Skip to content
Snippets Groups Projects
Commit 69884f72 authored by Wouter Deconinck's avatar Wouter Deconinck
Browse files

do not leak eic-spack rw credentials

parent 4987a738
No related branches found
No related tags found
No related merge requests found
This commit is part of merge request !436. Comments created here will be created in the context of that merge request.
......@@ -254,8 +254,10 @@ jug_dev:default:
--build-arg EICSPACK_ORGREPO="${EICSPACK_ORGREPO}"
--build-arg EICSPACK_VERSION="${EICSPACK_VERSION}"
--build-arg EICSPACK_CHERRYPICKS="${EICSPACK_CHERRYPICKS}"
--build-arg S3_ACCESS_KEY="${S3RW_ACCESS_KEY}"
--build-arg S3_SECRET_KEY="${S3RW_SECRET_KEY}"
--build-arg S3_ACCESS_KEY="${S3_ACCESS_KEY}"
--build-arg S3_SECRET_KEY="${S3_SECRET_KEY}"
--build-arg S3RW_ACCESS_KEY="${S3RW_ACCESS_KEY}"
--build-arg S3RW_SECRET_KEY="${S3RW_SECRET_KEY}"
--build-arg CACHE_BUST=${PACKAGE_HASH}
--build-arg INTERNAL_TAG=${INTERNAL_TAG}
--build-arg JUG_VERSION=${INTERNAL_TAG}-$(git rev-parse HEAD)
......@@ -270,8 +272,10 @@ jug_dev:default:
--build-arg EICSPACK_ORGREPO="${EICSPACK_ORGREPO}"
--build-arg EICSPACK_VERSION="${EICSPACK_VERSION}"
--build-arg EICSPACK_CHERRYPICKS="${EICSPACK_CHERRYPICKS}"
--build-arg S3_ACCESS_KEY="${S3RW_ACCESS_KEY}"
--build-arg S3_SECRET_KEY="${S3RW_SECRET_KEY}"
--build-arg S3_ACCESS_KEY="${S3_ACCESS_KEY}"
--build-arg S3_SECRET_KEY="${S3_SECRET_KEY}"
--build-arg S3RW_ACCESS_KEY="${S3RW_ACCESS_KEY}"
--build-arg S3RW_SECRET_KEY="${S3RW_SECRET_KEY}"
--build-arg CACHE_BUST=${PACKAGE_HASH}
--build-arg INTERNAL_TAG=${INTERNAL_TAG}
--build-arg JUG_VERSION=${INTERNAL_TAG}-$(git rev-parse HEAD)
......
......@@ -105,7 +105,7 @@ RUN rm -r /usr/local \
## or intermittently to keep the buildcache step from taking too much time
##
## Update the local build cache if needed. Consists of 3 steps:
## 1. Remove the B010 network buildcache (silicon)
## 1. Remove the eic-spack buildcache on S3
## 2. Get a list of all packages, and compare with what is already on
## the buildcache (using package hash)
## 3. Add packages that need to be added to buildcache if any
......@@ -118,15 +118,16 @@ RUN --mount=type=cache,target=/var/cache/spack-mirror \
|| spack install -j64 --no-check-signature \
|| spack install -j64 --no-check-signature \
|| status=$? \
&& spack mirror rm eic-spack \
&& [ -z "${CACHE_NUKE}" ] \
|| rm -rf /var/cache/spack-mirror/build_cache/* \
&& mkdir -p /var/cache/spack-mirror/build_cache \
&& spack buildcache update-index -d /var/cache/spack-mirror \
&& spack buildcache list --allarch --very-long \
| sed '/^$/d;/^--/d;s/@.\+//;s/\([a-z0-9]*\) \(.*\)/\2\/\1/' \
| sort > buildcache.local.txt \
| sort > buildcache.local.txt \
&& spack find --format {name}/{hash} | sort \
| comm -23 - buildcache.local.txt \
| comm -23 - buildcache.local.txt \
| xargs --no-run-if-empty \
spack buildcache create --allow-root --only package --unsigned \
--directory /var/cache/spack-mirror \
......@@ -135,8 +136,16 @@ RUN --mount=type=cache,target=/var/cache/spack-mirror \
&& exit $status
## Update the S3 build cache (without local cache mount)
ARG S3RW_ACCESS_KEY=""
ARG S3RW_SECRET_KEY=""
RUN cd /opt/spack-environment \
&& ls /var/cache/spack-mirror \
&& if [ -n ${S3RW_ACCESS_KEY} ] ; then \
spack mirror add --scope site \
--s3-endpoint-url https://eics3.sdcc.bnl.gov:9000 \
--s3-access-key-id ${S3RW_ACCESS_KEY} \
--s3-access-key-secret ${S3RW_SECRET_KEY} \
eic-spack s3://eictest/EPIC/spack \
&& spack mirror list \
&& spack buildcache update-index -mirror-name eic-spack \
&& spack buildcache list --allarch --very-long \
| sed '/^$/d;/^--/d;s/@.\+//;s/\([a-z0-9]*\) \(.*\)/\2\/\1/' \
......@@ -146,7 +155,10 @@ RUN cd /opt/spack-environment \
| xargs --no-run-if-empty \
spack buildcache create --allow-root --only package --unsigned \
--mirror-name eic-spack \
--rebuild-index
--rebuild-index \
&& spack mirror rm eic-spack \
; fi \
&& spack mirror list
## Extra post-spack steps:
## - Python packages
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment