[ci] Add ssh token for publishing gh-pages (#10338)

* [ci] Added ssh token for publishing gh-pages * changed ssh commands for gh-pages * return github_token back to vault secrets * check simnet-tests-quick without vault secrets * remove vault secrets from simnet jobs
2026-06-09 20:11:09 +00:00 · 2021-11-23 17:04:06 +01:00
parent f9122a870e
commit 67cd32f736
1 changed files with 10 additions and 7 deletions
@@ -204,6 +204,9 @@ default:
    GITHUB_PR_TOKEN:
      vault:                       cicd/gitlab/parity/GITHUB_PR_TOKEN@kv
      file:                        false
+    GITHUB_TOKEN:
+      vault:                       cicd/gitlab/parity/GITHUB_TOKEN@kv
+      file:                        false
    AWS_ACCESS_KEY_ID:
      vault:                       cicd/gitlab/$CI_PROJECT_PATH/AWS_ACCESS_KEY_ID@kv
      file:                        false
@@ -228,9 +231,9 @@ default:
    GITHUB_RELEASE_TOKEN:
      vault:                       cicd/gitlab/$CI_PROJECT_PATH/GITHUB_RELEASE_TOKEN@kv
      file:                        false
-    GITHUB_TOKEN:
-      vault:                       cicd/gitlab/$CI_PROJECT_PATH/GITHUB_TOKEN@kv
-      file:                        false
+    GITHUB_SSH_PRIV_KEY:
+      vault:                       cicd/gitlab/$CI_PROJECT_PATH/GITHUB_SSH_PRIV_KEY@kv
+      file:                        true
    GITHUB_USER:
      vault:                       cicd/gitlab/$CI_PROJECT_PATH/GITHUB_USER@kv
      file:                        false
@@ -809,12 +812,14 @@ publish-rustdoc:
    # Putting spaces at the front and back to ensure we are not matching just any substring, but the
    # whole space-separated value.
    - '[[ " ${RUSTDOCS_DEPLOY_REFS} " =~ " ${CI_COMMIT_REF_NAME} " ]] || exit 0'
+    # setup ssh
+    - apt-get update && apt-get install -y ssh
    - rm -rf /tmp/*
    # Set git config
-    - rm -rf .git/config
+    - git config core.sshCommand "ssh -i ${GITHUB_SSH_PRIV_KEY} -F /dev/null -o StrictHostKeyChecking=no"
    - git config user.email "devops-team@parity.io"
    - git config user.name "${GITHUB_USER}"
-    - git config remote.origin.url "https://${GITHUB_TOKEN}@github.com/paritytech/${CI_PROJECT_NAME}.git"
+    - git config remote.origin.url "git@github.com:/paritytech/${CI_PROJECT_NAME}.git"
    - git config remote.origin.fetch "+refs/heads/*:refs/remotes/origin/*"
    - git fetch origin gh-pages
    # Install `ejs` and generate index.html based on RUSTDOCS_DEPLOY_REFS
@@ -909,7 +914,6 @@ simnet-tests:
  stage:                           deploy
  image:                           docker.io/paritytech/simnet:${SIMNET_REF}
  <<:                              *kubernetes-env
-  <<:                              *vault-secrets
  rules:
    - if: $CI_PIPELINE_SOURCE == "pipeline"
      when: never
@@ -939,7 +943,6 @@ simnet-tests-quick:
  stage:                           deploy
  image:                           docker.io/paritytech/simnet:${SIMNET_REF}
  <<:                              *kubernetes-env
-  <<:                              *vault-secrets
  <<:                              *test-refs-no-trigger-prs-only
  variables:
    SIMNET_FEATURES:               "${SIMNET_FEATURES_PATH}/quick"