From 2ec72ff5e96283aafc218caaffd2a3e452ba8128 Mon Sep 17 00:00:00 2001 From: Martin Pitt Date: Mon, 11 Mar 2024 07:54:49 +0100 Subject: [PATCH] ansible: Define "image-download" job secret Tests will need that to download private (RHEL) images from the stores. For now this is the same directory as the upload secret, but at some point we should split them. --- ansible/roles/tasks-systemd/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ansible/roles/tasks-systemd/tasks/main.yml b/ansible/roles/tasks-systemd/tasks/main.yml index 49b3c648..a6055584 100644 --- a/ansible/roles/tasks-systemd/tasks/main.yml +++ b/ansible/roles/tasks-systemd/tasks/main.yml @@ -79,10 +79,15 @@ [container.secrets] # these are *host* paths, this is podman-remote + # FIXME: Split the upload/download secrets image-upload=[ '--volume=/var/lib/cockpit-secrets/tasks/s3-keys/:/run/secrets/s3-keys:ro', '--env=COCKPIT_S3_KEY_DIR=/run/secrets/s3-keys', ] + image-download=[ + '--volume=/var/lib/cockpit-secrets/tasks/s3-keys/:/run/secrets/s3-keys:ro', + '--env=COCKPIT_S3_KEY_DIR=/run/secrets/s3-keys', + ] github-token=[ '--volume=/var/lib/cockpit-secrets/webhook/.config--github-token:/run/secrets/github-token:ro', '--env=COCKPIT_GITHUB_TOKEN_FILE=/run/secrets/github-token',