Remove configuration of github oauth token for jenkins

9c14813c · Jesse Zoldak · 9adac2da · 9c14813c · 9c14813c · 9adac2da
Commit 9c14813c authored Oct 29, 2015 by Jesse Zoldak
6 changed files
--- a/playbooks/roles/jenkins_worker/tasks/python_platform_worker.yml
+++ b/playbooks/roles/jenkins_worker/tasks/python_platform_worker.yml
 ---

-# Install scripts requiring a GitHub OAuth token
- name: Install requests Python library
-  pip: name=requests state=present
-
- fail: OAuth token not defined
-  when: github_oauth_token is not defined
-
- name: Install Python GitHub post status script
-  template: src="github_post_status.py.j2" dest="/usr/local/bin/github_post_status.py"
-            owner=root group=root
-            mode=755
-
 # Create a virtualenv for edx-platform by installing the requirements
 # and packaging the virtualenv.
 # A shallow clone is created off of master. The depth setting

--- a/playbooks/roles/jenkins_worker/tasks/test_platform_worker.yml
+++ b/playbooks/roles/jenkins_worker/tasks/test_platform_worker.yml
@@ -25,16 +25,6 @@
    that:
      - "'28.0' in firefox_version.stdout"

-# The role is run with a github oauth token passed in
-# as github_oauth_token var value.
-# This test confirms that the key being used will work
- name: ensure github token works
-  shell:
-    "github_post_status.py edx edx-platform
-    dddac0b5dddf00c0950daf324e603e4935994954 success
-    https://jenkins.testeng.edx.org/ \"Tests Passed\" \"CI Test Results\""
-
-
 # Verify the virtualenv tar is newly-built
 - name: Get info on virtualenv tar
  stat: path={{ jenkins_home }}/edx-venv_clean.tar.gz

--- a/playbooks/roles/jenkins_worker/templates/github_post_status.py.j2
+++ b/playbooks/roles/jenkins_worker/templates/github_post_status.py.j2
-#!/usr/bin/env python
-
-"""
-Update the status of a GitHub commit.
-"""
-
-import sys
-import requests
-import json
-from textwrap import dedent
-
-# The Ansible script will fill in the GitHub OAuth token.
-# That way, we can give the jenkins user on the worker
-# execute-only access to this script, ensuring that
-# the jenkins user cannot retrieve the token.
-GITHUB_OAUTH_TOKEN = "{{ github_oauth_token }}"
-
-USAGE = "Usage: {0} ORG REPO SHA STATUS TARGET_URL DESCRIPTION CONTEXT"
-
-VALID_STATUS_LIST = ['pending', 'success', 'error', 'failure']
-
-
-def parse_args(arg_list):
-    """
-    Parse the list of arguments, returning a dict.
-    Prints an error message and exits if the arguments are invalid.
-    """
-    if len(arg_list) != 8:
-        print USAGE.format(arg_list[0])
-        exit(1)
-
-    # Check that the build status is valid
-    status = arg_list[4]
-    if not status in VALID_STATUS_LIST:
-        print "Invalid status: must be one of {0}".format(", ".join(VALID_STATUS_LIST))
-        exit(1)
-
-    return {
-        'org': arg_list[1],
-        'repo': arg_list[2],
-        'sha': arg_list[3],
-        'status': arg_list[4],
-        'target_url': arg_list[5],
-        'description': arg_list[6],
-        'context': arg_list[7],
-    }
-
-
-def post_status(org, repo, sha, status, target_url, description, context):
-    """
-    Post a new status to GitHub.
-    See http://developer.github.com/v3/repos/statuses/ for details.
-
-    Prints an error message and exits if unsuccessful.
-    """
-    url = "https://api.github.com/repos/{0}/{1}/statuses/{2}?access_token={3}".format(
-        org, repo, sha, GITHUB_OAUTH_TOKEN
-    )
-
-    params = {
-        'state': status,
-        'target_url': target_url,
-        'description': description,
-        'context': context,
-    }
-
-    response = requests.post(url, data=json.dumps(params))
-
-    if response.status_code != 201:
-        print dedent("""
-            Could not post status:
-            HTTP response code is {0}
-            Content: {1}
-        """).format(response.status_code, response.text).strip()
-        exit(1)
-
-
-def main():
-    """
-    Post the status to GitHub.
-    """
-    if not GITHUB_OAUTH_TOKEN:
-        print "No GitHub Oauth token configured."
-        exit(1)
-
-    arg_dict = parse_args(sys.argv)
-    post_status(
-        arg_dict['org'], arg_dict['repo'],
-        arg_dict['sha'], arg_dict['status'],
-        arg_dict['target_url'], arg_dict['description'],
-        arg_dict['context'],
-    )
-
-
-if __name__ == "__main__":
-    main()
--- a/util/packer/jenkins_worker.json
+++ b/util/packer/jenkins_worker.json
@@ -2,7 +2,6 @@
  "variables": {
    "aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
    "aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
-    "github_oauth_token": "{{env `GITHUB_TOKEN`}}",
    "playbook_remote_dir": "/tmp/packer-edx-playbooks",
    "ami": "{{env `JENKINS_WORKER_AMI`}}"
  },
@@ -56,7 +55,7 @@
      "pip install -q -r requirements.txt",
      "echo '[jenkins_worker]' > inventory.ini",
      "echo 'localhost' >> inventory.ini",
-      "ansible-playbook edx-east/jenkins_worker.yml -i inventory.ini -c local -e 'github_oauth_token={{ user `github_oauth_token` }}' -vvvv"]
+      "ansible-playbook edx-east/jenkins_worker.yml -i inventory.ini -c local -vvvv"]
  }, {
    "type": "shell",
    "inline": ["cd {{user `playbook_remote_dir`}}",

--- a/util/packer/jenkins_worker_simple.json
+++ b/util/packer/jenkins_worker_simple.json
@@ -2,7 +2,6 @@
  "variables": {
    "aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
    "aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
-    "github_oauth_token": "{{env `GITHUB_TOKEN`}}",
    "playbook_remote_dir": "/tmp/packer-edx-playbooks",
    "ami": "{{env `JENKINS_WORKER_AMI`}}"
  },

--- a/util/packer/jenkins_worker_sitespeedio.json
+++ b/util/packer/jenkins_worker_sitespeedio.json
@@ -2,7 +2,6 @@
  "variables": {
    "aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
    "aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
-    "github_oauth_token": "{{env `GITHUB_TOKEN`}}",
    "playbook_remote_dir": "/tmp/packer-edx-playbooks",
    "ami": "{{env `JENKINS_WORKER_AMI`}}"
  },