CI_README.adoc

For Continuous Deployment Server:

Store token into Vault

You will need the Vault CLI tool installed to store token into the Vault service.

Get the GH token to be able to use Vault:

Go to the page https://github.com/settings/tokens

Select Vault

Select Refresh token or Regenerate token button (UI change from time to time)

Copy and use the token displayed.

Push token into Vault

Login into vault:

export VAULT_ADDR=https://vault.devshift.net
vault login -method=github token="MY_GH_TOKEN"

Use the following command to store token into Vault

vault write devtools-osio-ci/recommender-refresh-token token=@refresh_token.txt

Use token on CI

Definition of secret object:

- recommender-refresh-token: &recommender-refresh-token
    name: "recommender-refresh-token"
    secret-path: 'devtools-osio-ci/recommender-refresh-token'
    secret-values:
      - env-var: 'RECOMMENDER_REFRESH_TOKEN'
        vault-key: 'token'

The job template needs to contain reference to a secret object:

- job-template:
    wrappers:
        - vault-secrets:
            <<: *vault_defaults
            secrets:
              - *recommender-api-token
              - *3scale-user-key
              - *recommender-refresh-token

The token will be stored in environment variable named RECOMMENDER_REFRESH_TOKEN and can be used by tests:

load_jenkins_vars() {
    if [ -e "jenkins-env" ]; then
        cat jenkins-env \
          | grep -E "(FRECOMMENDER_REFRESH_TOKEN|JENKINS_URL|GIT_BRANCH|GIT_COMMIT|BUILD_NUMBER)=" \
          | sed 's/^/export /g' \
          > ~/.jenkins-env
        source ~/.jenkins-env
    fi
    echo "Jenkins URL: $JENKINS_URL"
    echo "Build URL: $BUILD_URL"
}

Go to README.adoc