From 1864839e205452e536418b98baaad9ee0ea44579 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Wed, 17 Jul 2024 16:49:03 +0200 Subject: [PATCH] fix(gerrit): make buildbot able to read the priv ssh key Signed-off-by: Raito Bezarius --- buildbot_nix/__init__.py | 8 ++++---- nix/coordinator.nix | 3 ++- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/buildbot_nix/__init__.py b/buildbot_nix/__init__.py index 6f2435c..c5673a4 100644 --- a/buildbot_nix/__init__.py +++ b/buildbot_nix/__init__.py @@ -597,15 +597,15 @@ def nix_build_config( factory=factory, ) - -def read_secret_file(secret_name: str) -> str: +def assemble_secret_file_path(secret_name: str) -> Path: directory = os.environ.get("CREDENTIALS_DIRECTORY") if directory is None: print("directory not set", file=sys.stderr) sys.exit(1) - return Path(directory).joinpath(secret_name).read_text().rstrip() - + return Path(directory).joinpath(secret_name) +def read_secret_file(secret_name: str) -> str: + return assemble_secret_file_path(secret_name).read_text().rstrip() def config_for_project( config: dict[str, Any], diff --git a/nix/coordinator.nix b/nix/coordinator.nix index 06cd0c2..008cbf4 100644 --- a/nix/coordinator.nix +++ b/nix/coordinator.nix @@ -209,7 +209,7 @@ in "${cfg.gerrit.domain}", "${cfg.gerrit.username}", "${toString cfg.gerrit.port}", - "${cfg.gerrit.privateKeyFile}", + assemble_secret_file_path('buildbot-service-private-key'), projects=${builtins.toJSON cfg.gerrit.projects}, allowed_origins=${builtins.toJSON cfg.allowedOrigins}, url=${builtins.toJSON config.services.buildbot-master.buildbotUrl}, @@ -269,6 +269,7 @@ in LoadCredential = [ "buildbot-nix-workers:${cfg.workersFile}" "buildbot-oauth2-secret:${cfg.oauth2.clientSecretFile}" + "buildbot-service-private-key:${cfg.gerrit.privateKeyFile}" ]; }; };