UID:$GID /go - - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin - 146628656107.dkr.ecr.us-west-2.amazonaws.com - - make -C build.assets buildbox - - docker tag public.ecr.aws/gravitational/teleport-buildbox:$BUILDBOX_VERSION 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA - - docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA - volumes: - - name: dockersock - path: /var/run - - name: awsconfig - path: /root/.aws -- name: Assume Production buildbox AWS Role +- name: Configure Production AWS Profile image: amazon/aws-cli commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ - > /root/.aws/credentials + >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile production environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY @@ -7133,321 +7118,99 @@ steps: volumes: - name: awsconfig path: /root/.aws -- name: Push buildbox to Production +- name: Build and push buildbox image: docker commands: - apk add --no-cache make aws-cli - chown -R $UID:$GID /go - - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin - public.ecr.aws + - aws ecr get-login-password --profile staging --region=us-west-2 | docker login + -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - make -C build.assets buildbox + - docker tag public.ecr.aws/gravitational/teleport-buildbox:$BUILDBOX_VERSION 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA + - docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA + - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com + - aws ecr-public get-login-password --profile production --region=us-east-1 | docker + login -u="AWS" --password-stdin public.ecr.aws - docker push public.ecr.aws/gravitational/teleport-buildbox:$BUILDBOX_VERSION volumes: - name: dockersock path: /var/run - name: awsconfig path: /root/.aws -- name: Assume Staging buildbox-fips AWS Role - image: amazon/aws-cli - commands: - - aws sts get-caller-identity - - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ - $(aws sts assume-role \ - --role-arn "$AWS_ROLE" \ - --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ - --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ - --output text) \ - > /root/.aws/credentials - - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity - environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_KEY - AWS_ROLE: - from_secret: STAGING_BUILDBOX_DRONE_ECR_AWS_ROLE - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_SECRET - volumes: - - name: awsconfig - path: /root/.aws -- name: Build buildbox-fips and push to Staging +- name: Build and push buildbox-fips image: docker commands: - apk add --no-cache make aws-cli - chown -R $UID:$GID /go - - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin - 146628656107.dkr.ecr.us-west-2.amazonaws.com + - aws ecr get-login-password --profile staging --region=us-west-2 | docker login + -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - make -C build.assets buildbox-fips - docker tag public.ecr.aws/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA - docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA - volumes: - - name: dockersock - path: /var/run - - name: awsconfig - path: /root/.aws -- name: Assume Production buildbox-fips AWS Role - image: amazon/aws-cli - commands: - - aws sts get-caller-identity - - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ - $(aws sts assume-role \ - --role-arn "$AWS_ROLE" \ - --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ - --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ - --output text) \ - > /root/.aws/credentials - - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity - environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY - AWS_ROLE: - from_secret: PRODUCTION_BUILDBOX_DRONE_ECR_AWS_ROLE - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_SECRET - volumes: - - name: awsconfig - path: /root/.aws -- name: Push buildbox-fips to Production - image: docker - commands: - - apk add --no-cache make aws-cli - - chown -R $UID:$GID /go - - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin - public.ecr.aws + - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com + - aws ecr-public get-login-password --profile production --region=us-east-1 | docker + login -u="AWS" --password-stdin public.ecr.aws - docker push public.ecr.aws/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION volumes: - name: dockersock path: /var/run - name: awsconfig path: /root/.aws -- name: Assume Staging buildbox-arm AWS Role - image: amazon/aws-cli - commands: - - aws sts get-caller-identity - - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ - $(aws sts assume-role \ - --role-arn "$AWS_ROLE" \ - --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ - --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ - --output text) \ - > /root/.aws/credentials - - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity - environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_KEY - AWS_ROLE: - from_secret: STAGING_BUILDBOX_DRONE_ECR_AWS_ROLE - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_SECRET - volumes: - - name: awsconfig - path: /root/.aws -- name: Build buildbox-arm and push to Staging +- name: Build and push buildbox-arm image: docker commands: - apk add --no-cache make aws-cli - chown -R $UID:$GID /go - - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin - 146628656107.dkr.ecr.us-west-2.amazonaws.com + - aws ecr get-login-password --profile staging --region=us-west-2 | docker login + -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - make -C build.assets buildbox-arm - docker tag public.ecr.aws/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA - docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA - volumes: - - name: dockersock - path: /var/run - - name: awsconfig - path: /root/.aws -- name: Assume Production buildbox-arm AWS Role - image: amazon/aws-cli - commands: - - aws sts get-caller-identity - - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ - $(aws sts assume-role \ - --role-arn "$AWS_ROLE" \ - --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ - --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ - --output text) \ - > /root/.aws/credentials - - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity - environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY - AWS_ROLE: - from_secret: PRODUCTION_BUILDBOX_DRONE_ECR_AWS_ROLE - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_SECRET - volumes: - - name: awsconfig - path: /root/.aws -- name: Push buildbox-arm to Production - image: docker - commands: - - apk add --no-cache make aws-cli - - chown -R $UID:$GID /go - - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin - public.ecr.aws + - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com + - aws ecr-public get-login-password --profile production --region=us-east-1 | docker + login -u="AWS" --password-stdin public.ecr.aws - docker push public.ecr.aws/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION volumes: - name: dockersock path: /var/run - name: awsconfig path: /root/.aws -- name: Assume Staging buildbox-centos7 AWS Role - image: amazon/aws-cli - commands: - - aws sts get-caller-identity - - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ - $(aws sts assume-role \ - --role-arn "$AWS_ROLE" \ - --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ - --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ - --output text) \ - > /root/.aws/credentials - - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity - environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_KEY - AWS_ROLE: - from_secret: STAGING_BUILDBOX_DRONE_ECR_AWS_ROLE - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_SECRET - volumes: - - name: awsconfig - path: /root/.aws -- name: Build buildbox-centos7 and push to Staging +- name: Build and push buildbox-centos7 image: docker commands: - apk add --no-cache make aws-cli - chown -R $UID:$GID /go - - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin - 146628656107.dkr.ecr.us-west-2.amazonaws.com + - aws ecr get-login-password --profile staging --region=us-west-2 | docker login + -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - make -C build.assets buildbox-centos7 - docker tag public.ecr.aws/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA - docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA - volumes: - - name: dockersock - path: /var/run - - name: awsconfig - path: /root/.aws -- name: Assume Production buildbox-centos7 AWS Role - image: amazon/aws-cli - commands: - - aws sts get-caller-identity - - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ - $(aws sts assume-role \ - --role-arn "$AWS_ROLE" \ - --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ - --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ - --output text) \ - > /root/.aws/credentials - - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity - environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY - AWS_ROLE: - from_secret: PRODUCTION_BUILDBOX_DRONE_ECR_AWS_ROLE - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_SECRET - volumes: - - name: awsconfig - path: /root/.aws -- name: Push buildbox-centos7 to Production - image: docker - commands: - - apk add --no-cache make aws-cli - - chown -R $UID:$GID /go - - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin - public.ecr.aws + - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com + - aws ecr-public get-login-password --profile production --region=us-east-1 | docker + login -u="AWS" --password-stdin public.ecr.aws - docker push public.ecr.aws/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION volumes: - name: dockersock path: /var/run - name: awsconfig path: /root/.aws -- name: Assume Staging buildbox-centos7-fips AWS Role - image: amazon/aws-cli - commands: - - aws sts get-caller-identity - - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ - $(aws sts assume-role \ - --role-arn "$AWS_ROLE" \ - --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ - --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ - --output text) \ - > /root/.aws/credentials - - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity - environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_KEY - AWS_ROLE: - from_secret: STAGING_BUILDBOX_DRONE_ECR_AWS_ROLE - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_SECRET - volumes: - - name: awsconfig - path: /root/.aws -- name: Build buildbox-centos7-fips and push to Staging +- name: Build and push buildbox-centos7-fips image: docker commands: - apk add --no-cache make aws-cli - chown -R $UID:$GID /go - - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin - 146628656107.dkr.ecr.us-west-2.amazonaws.com + - aws ecr get-login-password --profile staging --region=us-west-2 | docker login + -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - make -C build.assets buildbox-centos7-fips - docker tag public.ecr.aws/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA - docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA - volumes: - - name: dockersock - path: /var/run - - name: awsconfig - path: /root/.aws -- name: Assume Production buildbox-centos7-fips AWS Role - image: amazon/aws-cli - commands: - - aws sts get-caller-identity - - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ - $(aws sts assume-role \ - --role-arn "$AWS_ROLE" \ - --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ - --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ - --output text) \ - > /root/.aws/credentials - - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity - environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY - AWS_ROLE: - from_secret: PRODUCTION_BUILDBOX_DRONE_ECR_AWS_ROLE - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_SECRET - volumes: - - name: awsconfig - path: /root/.aws -- name: Push buildbox-centos7-fips to Production - image: docker - commands: - - apk add --no-cache make aws-cli - - chown -R $UID:$GID /go - - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin - public.ecr.aws + - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com + - aws ecr-public get-login-password --profile production --region=us-east-1 | docker + login -u="AWS" --password-stdin public.ecr.aws - docker push public.ecr.aws/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION volumes: - name: dockersock @@ -7548,7 +7311,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -7556,7 +7319,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -7594,7 +7357,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -7602,7 +7365,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: APT_REPO_NEW_AWS_ACCESS_KEY_ID @@ -7745,7 +7508,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -7753,7 +7516,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -7791,7 +7554,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -7799,7 +7562,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: YUM_REPO_NEW_AWS_ACCESS_KEY_ID @@ -7906,7 +7669,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -7914,7 +7677,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY @@ -8016,7 +7779,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -8024,7 +7787,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY @@ -8117,7 +7880,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -8125,7 +7888,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -8155,7 +7918,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -8163,7 +7926,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_AWS_ACCESS_KEY_ID @@ -8203,7 +7966,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -8211,7 +7974,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -8240,7 +8003,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -8248,7 +8011,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_AWS_ACCESS_KEY_ID @@ -8278,7 +8041,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -8286,7 +8049,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID @@ -8330,7 +8093,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -8338,7 +8101,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID @@ -8385,7 +8148,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -8393,7 +8156,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: RPMREPO_AWS_ACCESS_KEY_ID @@ -8487,7 +8250,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -8495,7 +8258,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: DEBREPO_AWS_ACCESS_KEY_ID @@ -8659,7 +8422,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -8667,7 +8430,7 @@ steps: --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY @@ -8828,7 +8591,7 @@ steps: commands: - aws sts get-caller-identity - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ @@ -8836,7 +8599,7 @@ steps: --output text) \ > /tmp/build-darwin-amd64-connect/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity + - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID @@ -8977,6 +8740,6 @@ steps: WORKSPACE_DIR: /tmp/build-darwin-amd64-connect --- kind: signature -hmac: 142652320ddc918439481ab91de8a9eaccdde62c0e7700b202f553168c22fc95 +hmac: 663d9150d58097bd3962829db4c723c5b97ed0c292d4a4022163cce0b7eb8b90 ... diff --git a/dronegen/aws.go b/dronegen/aws.go index 972bd63e42e51..f5c763ce27716 100644 --- a/dronegen/aws.go +++ b/dronegen/aws.go @@ -14,7 +14,10 @@ package main -import "path/filepath" +import ( + "fmt" + "path/filepath" +) // awsRoleSettings contains the information necessary to assume an AWS Role // @@ -30,12 +33,18 @@ type awsRoleSettings struct { type kubernetesRoleSettings struct { awsRoleSettings configVolume volumeRef + name string + profile string + append bool } // macRoleSettings contains the info necessary to assume an AWS role and save the credentials to a path that later steps can use type macRoleSettings struct { awsRoleSettings configPath string + name string + profile string + append bool } // kuberentesS3Settings contains all info needed to download from S3 in a kubernetes pipeline @@ -46,29 +55,43 @@ type kubernetesS3Settings struct { configVolume volumeRef } -// assumeRoleCommands is a helper to build the role assumtipn commands on a *nix platform -func assumeRoleCommands(configPath string) []string { - assumeRoleCmd := `printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ +// assumeRoleCommands is a helper to build the role assumption commands on a *nix platform +func assumeRoleCommands(profile, configPath string, appendFile bool) []string { + if profile == "" { // set a default profile if none is specified + profile = "default" + } + + var redirect string + if appendFile { + redirect = ">>" + } else { + redirect = ">" + } + + assumeRoleCmd := fmt.Sprintf(`printf "[%s]\naws_access_key_id = %%s\naws_secret_access_key = %%s\naws_session_token = %%s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ - > ` + configPath + %s %s`, profile, redirect, configPath) + return []string{ `aws sts get-caller-identity`, // check the original identity assumeRoleCmd, - `unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY`, // remove original identity from environment - `aws sts get-caller-identity`, // check the new assumed identity + `unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY`, // remove original identity from environment + `aws sts get-caller-identity --profile ` + profile, // check the new assumed identity } - } // kubernetesAssumeAwsRoleStep builds a step to assume an AWS role and save it to a volume that later steps can use func kubernetesAssumeAwsRoleStep(s kubernetesRoleSettings) step { + if s.name == "" { + s.name = "Assume AWS Role" + } configPath := filepath.Join(s.configVolume.Path, "credentials") return step{ - Name: "Assume AWS Role", + Name: s.name, Image: "amazon/aws-cli", Environment: map[string]value{ "AWS_ACCESS_KEY_ID": s.awsAccessKeyID, @@ -76,21 +99,24 @@ func kubernetesAssumeAwsRoleStep(s kubernetesRoleSettings) step { "AWS_ROLE": s.role, }, Volumes: []volumeRef{s.configVolume}, - Commands: assumeRoleCommands(configPath), + Commands: assumeRoleCommands(s.profile, configPath, s.append), } } // macAssumeAwsRoleStep builds a step to assume an AWS role and save it to a host path that later steps can use func macAssumeAwsRoleStep(s macRoleSettings) step { + if s.name == "" { + s.name = "Assume AWS Role" + } return step{ - Name: "Assume AWS Role", + Name: s.name, Environment: map[string]value{ "AWS_ACCESS_KEY_ID": s.awsAccessKeyID, "AWS_SECRET_ACCESS_KEY": s.awsSecretAccessKey, "AWS_ROLE": s.role, "AWS_SHARED_CREDENTIALS_FILE": value{raw: s.configPath}, }, - Commands: assumeRoleCommands(s.configPath), + Commands: assumeRoleCommands(s.profile, s.configPath, s.append), } } diff --git a/dronegen/buildbox.go b/dronegen/buildbox.go index aa32ab310035d..75aa73db5e018 100644 --- a/dronegen/buildbox.go +++ b/dronegen/buildbox.go @@ -16,7 +16,7 @@ package main import "fmt" -func allBuildboxPipelineSteps() []step { +func buildboxPipelineSteps() []step { steps := []step{ { Name: "Check out code", @@ -27,6 +27,27 @@ func allBuildboxPipelineSteps() []step { }, }, waitForDockerStep(), + kubernetesAssumeAwsRoleStep(kubernetesRoleSettings{ + awsRoleSettings: awsRoleSettings{ + awsAccessKeyID: value{fromSecret: "STAGING_BUILDBOX_DRONE_USER_ECR_KEY"}, + awsSecretAccessKey: value{fromSecret: "STAGING_BUILDBOX_DRONE_USER_ECR_SECRET"}, + role: value{fromSecret: "STAGING_BUILDBOX_DRONE_ECR_AWS_ROLE"}, + }, + configVolume: volumeRefAwsConfig, + name: "Configure Staging AWS Profile", + profile: "staging", + }), + kubernetesAssumeAwsRoleStep(kubernetesRoleSettings{ + awsRoleSettings: awsRoleSettings{ + awsAccessKeyID: value{fromSecret: "PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY"}, + awsSecretAccessKey: value{fromSecret: "PRODUCTION_BUILDBOX_DRONE_USER_ECR_SECRET"}, + role: value{fromSecret: "PRODUCTION_BUILDBOX_DRONE_ECR_AWS_ROLE"}, + }, + configVolume: volumeRefAwsConfig, + name: "Configure Production AWS Profile", + append: true, + profile: "production", + }), } for _, name := range []string{"buildbox", "buildbox-arm", "buildbox-centos7"} { @@ -35,66 +56,36 @@ func allBuildboxPipelineSteps() []step { if name == "buildbox-arm" && fips { continue } - steps = append(steps, buildboxPipelineSteps(name, fips)...) + steps = append(steps, buildboxPipelineStep(name, fips)) } } return steps } -func buildboxPipelineSteps(buildboxName string, fips bool) []step { +func buildboxPipelineStep(buildboxName string, fips bool) step { if fips { buildboxName += "-fips" } - assumeStagingRoleStep := kubernetesAssumeAwsRoleStep(kubernetesRoleSettings{ - awsRoleSettings: awsRoleSettings{ - awsAccessKeyID: value{fromSecret: "STAGING_BUILDBOX_DRONE_USER_ECR_KEY"}, - awsSecretAccessKey: value{fromSecret: "STAGING_BUILDBOX_DRONE_USER_ECR_SECRET"}, - role: value{fromSecret: "STAGING_BUILDBOX_DRONE_ECR_AWS_ROLE"}, - }, - configVolume: volumeRefAwsConfig, - }) - assumeStagingRoleStep.Name = fmt.Sprintf("Assume Staging %s AWS Role", buildboxName) - assumeProductionRoleStep := kubernetesAssumeAwsRoleStep(kubernetesRoleSettings{ - awsRoleSettings: awsRoleSettings{ - awsAccessKeyID: value{fromSecret: "PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY"}, - awsSecretAccessKey: value{fromSecret: "PRODUCTION_BUILDBOX_DRONE_USER_ECR_SECRET"}, - role: value{fromSecret: "PRODUCTION_BUILDBOX_DRONE_ECR_AWS_ROLE"}, - }, - configVolume: volumeRefAwsConfig, - }) - assumeProductionRoleStep.Name = fmt.Sprintf("Assume Production %s AWS Role", buildboxName) - return []step{ - assumeStagingRoleStep, - step{ - Name: fmt.Sprintf("Build %s and push to Staging", buildboxName), - Image: "docker", - Volumes: []volumeRef{volumeRefDocker, volumeRefAwsConfig}, - Commands: []string{ - `apk add --no-cache make aws-cli`, - `chown -R $UID:$GID /go`, - // Authenticate to staging registry - `aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin ` + StagingRegistry, - // Build buildbox image - fmt.Sprintf(`make -C build.assets %s`, buildboxName), - // Retag for staging registry - fmt.Sprintf(`docker tag %s/gravitational/teleport-%s:$BUILDBOX_VERSION %s/gravitational/teleport-%s:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA`, ProductionRegistry, buildboxName, StagingRegistry, buildboxName), - // Push to staging registry - fmt.Sprintf(`docker push %s/gravitational/teleport-%s:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA`, StagingRegistry, buildboxName), - }, - }, - assumeProductionRoleStep, - step{ - Name: fmt.Sprintf("Push %s to Production", buildboxName), - Image: "docker", - Volumes: []volumeRef{volumeRefDocker, volumeRefAwsConfig}, - Commands: []string{ - `apk add --no-cache make aws-cli`, - `chown -R $UID:$GID /go`, - // Authenticate to production registry - `aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin ` + ProductionRegistry, - // Push to production registry - fmt.Sprintf(`docker push %s/gravitational/teleport-%s:$BUILDBOX_VERSION`, ProductionRegistry, buildboxName), - }, + return step{ + Name: "Build and push " + buildboxName, + Image: "docker", + Volumes: []volumeRef{volumeRefDocker, volumeRefAwsConfig}, + Commands: []string{ + `apk add --no-cache make aws-cli`, + `chown -R $UID:$GID /go`, + // Authenticate to staging registry + `aws ecr get-login-password --profile staging --region=us-west-2 | docker login -u="AWS" --password-stdin ` + StagingRegistry, + // Build buildbox image + fmt.Sprintf(`make -C build.assets %s`, buildboxName), + // Retag for staging registry + fmt.Sprintf(`docker tag %s/gravitational/teleport-%s:$BUILDBOX_VERSION %s/gravitational/teleport-%s:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA`, ProductionRegistry, buildboxName, StagingRegistry, buildboxName), + // Push to staging registry + fmt.Sprintf(`docker push %s/gravitational/teleport-%s:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA`, StagingRegistry, buildboxName), + // Authenticate to production registry + `docker logout ` + StagingRegistry, + `aws ecr-public get-login-password --profile production --region=us-east-1 | docker login -u="AWS" --password-stdin ` + ProductionRegistry, + // Push to production registry + fmt.Sprintf(`docker push %s/gravitational/teleport-%s:$BUILDBOX_VERSION`, ProductionRegistry, buildboxName), }, } } @@ -114,6 +105,6 @@ func buildboxPipeline() pipeline { p.Services = []service{ dockerService(), } - p.Steps = allBuildboxPipelineSteps() + p.Steps = buildboxPipelineSteps() return p } diff --git a/dronegen/os_repos.go b/dronegen/os_repos.go index 3f798527d847b..f7f1892669bef 100644 --- a/dronegen/os_repos.go +++ b/dronegen/os_repos.go @@ -365,14 +365,14 @@ func (optpb *OsPackageToolPipelineBuilder) getVersionSteps(codePath, version str role: value{fromSecret: "AWS_ROLE"}, }, configVolume: volumeRefAwsConfig, + name: "Assume Download AWS Role", }) - assumeDownloadRoleStep.Name = "Assume Download AWS Role" // multiple steps cannot have the same name assumeUploadRoleStep := kubernetesAssumeAwsRoleStep(kubernetesRoleSettings{ awsRoleSettings: optpb.bucketSecrets.awsRoleSettings, configVolume: volumeRefAwsConfig, + name: "Assume Upload AWS Role", }) - assumeUploadRoleStep.Name = "Assume Upload AWS Role" // multiple steps cannot have the same name return []step{ assumeDownloadRoleStep, diff --git a/dronegen/tag.go b/dronegen/tag.go index 7034d589898cc..a1cc6628a2320 100644 --- a/dronegen/tag.go +++ b/dronegen/tag.go @@ -500,8 +500,8 @@ func tagPackagePipeline(packageType string, b buildType) pipeline { role: value{fromSecret: "AWS_ROLE"}, }, configVolume: volumeRefAwsConfig, + name: "Assume Download AWS Role", }) - assumeDownloadRoleStep.Name = "Assume Download AWS Role" assumeBuildRoleStep := kubernetesAssumeAwsRoleStep(kubernetesRoleSettings{ awsRoleSettings: awsRoleSettings{ awsAccessKeyID: value{fromSecret: "TELEPORT_BUILD_USER_READ_ONLY_KEY"}, @@ -509,8 +509,8 @@ func tagPackagePipeline(packageType string, b buildType) pipeline { role: value{fromSecret: "TELEPORT_BUILD_READ_ONLY_AWS_ROLE"}, }, configVolume: volumeRefAwsConfig, + name: "Assume Build AWS Role", }) - assumeBuildRoleStep.Name = "Assume Build AWS Role" assumeUploadRoleStep := kubernetesAssumeAwsRoleStep(kubernetesRoleSettings{ awsRoleSettings: awsRoleSettings{ awsAccessKeyID: value{fromSecret: "AWS_ACCESS_KEY_ID"}, @@ -518,8 +518,8 @@ func tagPackagePipeline(packageType string, b buildType) pipeline { role: value{fromSecret: "AWS_ROLE"}, }, configVolume: volumeRefAwsConfig, + name: "Assume Upload AWS Role", }) - assumeUploadRoleStep.Name = "Assume Upload AWS Role" pipelineName := fmt.Sprintf("%s-%s", dependentPipeline, packageType)