Skip to content

Commit 751350b

Browse files
v1vv1v
authored
automation: fix release/snapshot env context (#204)
1 parent 22ca151 commit 751350b

File tree

1 file changed

+7
-6
lines changed

1 file changed

+7
-6
lines changed

.buildkite/hooks/pre-command

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -27,20 +27,21 @@ echo "--- Prepare keys context"
2727
VAULT_TOKEN=$(vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID_SECRET" secret_id="$VAULT_SECRET_ID_SECRET")
2828
export VAULT_TOKEN
2929

30-
# Signing keys
31-
vault read -field=key secret/release/signing >$KEY_FILE
32-
KEYPASS_SECRET=$(vault read -field=passphrase secret/release/signing)
33-
export KEYPASS_SECRET
34-
export KEY_ID_SECRET=D88E42B4
35-
3630
# Prepare a secure temp folder not shared between other jobs to store the key ring
3731
export TMP_WORKSPACE=/tmp/secured
3832
export KEY_FILE=$TMP_WORKSPACE"/private.key"
33+
3934
# Secure home for our keyring
4035
export GNUPGHOME=$TMP_WORKSPACE"/keyring"
4136
mkdir -p $GNUPGHOME
4237
chmod -R 700 $TMP_WORKSPACE
4338

39+
# Signing keys
40+
vault read -field=key secret/release/signing >$KEY_FILE
41+
KEYPASS_SECRET=$(vault read -field=passphrase secret/release/signing)
42+
export KEYPASS_SECRET
43+
export KEY_ID_SECRET=D88E42B4
44+
4445
# Import the key into the keyring
4546
echo "$KEYPASS_SECRET" | gpg --batch --import "$KEY_FILE"
4647

0 commit comments

Comments
 (0)