On Tue, Nov 20, 2018 at 01:39:55PM +0000, Neil Williams wrote:
On Tue, 20 Nov 2018 at 13:07, Axel Lebourhis axel.lebourhis@linaro.org wrote:
OK thank you for this example. In my job definition I have something like this :
Tokens are available in the test shell, as per the documentation, as a parameter.
If you call your secret TOKEN in the test job definition then TOKEN will be available in the script called by the test shell action.
- test namespace... . . . definitions: - repository: https://<link to private git repo> from: git .......
How do I use the token in this case ?
You can't. You would need to embed the TOKEN in the URL which defeats the object.
Add a previous test shell definition which accesses the TOKEN and then does the git clone as a command in a script from a public git repository.
Alternatively, change the network topology to allow the worker to access the private git repo without needing any tokens. e.g. in some labs, each worker is whitelisted so that any access from that IP is deemed to already be authorised for selected private URLs.
Or if you can't control that (e.g. remote public git server like github), embed ssh keys into your test images, or have the image grab those keys from a restricted location on your network.
There are quite a few possibilities - it depends on how complicated your needs are, and how ingenious you can be. :-)
Cheers,