|
1 | 1 | gcp_credentials: ENCRYPTED[!149d4005ecdba4cdd78bb5ba22756ebb98bf8e3367ee2e9ab08c5a1608c0d3e3b501904b67a1d67c0b63085e469d7dde!] |
2 | 2 |
|
3 | 3 | env: |
4 | | - ARTIFACTORY_URL: ENCRYPTED[!2f8fa307d3289faa0aa6791f18b961627ae44f1ef46b136e1a1e63b0b4c86454dbb25520d49b339e2d50a1e1e5f95c88!] |
5 | | - ARTIFACTORY_PRIVATE_USERNAME: repox-private-reader-lt-1a7e1f |
6 | | - ARTIFACTORY_PRIVATE_PASSWORD: ENCRYPTED[!4890acae4038fb09d3921b1126aad6af4c0bc3984e603cf1639766e44cc987c3f2b7d529b5420b2e3eca0f354b938bf8!] |
7 | | - ARTIFACTORY_DEPLOY_USERNAME: repox-qa-deployer-lt-1a7e1f |
8 | | - ARTIFACTORY_DEPLOY_PASSWORD: ENCRYPTED[!91fd8560ac00c4661c3161af1bd6e74ed8de8799e9d6ddc2f07bbcf154703adfb54d197ec2286c25f481fca7aba18c76!] |
| 4 | + CIRRUS_VAULT_URL: https://vault.sonar.build:8200 |
| 5 | + CIRRUS_VAULT_AUTH_PATH: jwt-cirrusci |
| 6 | + CIRRUS_VAULT_ROLE: cirrusci-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME} |
| 7 | + |
| 8 | + ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url] |
| 9 | + ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader |
| 10 | + ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token] |
| 11 | + ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer |
| 12 | + ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token] |
9 | 13 | ARTIFACTORY_DEPLOY_REPO: sonarsource-public-qa |
10 | | - ARTIFACTORY_API_KEY: ENCRYPTED[!4890acae4038fb09d3921b1126aad6af4c0bc3984e603cf1639766e44cc987c3f2b7d529b5420b2e3eca0f354b938bf8!] |
| 14 | + ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token] |
| 15 | + GITHUB_TOKEN: VAULT[development/github/token/licenses-ro token] |
11 | 16 | # burgr notification |
12 | | - BURGR_URL: ENCRYPTED[!c7e294da94762d7bac144abef6310c5db300c95979daed4454ca977776bfd5edeb557e1237e3aa8ed722336243af2d78!] |
13 | | - BURGR_USERNAME: ENCRYPTED[!b29ddc7610116de511e74bec9a93ad9b8a20ac217a0852e94a96d0066e6e822b95e7bc1fe152afb707f16b70605fddd3!] |
14 | | - BURGR_PASSWORD: ENCRYPTED[!83e130718e92b8c9de7c5226355f730e55fb46e45869149a9223e724bb99656878ef9684c5f8cfef434aa716e87f4cf2!] |
| 17 | + BURGR_URL: VAULT[development/kv/data/burgr data.url] |
| 18 | + BURGR_USERNAME: VAULT[development/kv/data/burgr data.cirrus_username] |
| 19 | + BURGR_PASSWORD: VAULT[development/kv/data/burgr data.cirrus_password] |
15 | 20 |
|
16 | 21 | # Use bash (instead of sh on linux or cmd.exe on windows) |
17 | 22 | CIRRUS_SHELL: bash |
18 | | - GITHUB_TOKEN: ENCRYPTED[!f458126aa9ed2ac526f220c5acb51dd9cc255726b34761a56fc78d4294c11089502a882888cef0ca7dd4085e72e611a5!] |
19 | 23 |
|
20 | 24 | container_definition: &CONTAINER_DEFINITION |
21 | 25 | builder_image_project: release-engineering-ci-prod |
@@ -80,13 +84,13 @@ build_task: |
80 | 84 | memory: 30G |
81 | 85 | env: |
82 | 86 | # analysis on next |
83 | | - SONAR_TOKEN: ENCRYPTED[!b6fd814826c51e64ee61b0b6f3ae621551f6413383f7170f73580e2e141ac78c4b134b506f6288c74faa0dd564c05a29!] |
| 87 | + SONAR_TOKEN: VAULT[development/kv/data/next data.token] |
84 | 88 | SONAR_HOST_URL: https://next.sonarqube.com/sonarqube |
85 | 89 | #allow deployment of pull request artifacts to repox |
86 | 90 | DEPLOY_PULL_REQUEST: true |
87 | 91 | #sign artifacts |
88 | | - SIGN_KEY: ENCRYPTED[!cc216dfe592f79db8006f2a591f8f98b40aa2b078e92025623594976fd32f6864c1e6b6ba74b50647f608e2418e6c336!] |
89 | | - PGP_PASSPHRASE: ENCRYPTED[!314a8fc344f45e462dd5e8dccd741d7562283a825e78ebca27d4ae9db8e65ce618e7f6aece386b2782a5abe5171467bd!] |
| 92 | + SIGN_KEY: VAULT[development/kv/data/sign data.key] |
| 93 | + PGP_PASSPHRASE: VAULT[development/kv/data/sign data.passphrase] |
90 | 94 | <<: *MAVEN_CACHE |
91 | 95 | sonar_cache: |
92 | 96 | folder: ${HOME}/.sonar/cache |
@@ -123,7 +127,7 @@ ws_scan_task: |
123 | 127 | # run only on master and long-term branches |
124 | 128 | only_if: $CIRRUS_USER_COLLABORATOR == 'true' && ($CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*") |
125 | 129 | env: |
126 | | - WS_APIKEY: ENCRYPTED[!3929c6148b9dfc751a2d17c590b15d755f82cd9c108f2de5f24a5b32f2a0c26144e921fab7e2c959fc2824d6d6d1550d!] |
| 130 | + WS_APIKEY: VAULT[development/kv/data/mend data.apikey] |
127 | 131 | <<: *MAVEN_CACHE |
128 | 132 | whitesource_script: |
129 | 133 | - source cirrus-env QA |
@@ -228,8 +232,9 @@ promote_task: |
228 | 232 | memory: 1G |
229 | 233 | env: |
230 | 234 | #promotion cloud function |
231 | | - GCF_ACCESS_TOKEN: ENCRYPTED[!1fb91961a5c01e06e38834e55755231d649dc62eca354593105af9f9d643d701ae4539ab6a8021278b8d9348ae2ce8be!] |
232 | | - PROMOTE_URL: ENCRYPTED[!e22ed2e34a8f7a1aea5cff653585429bbd3d5151e7201022140218f9c5d620069ec2388f14f83971e3fd726215bc0f5e!] |
| 235 | + GCF_ACCESS_TOKEN: VAULT[development/kv/data/promote data.token] |
| 236 | + PROMOTE_URL: VAULT[development/kv/data/promote data.url] |
| 237 | + GITHUB_TOKEN: VAULT[development/github/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promotion token] |
233 | 238 | #artifacts that will have downloadable links in burgr |
234 | 239 | ARTIFACTS: org.sonarsource.javascript:sonar-javascript-plugin:jar |
235 | 240 | <<: *MAVEN_CACHE |
|
0 commit comments