mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-19 00:37:23 +03:00
fix auth header for compat pr (#7134)
On the last release, the job succeeded despite no being able to create the compat PR. This fixes: - The curl call to actually return non-0 on non-2xx HTTP response. - The way in which we encode the credentials. This also attempts to create a Bash library, hopefully this time in a way that doesn't get destroyed by our release process. IIUC pipeline instructions (YAML files) are all parsed and read before any execution, so by embedding the Bash library in a template we should get the correct version (i.e. the one that is running the pipeline) even when checking out other commits. CHANGELOG_BEGIN CHANGELOG_END
This commit is contained in:
parent
15e1df81c2
commit
1baea84ca0
@ -499,16 +499,20 @@ jobs:
|
|||||||
- checkout: self
|
- checkout: self
|
||||||
persistCredentials: true
|
persistCredentials: true
|
||||||
- bash: ci/dev-env-install.sh
|
- bash: ci/dev-env-install.sh
|
||||||
|
- template: ci/bash-lib.yml
|
||||||
|
parameters:
|
||||||
|
var_name: bash_lib
|
||||||
- bash: |
|
- bash: |
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
eval "$(./dev-env/bin/dade-assist)"
|
eval "$(./dev-env/bin/dade-assist)"
|
||||||
|
|
||||||
|
source $(bash_lib)
|
||||||
|
|
||||||
setvar() {
|
setvar() {
|
||||||
echo "Setting '$1' to '$2'"
|
echo "Setting '$1' to '$2'"
|
||||||
echo "##vso[task.setvariable variable=$1;isOutput=true]$2"
|
echo "##vso[task.setvariable variable=$1;isOutput=true]$2"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
DELAY=1
|
DELAY=1
|
||||||
while ! curl --fail -I https://repo1.maven.org/maven2/com/daml/ledger-api-test-tool/$(release_tag)/ledger-api-test-tool-$(release_tag).jar; do
|
while ! curl --fail -I https://repo1.maven.org/maven2/com/daml/ledger-api-test-tool/$(release_tag)/ledger-api-test-tool-$(release_tag).jar; do
|
||||||
sleep $DELAY
|
sleep $DELAY
|
||||||
@ -519,19 +523,7 @@ jobs:
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
# With `persistCredentials: true`, Azure Pipelines will store the
|
AUTH="$(get_gh_auth_header)"
|
||||||
# credentials to interact with GitHub in the url for the origin remote,
|
|
||||||
# using basic auth format:
|
|
||||||
# https://username:password@github.com/:user/:repo.git
|
|
||||||
# This series of pipes extracts the `username:password` part.
|
|
||||||
#
|
|
||||||
# It looks like in some cases the credentials get stored separately as
|
|
||||||
# a header instead.
|
|
||||||
if header=$(git config 'http.https://github.com/digital-asset/daml.extraheader'); then
|
|
||||||
AUTH="$header"
|
|
||||||
else
|
|
||||||
AUTH="Authorization: basic $(git config remote.origin.url | grep -o '://.*:.*@' | cut -c4- | rev | cut -c2- | rev)"
|
|
||||||
fi
|
|
||||||
|
|
||||||
git checkout origin/master
|
git checkout origin/master
|
||||||
BRANCH=update-compat-versions-for-$(release_tag)
|
BRANCH=update-compat-versions-for-$(release_tag)
|
||||||
@ -551,6 +543,7 @@ jobs:
|
|||||||
curl -H "Content-Type: application/json" \
|
curl -H "Content-Type: application/json" \
|
||||||
-H "$AUTH" \
|
-H "$AUTH" \
|
||||||
--silent \
|
--silent \
|
||||||
|
--fail \
|
||||||
--include \
|
--include \
|
||||||
--location \
|
--location \
|
||||||
-d "{\"title\": \"update compat versions for $(release_tag)\", \"head\": \"$BRANCH\", \"base\": \"master\"}" \
|
-d "{\"title\": \"update compat versions for $(release_tag)\", \"head\": \"$BRANCH\", \"base\": \"master\"}" \
|
||||||
|
26
ci/bash-lib.yml
Normal file
26
ci/bash-lib.yml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
# Copyright (c) 2020 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
parameters:
|
||||||
|
var_name: ''
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- bash: |
|
||||||
|
set -euo pipefail
|
||||||
|
TMP=$(mktemp)
|
||||||
|
cat > $TMP <<'END'
|
||||||
|
get_gh_auth_header() {
|
||||||
|
# Credentials are persisted in a different way on GCP and Azure nodes.
|
||||||
|
if header=$(git config 'http.https://github.com/digital-asset/daml.extraheader'); then
|
||||||
|
# On Azure nodes, the auth header is stored directly in the git
|
||||||
|
# config.
|
||||||
|
echo $header
|
||||||
|
else
|
||||||
|
# On GCP nodes, the credentials are stored as part of the remote
|
||||||
|
# url instead of as a separate header. The format is
|
||||||
|
# https://username:password@github.com/:user/:repo.git
|
||||||
|
echo "Authorization: basic $(git config remote.origin.url | grep -o '://.*:.*@' | cut -c4- | rev | cut -c2- | rev | tr -d '\n' | base64 -w0)"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
END
|
||||||
|
echo "##vso[task.setvariable variable=${{parameters.var_name}}]$TMP"
|
@ -20,14 +20,15 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- checkout: self
|
- checkout: self
|
||||||
persistCredentials: true
|
persistCredentials: true
|
||||||
|
- template: ../bash-lib.yml
|
||||||
|
parameters:
|
||||||
|
var_name: bash_lib
|
||||||
- bash: |
|
- bash: |
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
if header=$(git config 'http.https://github.com/digital-asset/daml.extraheader'); then
|
source "$(bash_lib)"
|
||||||
AUTH="$header"
|
|
||||||
else
|
AUTH="$(get_gh_auth_header)"
|
||||||
AUTH="Authorization: basic $(git config remote.origin.url | grep -o '://.*:.*@' | cut -c4- | rev | cut -c2- | rev)"
|
|
||||||
fi
|
|
||||||
|
|
||||||
BASE_SHA=$(git rev-parse HEAD)
|
BASE_SHA=$(git rev-parse HEAD)
|
||||||
az extension add --name azure-devops
|
az extension add --name azure-devops
|
||||||
|
Loading…
Reference in New Issue
Block a user