Use a GitHub credential for tagging a release.

PiperOrigin-RevId: 281617882
2019-11-20 15:28:02 -08:00 · 2019-11-20 15:28:02 -08:00 · b6a00aa375
parent 012102eefd
commit b6a00aa375
2 changed files with 25 additions and 0 deletions
--- a/kokoro/release.cfg
+++ b/kokoro/release.cfg
@ -1 +1,15 @@
 build_file: "repo/scripts/release.sh"
+
+before_action {
+  fetch_keystore {
+    keystore_resource {
+      keystore_config_id: 73898
+      keyname: "kokoro-github-access-token"
+    }
+  }
+}
+
+env_vars {
+  key: "KOKORO_GITHUB_ACCESS_TOKEN"
+  value: "73898_kokoro-github-access-token"
+}
--- a/scripts/release.sh
+++ b/scripts/release.sh
@ -34,5 +34,16 @@ declare -r EMAIL=${EMAIL:-${KOKORO_RELEASE_AUTHOR}@google.com}
 git config --get user.name || git config user.name "gVisor-bot"
 git config --get user.email || git config user.email "${EMAIL}"

+# Provide a credential if available.
+if [[ -v KOKORO_GITHUB_ACCESS_TOKEN ]]; then
+  git config --global credential.helper cache
+  git credential approve <<EOF
+protocol=https
+host=github.com
+username=$(cat "${KOKORO_KEYSTORE_DIR}/${KOKORO_GITHUB_ACCESS_TOKEN}")
+password=x-oauth-basic
+EOF
+fi
+
 # Run the release tool, which pushes to the origin repository.
 tools/tag_release.sh "${KOKORO_RELEASE_COMMIT}" "${KOKORO_RELEASE_TAG}"