小贝子编程

Packer:如何避免在CI/CD管道中提供ssh_private_key_file ?



我用ansible和terraform运行本地打包器,它工作得很好。

现在我想把这些包含在我的github动作ci/cd管道。

打包器hcl文件是这样的:

variable "do_token" {
type    = string
default = env("DO_PAT")
}
variable "pvt_key" {
type    = string
default = env("SSH_PVT_KEY")
}
packer {
required_plugins {
digitalocean = {
version = ">= 1.0.0"
source  = "github.com/hashicorp/digitalocean"
}
}
}
source "digitalocean" "example" {
api_token    = var.do_token
image        = "debian-11-x64"
region       = "ams3"
size         = "s-1vcpu-1gb"
ssh_username = "root"
monitoring = true
snapshot_name = "packer-{{timestamp}}"
droplet_name = "packer-build"
ssh_key_id = id
ssh_private_key_file = path/to/my/file
}

build {
sources = ["source.digitalocean.example"]
provisioner "file" {
source = "publickeypath"
destination = "/tmp/publickey.pub"
}

provisioner "ansible-local" {
playbook_file = "../ansible/playbook.yml"
extra_arguments= [ 
"-vvv",
"--extra-vars",
"'ansible_python_interpreter=/usr/bin/python3'"
]

}
}

我想为我的ssh私钥提供一个环境变量,而不是一个文件,所以我不需要把它上传到github…这可能吗?

同样对于公钥,是否可以提供一个环境变量并将其复制到一个文件(而不是构建提供程序文件)

谢谢

答案很简单:创建一个运行程序并返回"$ENV_VARIABLE"比;fileyouwant

- name: Make ssh private key from secret
run: |
echo "$PVT_KEY" > sshkey
env:
PVT_KEY: ${{ secrets.PVT_KEY }}

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium