-
Notifications
You must be signed in to change notification settings - Fork 5
/
configure.sh
72 lines (60 loc) · 2.74 KB
/
configure.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/bin/bash
set -o errexit
set -o nounset
set -o pipefail
AWS_PARAMSTORE_SECRETS_VERBOSE="${AWS_PARAMSTORE_SECRETS_VERBOSE:-0}"
AWS_PARAMSTORE_SECRETS_DEFAULT_KEY="${AWS_PARAMSTORE_SECRETS_DEFAULT_KEY:-"global"}"
AWS_PARAMSTORE_SECRETS_SECRETS_PATH="${AWS_PARAMSTORE_SECRETS_PATH:-"/vendors/buildkite"}"
AWS_PARAMSTORE_SECRETS_GLOBAL_SSH="${AWS_PARAMSTORE_SECRETS_GLOBAL_SSH:-}"
mkdir -p /usr/local/buildkite-aws-stack/plugins/aws-paramstore-secrets
cat << EOF > /usr/local/buildkite-aws-stack/plugins/aws-paramstore-secrets/custom-defaults
export AWS_PARAMSTORE_SECRETS_VERBOSE="${AWS_PARAMSTORE_SECRETS_VERBOSE}"
export AWS_PARAMSTORE_SECRETS_DEFAULT_KEY="${AWS_PARAMSTORE_SECRETS_DEFAULT_KEY}"
export AWS_PARAMSTORE_SECRETS_SECRETS_PATH="${AWS_PARAMSTORE_SECRETS_SECRETS_PATH}"
export AWS_PARAMSTORE_SECRETS_GLOBAL_SSH="${AWS_PARAMSTORE_SECRETS_GLOBAL_SSH}"
EOF
# Install the hooks, repo first so pipeline can override the repo preset.
mkdir -p /etc/buildkite-agent/hooks
cat << 'EOF' >> /etc/buildkite-agent/hooks/environment
# --- Start AWS paramstore secrets plugin ---
# AWS_SSM_SECRETS_PLUGIN_ENABLED is typically configured in /var/lib/buildkite-agent/cfn-env
if [[ -n "${AWS_SSM_SECRETS_PLUGIN_ENABLED:-}" && "${AWS_SSM_SECRETS_PLUGIN_ENABLED:-}" == "1" ]]
then
source /usr/local/buildkite-aws-stack/plugins/aws-paramstore-secrets/hooks/environment
# clean up
for name in $(export | grep "AWS_PARAMSTORE_SECRETS_" | sed "s/=/ /g" | awk '{print $3}')
do
if [ $name = "AWS_PARAMSTORE_SECRETS_AUTH_SOCK" ] || [ $name = "AWS_PARAMSTORE_SECRETS_AGENT_PID" ]
then
continue
fi
unset $name
done
fi
# --- End AWS paramstore secrets plugin ---
EOF
cat << 'EOF' >> /etc/buildkite-agent/hooks/pre-exit
if [[ -n "${AWS_SSM_SECRETS_PLUGIN_ENABLED:-}" && "${AWS_SSM_SECRETS_PLUGIN_ENABLED:-}" == "1" ]]
then
source /usr/local/buildkite-aws-stack/plugins/aws-paramstore-secrets/hooks/pre-exit
fi
EOF
cat << 'EOF' >> /etc/buildkite-agent/hooks/pre-checkout
if [[ -n "${AWS_SSM_SECRETS_PLUGIN_ENABLED:-}" && "${AWS_SSM_SECRETS_PLUGIN_ENABLED:-}" == "1" ]]
then
source /usr/local/buildkite-aws-stack/plugins/aws-paramstore-secrets/hooks/pre-checkout
fi
EOF
cat << 'EOF' >> /etc/buildkite-agent/hooks/post-checkout
if [[ -n "${AWS_SSM_SECRETS_PLUGIN_ENABLED:-}" && "${AWS_SSM_SECRETS_PLUGIN_ENABLED:-}" == "1" ]]
then
source /usr/local/buildkite-aws-stack/plugins/aws-paramstore-secrets/hooks/post-checkout
fi
EOF
cat << 'EOF' >> /etc/buildkite-agent/hooks/post-command
if [[ -n "${AWS_SSM_SECRETS_PLUGIN_ENABLED:-}" && "${AWS_SSM_SECRETS_PLUGIN_ENABLED:-}" == "1" ]]
then
source /usr/local/buildkite-aws-stack/plugins/aws-paramstore-secrets/hooks/post-command
fi
EOF
chmod +x /etc/buildkite-agent/hooks/{post-checkout,pre-checkout,pre-exit,environment,post-command}