diff options
Diffstat (limited to 'share/spack/gitlab/cloud_pipelines/.gitlab-ci.yml')
-rw-r--r-- | share/spack/gitlab/cloud_pipelines/.gitlab-ci.yml | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/share/spack/gitlab/cloud_pipelines/.gitlab-ci.yml b/share/spack/gitlab/cloud_pipelines/.gitlab-ci.yml index 5860210b28..2467463d81 100644 --- a/share/spack/gitlab/cloud_pipelines/.gitlab-ci.yml +++ b/share/spack/gitlab/cloud_pipelines/.gitlab-ci.yml @@ -69,6 +69,7 @@ default: .base-job: variables: SPACK_BUILDCACHE_DESTINATION: "s3://spack-binaries/${CI_COMMIT_REF_NAME}/${SPACK_CI_STACK_NAME}" + rules: - if: $CI_COMMIT_REF_NAME == "develop" # Pipelines on develop only rebuild what is missing from the mirror @@ -79,6 +80,7 @@ default: SPACK_REQUIRE_SIGNING: "True" AWS_ACCESS_KEY_ID: ${PROTECTED_MIRRORS_AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY: ${PROTECTED_MIRRORS_AWS_SECRET_ACCESS_KEY} + OIDC_TOKEN_AUDIENCE: "protected_binary_mirror" - if: $CI_COMMIT_REF_NAME =~ /^releases\/v.*/ # Pipelines on release branches always rebuild everything when: always @@ -90,6 +92,7 @@ default: SPACK_REQUIRE_SIGNING: "True" AWS_ACCESS_KEY_ID: ${PROTECTED_MIRRORS_AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY: ${PROTECTED_MIRRORS_AWS_SECRET_ACCESS_KEY} + OIDC_TOKEN_AUDIENCE: "protected_binary_mirror" - if: $CI_COMMIT_TAG =~ /^develop-[\d]{4}-[\d]{2}-[\d]{2}$/ || $CI_COMMIT_TAG =~ /^v.*/ # Pipelines on tags (release or dev snapshots) only copy binaries from one mirror to another when: always @@ -99,6 +102,7 @@ default: SPACK_COPY_BUILDCACHE: "s3://spack-binaries/${CI_COMMIT_REF_NAME}" AWS_ACCESS_KEY_ID: ${PROTECTED_MIRRORS_AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY: ${PROTECTED_MIRRORS_AWS_SECRET_ACCESS_KEY} + OIDC_TOKEN_AUDIENCE: "protected_binary_mirror" - if: $CI_COMMIT_REF_NAME =~ /^pr[\d]+_.*$/ # Pipelines on PR branches rebuild only what's missing, and do extra pruning when: always @@ -109,6 +113,7 @@ default: SPACK_PRUNE_UNTOUCHED_DEPENDENT_DEPTH: "1" AWS_ACCESS_KEY_ID: ${PR_MIRRORS_AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY: ${PR_MIRRORS_AWS_SECRET_ACCESS_KEY} + OIDC_TOKEN_AUDIENCE: "pr_binary_mirror" .generate-common: stage: generate @@ -225,6 +230,9 @@ protected-publish: - curl -fLsS https://spack.github.io/keys/spack-public-binary-key.pub -o /tmp/spack-public-binary-key.pub - aws s3 cp /tmp/spack-public-binary-key.pub "${SPACK_COPY_BUILDCACHE}/build_cache/_pgp/spack-public-binary-key.pub" - spack buildcache update-index --keys "${SPACK_COPY_BUILDCACHE}" + id_tokens: + GITLAB_OIDC_TOKEN: + aud: "${OIDC_TOKEN_AUDIENCE}" ######################################## # TEMPLATE FOR ADDING ANOTHER PIPELINE |