self-hosted/teleport

Fork 0

mirror of https://github.com/gravitational/teleport synced 2024-10-21 01:34:01 +00:00

Commit graph

Author	SHA1	Message	Date
Walt	d6f07e4f54	APT/YUM publishing fixes (#17638 ) * Serialize apt/yum promote pipelines These were running in parallel, but we want them to run serially. Therefore, we add a dependency between each step and its previous step. * Allow dev build promotes to proceed in deb/rpm pipelines This helps test a couple more changes from this pipeline when cutting a dev build. Particularly, we saw the download and role assumption steps fail in https://github.com/gravitational/teleport/pull/17334, and this change would have allowed us to catch that error during testing. * Fix globbing bug This bug does not appear to affect anything currently. However it should be fixed in case the rm is important at some point in the future. The bug is: when a wildcard is inside quotes, it is treated as a literal filename. So rm -rf "$ARTIFACT_PATH/" tries to remove the file named '' instead of trying to remove everything in artifact path. * Swap YUM_REPO_NEW_ROLE to YUM_REPO_NEW_AWS_ROLE All other roles environment variables end in AWS_ROLE, and consistency is our friend here.	2022-10-21 06:23:21 +00:00
Walt	acbf575230	Refactor Drone Pipelines to use AWS role assumption (#17201 ) This PR updates our various Drone pipelines to use AWS roles for publishing. Our AWS FTR requires that we do not use any long lived credentials in our AWS accounts and instead use roles. This means we need to move from attaching policies directly to users to attaching policies to roles and having policyless users assume those roles. https://aws.amazon.com/partners/foundational-technical-review/ Contributes to https://github.com/gravitational/SecOps/issues/213	2022-10-10 20:32:43 +00:00
fheinecke	b022fea56b	Added YUM implementation of OS package build tool (#14203 ) * Added YUM implementation of OS package build tool * Addressed PR comments * Added YUM migrations * Added curl to YUM dependencies * Changed pipelines to use golang:1.18.4-bullseye for Go * Implemented proper repo downloading logic * Fixed other merge conflicts * Added artifacts cleanup * Removed delete on s3 sync * Added RPM migrations * v8 migrations * Partial v8 migration * Migration remainder * Reduced requested resources * Updated resource limits per step * Added k8s stage resource limits to drone * Fixed format issue * Removed resource requests * Added `depends_on` support to dronegen * v8.3 migrations * Fixed parallelism * Removed migration parallelism * Fixed RPM base arch lookup * v6 and v7 YUM migration * Fixed missing ISA * Updated repo file path * Added logging * Removed vars from repo file * v8.3 migration first batch * v8.3 migration second batch * v9.0 migration * v9.1 migration * v9.2 migration * v9.3 first migration * v9.3 second migration * v10.0 migration * Removed migrations * Disabled shell linting non-issues * Fixed linter problem * More linter fixes	2022-08-02 21:32:59 +00:00

Author

SHA1

Message

Date

Walt

d6f07e4f54

APT/YUM publishing fixes (#17638 )

* Serialize apt/yum promote pipelines

These were running in parallel, but we want them to run serially.
Therefore, we add a dependency between each step and its previous step.

* Allow dev build promotes to proceed in deb/rpm pipelines

This helps test a couple more changes from this pipeline when cutting a
dev build.  Particularly, we saw the download and role assumption steps
fail in https://github.com/gravitational/teleport/pull/17334, and this
change would have allowed us to catch that error during testing.

* Fix globbing bug

This bug does not appear to affect anything currently.  However it
should be fixed in case the rm is important at some point in the future.

The bug is: when a wildcard is inside quotes, it is treated as a literal
filename.  So rm -rf "$ARTIFACT_PATH/*" tries to remove the file named
'*' instead of trying to remove everything in artifact path.

* Swap YUM_REPO_NEW_ROLE to YUM_REPO_NEW_AWS_ROLE

All other roles environment variables end in AWS_ROLE, and consistency
is our friend here.

2022-10-21 06:23:21 +00:00

Walt

acbf575230

Refactor Drone Pipelines to use AWS role assumption (#17201 )

This PR updates our various Drone pipelines to use AWS roles for publishing.

Our AWS FTR requires that we do not use any long lived credentials in our AWS accounts and instead use roles. This means we need to move from attaching policies directly to users to attaching policies to roles and having policyless users assume those roles.

https://aws.amazon.com/partners/foundational-technical-review/

Contributes to https://github.com/gravitational/SecOps/issues/213

2022-10-10 20:32:43 +00:00

fheinecke

b022fea56b

Added YUM implementation of OS package build tool (#14203 )

* Added YUM implementation of OS package build tool

* Addressed PR comments

* Added YUM migrations

* Added curl to YUM dependencies

* Changed pipelines to use golang:1.18.4-bullseye for Go

* Implemented proper repo downloading logic

* Fixed other merge conflicts

* Added artifacts cleanup

* Removed delete on s3 sync

* Added RPM migrations

* v8 migrations

* Partial v8 migration

* Migration remainder

* Reduced requested resources

* Updated resource limits per step

* Added k8s stage resource limits to drone

* Fixed format issue

* Removed resource requests

* Added `depends_on` support to dronegen

* v8.3 migrations

* Fixed parallelism

* Removed migration parallelism

* Fixed RPM base arch lookup

* v6 and v7 YUM migration

* Fixed missing ISA

* Updated repo file path

* Added logging

* Removed vars from repo file

* v8.3 migration first batch

* v8.3 migration second batch

* v9.0 migration

* v9.1 migration

* v9.2 migration

* v9.3 first migration

* v9.3 second migration

* v10.0 migration

* Removed migrations

* Disabled shell linting non-issues

* Fixed linter problem

* More linter fixes

2022-08-02 21:32:59 +00:00

3 commits