From jira at ovirt-jira.atlassian.net Tue Jan 30 13:25:20 2018
Content-Type: multipart/mixed; boundary="===============8349082240067829170=="
MIME-Version: 1.0
From: Barak Korren (oVirt JIRA) <jira at ovirt-jira.atlassian.net>
To: infra at ovirt.org
Subject: [JIRA] (OVIRT-1867) Allow embedded secrets inside the source repo for
 CI
Date: Tue, 30 Jan 2018 13:25:18 +0000
Message-ID: <JIRA.33417.1517308592000.bf0de9a9-8026-4191-8bfd-df8d91aaca01.1517318717840@Atlassian.JIRA>
In-Reply-To: JIRA.33417.1517308592000@Atlassian.JIRA

--===============8349082240067829170==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

This is a multi-part message in MIME format...

------------=3D_1517318718-26640-235
Content-Type: text/plain; charset=3DUTF-8
Content-Transfer-Encoding: 7bit


     [ https://ovirt-jira.atlassian.net/browse/OVIRT-1867?page=3Dcom.atlass=
ian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Barak Korren updated OVIRT-1867:
--------------------------------
     Epic Link: OVIRT-400
    Issue Type: New Feature  (was: By-EMAIL)

> Allow embedded secrets inside the source repo for CI
> ----------------------------------------------------
>
>                 Key: OVIRT-1867
>                 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1867
>             Project: oVirt - virtualization made easy
>          Issue Type: New Feature
>          Components: Standard CI (Pipelines), STDCI DSL
>            Reporter: Roman Mohr
>            Assignee: infra
>
> In order to improve the self-service capabilities of standard-ci it is
> important for projects, that they can add their own secrets to projects (=
to
> reach external services, e.g. docker hub, ...).
> Travis has a very nice system which helps engineers there:
> https://docs.travis-ci.com/user/encryption-keys/
> Basically the CI system needs to generate a public/private key pair for
> every enabled git repo. The engineer simply fetches the public key via a
> well know URL and encrypts the secrets. Then the encrypted secret can be
> made part of the source repo. Before the tests are run the CI system
> decrypts the secrets. Than can play together pretty well with Jenkinsfiles
> too.
> Benefit:
>  * Less manual intervention from CI team to add secrets to jobs
>  * Strengthen the config-in-code thinking



--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100077)

------------=3D_1517318718-26640-235
Content-Type: text/html; charset=3D"UTF-8"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

<html><body>
<pre>[ https://ovirt-jira.atlassian.net/browse/OVIRT-1867?page=3Dcom.atlass=
ian.jira.plugin.system.issuetabpanels:all-tabpanel ]</pre>
<h3>Barak Korren updated OVIRT-1867:</h3>
<pre> Epic Link: OVIRT-400
Issue Type: New Feature  (was: By-EMAIL)</pre>
<blockquote><h3>Allow embedded secrets inside the source repo for CI</h3>
<pre>     Key: OVIRT-1867
     URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1867
 Project: oVirt - virtualization made easy
         Issue Type: New Feature
         Components: Standard CI (Pipelines), STDCI DSL
Reporter: Roman Mohr
Assignee: infra</pre>
<p>In order to improve the self-service capabilities of standard-ci it is i=
mportant for projects, that they can add their own secrets to projects (to =
reach external services, e.g. docker hub, &hellip;). Travis has a very nice=
 system which helps engineers there: <a href=3D"https://docs.travis-ci.com/=
user/encryption-keys/">https://docs.travis-ci.com/user/encryption-keys/</a>=
 Basically the CI system needs to generate a public/private key pair for ev=
ery enabled git repo. The engineer simply fetches the public key via a well=
 know URL and encrypts the secrets. Then the encrypted secret can be made p=
art of the source repo. Before the tests are run the CI system decrypts the=
 secrets. Than can play together pretty well with Jenkinsfiles too. Benefit=
:</p>
<pre>* Less manual intervention from CI team to add secrets to jobs
* Strengthen the config-in-code thinking</pre></blockquote>
<p>&mdash; This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#1000=
77)</p>

<img src=3D"https://u4043402.ct.sendgrid.net/wf/open?upn=3Di5TMWGV99amJbNxJ=
pSp2-2BJ33BSM3tuiUfRTk64K-2BOjGpF-2BuMzoJRRB1ifzZIErtIxTccLy521zz7OxZViB5mn=
pbbwYJFz6flgevXOzUJVH-2FqBqvcqqqKIp3p4OcyDFOsRwvaLk1r7X8JpLEbbYtQ-2F8se-2FA=
oG3NqMy6MEF960fM4WCfArIPipDAxV3I9QtDxwIZkeNWD9yApPsdJra3V4NT7hIOoTif46hN9A2=
Na-2BIseHngSSOzrSPo87Xs5dlTOp6sYNZMZj3iqtpI96uc7B2K5YzI1acQzMvG-2Bi-2Btitm0=
G37vw842gz41X8MkrwwoRsuWMwzmoZJg9qTJqpg7RdpeWpOV9uKRJq-2FhMJHjoCyecPLQ9sK2U=
8cuc99WD-2BdMMpZ9N3keIp4Xx86bX5jjByX1GAZdkss0M-2BO1PisPfvD8For8ftmpW18233Mx=
1Rr4-2FI" alt=3D"" width=3D"1" height=3D"1" border=3D"0" style=3D"height:1p=
x !important;width:1px !important;border-width:0 !important;margin-top:0 !i=
mportant;margin-bottom:0 !important;margin-right:0 !important;margin-left:0=
 !important;padding-top:0 !important;padding-bottom:0 !important;padding-ri=
ght:0 !important;padding-left:0 !important;"/>
</body></html>

------------=3D_1517318718-26640-235--

--===============8349082240067829170==
Content-Type: multipart/alternative
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="attachment.bin"

VGhpcyBpcyBhIG11bHRpLXBhcnQgbWVzc2FnZSBpbiBNSU1FIGZvcm1hdC4uLgoKLS0tLS0tLS0t
LS0tPV8xNTE3MzE4NzE4LTI2NjQwLTIzNQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJz
ZXQ9VVRGLTgKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdAoKCiAgICAgWyBodHRwczov
L292aXJ0LWppcmEuYXRsYXNzaWFuLm5ldC9icm93c2UvT1ZJUlQtMTg2Nz9wYWdlPWNvbS5hdGxh
c3NpYW4uamlyYS5wbHVnaW4uc3lzdGVtLmlzc3VldGFicGFuZWxzOmFsbC10YWJwYW5lbCBdCgpC
YXJhayBLb3JyZW4gdXBkYXRlZCBPVklSVC0xODY3OgotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQogICAgIEVwaWMgTGluazogT1ZJUlQtNDAwCiAgICBJc3N1ZSBUeXBlOiBOZXcgRmVh
dHVyZSAgKHdhczogQnktRU1BSUwpCgo+IEFsbG93IGVtYmVkZGVkIHNlY3JldHMgaW5zaWRlIHRo
ZSBzb3VyY2UgcmVwbyBmb3IgQ0kKPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tCj4KPiAgICAgICAgICAgICAgICAgS2V5OiBPVklSVC0xODY3Cj4g
ICAgICAgICAgICAgICAgIFVSTDogaHR0cHM6Ly9vdmlydC1qaXJhLmF0bGFzc2lhbi5uZXQvYnJv
d3NlL09WSVJULTE4NjcKPiAgICAgICAgICAgICBQcm9qZWN0OiBvVmlydCAtIHZpcnR1YWxpemF0
aW9uIG1hZGUgZWFzeQo+ICAgICAgICAgIElzc3VlIFR5cGU6IE5ldyBGZWF0dXJlCj4gICAgICAg
ICAgQ29tcG9uZW50czogU3RhbmRhcmQgQ0kgKFBpcGVsaW5lcyksIFNURENJIERTTAo+ICAgICAg
ICAgICAgUmVwb3J0ZXI6IFJvbWFuIE1vaHIKPiAgICAgICAgICAgIEFzc2lnbmVlOiBpbmZyYQo+
Cj4gSW4gb3JkZXIgdG8gaW1wcm92ZSB0aGUgc2VsZi1zZXJ2aWNlIGNhcGFiaWxpdGllcyBvZiBz
dGFuZGFyZC1jaSBpdCBpcwo+IGltcG9ydGFudCBmb3IgcHJvamVjdHMsIHRoYXQgdGhleSBjYW4g
YWRkIHRoZWlyIG93biBzZWNyZXRzIHRvIHByb2plY3RzICh0bwo+IHJlYWNoIGV4dGVybmFsIHNl
cnZpY2VzLCBlLmcuIGRvY2tlciBodWIsIC4uLikuCj4gVHJhdmlzIGhhcyBhIHZlcnkgbmljZSBz
eXN0ZW0gd2hpY2ggaGVscHMgZW5naW5lZXJzIHRoZXJlOgo+IGh0dHBzOi8vZG9jcy50cmF2aXMt
Y2kuY29tL3VzZXIvZW5jcnlwdGlvbi1rZXlzLwo+IEJhc2ljYWxseSB0aGUgQ0kgc3lzdGVtIG5l
ZWRzIHRvIGdlbmVyYXRlIGEgcHVibGljL3ByaXZhdGUga2V5IHBhaXIgZm9yCj4gZXZlcnkgZW5h
YmxlZCBnaXQgcmVwby4gVGhlIGVuZ2luZWVyIHNpbXBseSBmZXRjaGVzIHRoZSBwdWJsaWMga2V5
IHZpYSBhCj4gd2VsbCBrbm93IFVSTCBhbmQgZW5jcnlwdHMgdGhlIHNlY3JldHMuIFRoZW4gdGhl
IGVuY3J5cHRlZCBzZWNyZXQgY2FuIGJlCj4gbWFkZSBwYXJ0IG9mIHRoZSBzb3VyY2UgcmVwby4g
QmVmb3JlIHRoZSB0ZXN0cyBhcmUgcnVuIHRoZSBDSSBzeXN0ZW0KPiBkZWNyeXB0cyB0aGUgc2Vj
cmV0cy4gVGhhbiBjYW4gcGxheSB0b2dldGhlciBwcmV0dHkgd2VsbCB3aXRoIEplbmtpbnNmaWxl
cwo+IHRvby4KPiBCZW5lZml0Ogo+ICAqIExlc3MgbWFudWFsIGludGVydmVudGlvbiBmcm9tIENJ
IHRlYW0gdG8gYWRkIHNlY3JldHMgdG8gam9icwo+ICAqIFN0cmVuZ3RoZW4gdGhlIGNvbmZpZy1p
bi1jb2RlIHRoaW5raW5nCgoKCi0tClRoaXMgbWVzc2FnZSB3YXMgc2VudCBieSBBdGxhc3NpYW4g
SmlyYQoodjEwMDEuMC4wLVNOQVBTSE9UIzEwMDA3NykKCi0tLS0tLS0tLS0tLT1fMTUxNzMxODcx
OC0yNjY0MC0yMzUKQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9IlVURi04IgpDb250
ZW50LURpc3Bvc2l0aW9uOiBpbmxpbmUKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdAoK
PGh0bWw+PGJvZHk+CjxwcmU+WyBodHRwczovL292aXJ0LWppcmEuYXRsYXNzaWFuLm5ldC9icm93
c2UvT1ZJUlQtMTg2Nz9wYWdlPWNvbS5hdGxhc3NpYW4uamlyYS5wbHVnaW4uc3lzdGVtLmlzc3Vl
dGFicGFuZWxzOmFsbC10YWJwYW5lbCBdPC9wcmU+CjxoMz5CYXJhayBLb3JyZW4gdXBkYXRlZCBP
VklSVC0xODY3OjwvaDM+CjxwcmU+IEVwaWMgTGluazogT1ZJUlQtNDAwCklzc3VlIFR5cGU6IE5l
dyBGZWF0dXJlICAod2FzOiBCeS1FTUFJTCk8L3ByZT4KPGJsb2NrcXVvdGU+PGgzPkFsbG93IGVt
YmVkZGVkIHNlY3JldHMgaW5zaWRlIHRoZSBzb3VyY2UgcmVwbyBmb3IgQ0k8L2gzPgo8cHJlPiAg
ICAgS2V5OiBPVklSVC0xODY3CiAgICAgVVJMOiBodHRwczovL292aXJ0LWppcmEuYXRsYXNzaWFu
Lm5ldC9icm93c2UvT1ZJUlQtMTg2NwogUHJvamVjdDogb1ZpcnQgLSB2aXJ0dWFsaXphdGlvbiBt
YWRlIGVhc3kKICAgICAgICAgSXNzdWUgVHlwZTogTmV3IEZlYXR1cmUKICAgICAgICAgQ29tcG9u
ZW50czogU3RhbmRhcmQgQ0kgKFBpcGVsaW5lcyksIFNURENJIERTTApSZXBvcnRlcjogUm9tYW4g
TW9ocgpBc3NpZ25lZTogaW5mcmE8L3ByZT4KPHA+SW4gb3JkZXIgdG8gaW1wcm92ZSB0aGUgc2Vs
Zi1zZXJ2aWNlIGNhcGFiaWxpdGllcyBvZiBzdGFuZGFyZC1jaSBpdCBpcyBpbXBvcnRhbnQgZm9y
IHByb2plY3RzLCB0aGF0IHRoZXkgY2FuIGFkZCB0aGVpciBvd24gc2VjcmV0cyB0byBwcm9qZWN0
cyAodG8gcmVhY2ggZXh0ZXJuYWwgc2VydmljZXMsIGUuZy4gZG9ja2VyIGh1YiwgJmhlbGxpcDsp
LiBUcmF2aXMgaGFzIGEgdmVyeSBuaWNlIHN5c3RlbSB3aGljaCBoZWxwcyBlbmdpbmVlcnMgdGhl
cmU6IDxhIGhyZWY9Imh0dHBzOi8vZG9jcy50cmF2aXMtY2kuY29tL3VzZXIvZW5jcnlwdGlvbi1r
ZXlzLyI+aHR0cHM6Ly9kb2NzLnRyYXZpcy1jaS5jb20vdXNlci9lbmNyeXB0aW9uLWtleXMvPC9h
PiBCYXNpY2FsbHkgdGhlIENJIHN5c3RlbSBuZWVkcyB0byBnZW5lcmF0ZSBhIHB1YmxpYy9wcml2
YXRlIGtleSBwYWlyIGZvciBldmVyeSBlbmFibGVkIGdpdCByZXBvLiBUaGUgZW5naW5lZXIgc2lt
cGx5IGZldGNoZXMgdGhlIHB1YmxpYyBrZXkgdmlhIGEgd2VsbCBrbm93IFVSTCBhbmQgZW5jcnlw
dHMgdGhlIHNlY3JldHMuIFRoZW4gdGhlIGVuY3J5cHRlZCBzZWNyZXQgY2FuIGJlIG1hZGUgcGFy
dCBvZiB0aGUgc291cmNlIHJlcG8uIEJlZm9yZSB0aGUgdGVzdHMgYXJlIHJ1biB0aGUgQ0kgc3lz
dGVtIGRlY3J5cHRzIHRoZSBzZWNyZXRzLiBUaGFuIGNhbiBwbGF5IHRvZ2V0aGVyIHByZXR0eSB3
ZWxsIHdpdGggSmVua2luc2ZpbGVzIHRvby4gQmVuZWZpdDo8L3A+CjxwcmU+KiBMZXNzIG1hbnVh
bCBpbnRlcnZlbnRpb24gZnJvbSBDSSB0ZWFtIHRvIGFkZCBzZWNyZXRzIHRvIGpvYnMKKiBTdHJl
bmd0aGVuIHRoZSBjb25maWctaW4tY29kZSB0aGlua2luZzwvcHJlPjwvYmxvY2txdW90ZT4KPHA+
Jm1kYXNoOyBUaGlzIG1lc3NhZ2Ugd2FzIHNlbnQgYnkgQXRsYXNzaWFuIEppcmEgKHYxMDAxLjAu
MC1TTkFQU0hPVCMxMDAwNzcpPC9wPgoKPGltZyBzcmM9Imh0dHBzOi8vdTQwNDM0MDIuY3Quc2Vu
ZGdyaWQubmV0L3dmL29wZW4/dXBuPWk1VE1XR1Y5OWFtSmJOeEpwU3AyLTJCSjMzQlNNM3R1aVVm
UlRrNjRLLTJCT2pHcEYtMkJ1TXpvSlJSQjFpZnpaSUVydEl4VGNjTHk1MjF6ejdPeFpWaUI1bW5w
YmJ3WUpGejZmbGdldlhPelVKVkgtMkZxQnF2Y3FxcUtJcDNwNE9jeURGT3NSd3ZhTGsxcjdYOEpw
TEViYll0US0yRjhzZS0yRkFvRzNOcU15Nk1FRjk2MGZNNFdDZkFySVBpcERBeFYzSTlRdER4d0la
a2VOV0Q5eUFwUHNkSnJhM1Y0TlQ3aElPb1RpZjQ2aE45QTJOYS0yQklzZUhuZ1NTT3pyU1BvODdY
czVkbFRPcDZzWU5aTVpqM2lxdHBJOTZ1YzdCMks1WXpJMWFjUXpNdkctMkJpLTJCdGl0bTBHMzd2
dzg0Mmd6NDFYOE1rcnd3b1JzdVdNd3ptb1pKZzlxVEpxcGc3UmRwZVdwT1Y5dUtSSnEtMkZoTUpI
am9DeWVjUExROXNLMlU4Y3VjOTlXRC0yQmRNTXBaOU4za2VJcDRYeDg2Ylg1ampCeVgxR0FaZGtz
czBNLTJCTzFQaXNQZnZEOEZvcjhmdG1wVzE4MjMzTXgxUnI0LTJGSSIgYWx0PSIiIHdpZHRoPSIx
IiBoZWlnaHQ9IjEiIGJvcmRlcj0iMCIgc3R5bGU9ImhlaWdodDoxcHggIWltcG9ydGFudDt3aWR0
aDoxcHggIWltcG9ydGFudDtib3JkZXItd2lkdGg6MCAhaW1wb3J0YW50O21hcmdpbi10b3A6MCAh
aW1wb3J0YW50O21hcmdpbi1ib3R0b206MCAhaW1wb3J0YW50O21hcmdpbi1yaWdodDowICFpbXBv
cnRhbnQ7bWFyZ2luLWxlZnQ6MCAhaW1wb3J0YW50O3BhZGRpbmctdG9wOjAgIWltcG9ydGFudDtw
YWRkaW5nLWJvdHRvbTowICFpbXBvcnRhbnQ7cGFkZGluZy1yaWdodDowICFpbXBvcnRhbnQ7cGFk
ZGluZy1sZWZ0OjAgIWltcG9ydGFudDsiLz4KPC9ib2R5PjwvaHRtbD4KCi0tLS0tLS0tLS0tLT1f
MTUxNzMxODcxOC0yNjY0MC0yMzUtLQo=

--===============8349082240067829170==--