diff options
| author | Josh Matthews <josh@joshmatthews.net> | 2019-05-02 09:50:55 -0400 |
|---|---|---|
| committer | Josh Matthews <josh@joshmatthews.net> | 2019-05-02 10:49:24 -0400 |
| commit | dbdbbeb132ee1afb2cfe4b85391216a86a592689 (patch) | |
| tree | 472bfdbc95311505ea44d7cfdf58427701d6b86c /python/servo | |
| parent | e0e8f64f54b78562999ae615f5c90928aa9638f6 (diff) | |
| download | servo-dbdbbeb132ee1afb2cfe4b85391216a86a592689.tar.gz servo-dbdbbeb132ee1afb2cfe4b85391216a86a592689.zip | |
Move taskcluster secrets into appropriate mach commands.
Diffstat (limited to 'python/servo')
| -rw-r--r-- | python/servo/package_commands.py | 40 |
1 files changed, 36 insertions, 4 deletions
diff --git a/python/servo/package_commands.py b/python/servo/package_commands.py index 94a30dfe421..6dd788f5fa4 100644 --- a/python/servo/package_commands.py +++ b/python/servo/package_commands.py @@ -19,6 +19,7 @@ import shutil import subprocess import sys import tempfile +import urllib from mach.decorators import ( CommandArgument, @@ -538,9 +539,25 @@ class PackageCommands(CommandBase): @CommandArgument('platform', choices=PACKAGES.keys(), help='Package platform type to upload') - def upload_nightly(self, platform): + @CommandArgument('--secret-from-taskcluster', + action='store_true', + help='Retrieve the appropriate secrets from taskcluster.') + def upload_nightly(self, platform, secret_from_taskcluster): import boto3 + def get_taskcluster_secret(name): + url = "http://taskcluster/secrets/v1/secret/project/servo/" + name + return json.load(urllib.urlopen(url))["secret"] + + def get_s3_secret(): + aws_access_key = None + aws_secret_access_key = None + if secret_from_taskcluster: + secret = get_taskcluster_secret("s3-upload-credentials") + aws_access_key = secret["aws_access_key_id"] + aws_secret_access_key = secret["aws_secret_access_key"] + return (aws_access_key, aws_secret_access_key) + def nightly_filename(package, timestamp): return '{}-{}'.format( timestamp.isoformat() + 'Z', # The `Z` denotes UTC @@ -548,7 +565,12 @@ class PackageCommands(CommandBase): ) def upload_to_s3(platform, package, timestamp): - s3 = boto3.client('s3') + (aws_access_key, aws_secret_access_key) = get_s3_secret() + s3 = boto3.client( + 's3', + aws_access_key_id=aws_access_key, + aws_secret_access_key=aws_secret_access_key + ) BUCKET = 'servo-builds' nightly_dir = 'nightly/{}'.format(platform) @@ -565,7 +587,12 @@ class PackageCommands(CommandBase): s3.copy(copy_source, BUCKET, latest_upload_key) def update_maven(directory): - s3 = boto3.client('s3') + (aws_access_key, aws_secret_access_key) = get_s3_secret() + s3 = boto3.client( + 's3', + aws_access_key_id=aws_access_key, + aws_secret_access_key=aws_secret_access_key + ) BUCKET = 'servo-builds' nightly_dir = 'nightly/maven' @@ -626,13 +653,18 @@ class PackageCommands(CommandBase): '--message=Version Bump: {}'.format(brew_version), ]) + if secret_from_taskcluster: + token = get_taskcluster_secret('github-homebrew-token')["token"] + else: + token = os.environ['GITHUB_HOMEBREW_TOKEN'] + push_url = 'https://{}@github.com/servo/homebrew-servo.git' # TODO(aneeshusa): Use subprocess.DEVNULL with Python 3.3+ with open(os.devnull, 'wb') as DEVNULL: call_git([ 'push', '-qf', - push_url.format(os.environ['GITHUB_HOMEBREW_TOKEN']), + push_url.format(token), 'master', ], stdout=DEVNULL, stderr=DEVNULL) |