Skip to content

Commit d5bc7d5

Browse files
omvmikeomvmike
committed
Added Bitbucket pipelines examples to README.md,
1 parent 05e2311 commit d5bc7d5

File tree

2 files changed

+57
-3
lines changed

2 files changed

+57
-3
lines changed

README.md

+55
Original file line numberDiff line numberDiff line change
@@ -96,3 +96,58 @@ services:
9696
- ./secrets:/secrets
9797
- .:/tmp
9898
```
99+
100+
### Bitbucket pipelines samples
101+
102+
Sample of bitbucket-pipelines.yml file for GCP
103+
104+
105+
```yaml
106+
dev:
107+
- step:
108+
name: Obtain environment variables
109+
image: ghcr.io/omvmike/config-storage:gcp
110+
script:
111+
- export GCP_KEY_FILE=$KEY_FILE_BASE64
112+
- export GCS_BUCKET=my-bucket
113+
- export PATH_PREFIX=config-storage/dev
114+
- config-storage get .env api.env
115+
artifacts:
116+
- api.env
117+
```
118+
it will bethe same for AWS,
119+
just change image name to `ghcr.io/omvmike/config-storage:aws`
120+
and provide `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables instead of `GCP_KEY_FILE`
121+
122+
```yaml
123+
dev:
124+
- step:
125+
name: Obtain environment variables
126+
image: ghcr.io/omvmike/config-storage:aws
127+
script:
128+
- export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
129+
- export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
130+
- export AWS_BUCKET=my-bucket
131+
- export PATH_PREFIX=config-storage/dev
132+
- config-storage get .env api.env
133+
artifacts:
134+
- api.env
135+
```
136+
137+
For AWS you can use `oidc` option to get temporary credentials from AWS STS service.
138+
139+
140+
```yaml
141+
dev:
142+
- step:
143+
name: Obtain environment variables
144+
image: ghcr.io/omvmike/config-storage:aws
145+
oidc: true
146+
script:
147+
- export AWS_OIDC_ROLE_ARN=arn:aws:iam::123456789012:role/MyRoleName
148+
- export PATH_PREFIX=config-storage/dev
149+
- export AWS_BUCKET=my-bucket
150+
- config-storage get .env api.env
151+
artifacts:
152+
- api.env
153+
```

aws/aws-config-storage.sh

+2-3
Original file line numberDiff line numberDiff line change
@@ -122,7 +122,7 @@ fi
122122

123123

124124
if [ -n "$AWS_OIDC_ROLE_ARN" ] && [ -n "$BITBUCKET_STEP_OIDC_TOKEN" ]; then
125-
echo "Using Bitbucket OIDC Token for AWS Authentication"
125+
echo "Setting Bitbucket OIDC Token for AWS Authentication"
126126

127127
timestamp=$(date +%Y%m%d-%H%M%S)
128128
# Set the OIDC token and AWS Role ARN
@@ -144,12 +144,11 @@ if [ -n "$AWS_OIDC_ROLE_ARN" ] && [ -n "$BITBUCKET_STEP_OIDC_TOKEN" ]; then
144144
export AWS_SECRET_ACCESS_KEY
145145
AWS_SESSION_TOKEN=$(echo "$creds" | jq -r '.SessionToken')
146146
export AWS_SESSION_TOKEN
147-
echo "OIDC credentials set"
148147
fi
149148

150149

151150
echo "Using the following configuration:"
152-
echo "- AWS credentials: ${aws_profile:-AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY used}" ${AWS_SESSION_TOKEN:+"-- OIDC token used"}
151+
echo "- AWS credentials: ${aws_profile:-AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY used}" ${AWS_SESSION_TOKEN:+"-- given with OIDC"}
153152
echo "- bucket: $bucket"
154153
echo "- prefix: $prefix"
155154

0 commit comments

Comments
 (0)