From 1b56efed060e02513a8e42b0a8755def5e4a9b0b Mon Sep 17 00:00:00 2001 From: Martin Pitt Date: Mon, 11 Mar 2024 07:54:49 +0100 Subject: [PATCH] ansible: Define "image-download" job secret Tests will need that to download private (RHEL) images from the stores. For now this is the same directory as the upload secret, but at some point we should split them. --- ansible/roles/tasks-systemd/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ansible/roles/tasks-systemd/tasks/main.yml b/ansible/roles/tasks-systemd/tasks/main.yml index 49b3c648..a6055584 100644 --- a/ansible/roles/tasks-systemd/tasks/main.yml +++ b/ansible/roles/tasks-systemd/tasks/main.yml @@ -79,10 +79,15 @@ [container.secrets] # these are *host* paths, this is podman-remote + # FIXME: Split the upload/download secrets image-upload=[ '--volume=/var/lib/cockpit-secrets/tasks/s3-keys/:/run/secrets/s3-keys:ro', '--env=COCKPIT_S3_KEY_DIR=/run/secrets/s3-keys', ] + image-download=[ + '--volume=/var/lib/cockpit-secrets/tasks/s3-keys/:/run/secrets/s3-keys:ro', + '--env=COCKPIT_S3_KEY_DIR=/run/secrets/s3-keys', + ] github-token=[ '--volume=/var/lib/cockpit-secrets/webhook/.config--github-token:/run/secrets/github-token:ro', '--env=COCKPIT_GITHUB_TOKEN_FILE=/run/secrets/github-token',