CI: update kosli reports now staging/prod have their own api-tokens

cyber-dojo · Jan 8, 2024 · ce84b73 · ce84b73
1 parent ddeae7f
commit ce84b73
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 27 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -20,9 +20,10 @@ jobs:
 
   build-test-push:
     needs: [pre-build]
-    uses: cyber-dojo/reusable-actions-workflows/.github/workflows/[email protected].1
+    uses: cyber-dojo/reusable-actions-workflows/.github/workflows/[email protected].5
     secrets:
       KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }}
+      KOSLI_API_TOKEN_STAGING: ${{ secrets.KOSLI_API_TOKEN_STAGING }}
       DOCKER_PASS: ${{ secrets.DOCKER_PASS }}
       DOCKER_USER: ${{ secrets.DOCKER_USER }}
       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
@@ -37,9 +38,10 @@ jobs:
 
   deploy-staging:
     needs: [pre-build, build-test-push]
-    uses: cyber-dojo/reusable-actions-workflows/.github/workflows/[email protected].2
+    uses: cyber-dojo/reusable-actions-workflows/.github/workflows/[email protected].5
     secrets:
       KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }}
+      KOSLI_API_TOKEN_STAGING: ${{ secrets.KOSLI_API_TOKEN_STAGING }}
     with:
       tagged_image: 244531986313.dkr.ecr.eu-central-1.amazonaws.com/saver:${{ needs.pre-build.outputs.image_tag }}
       AWS_ACCOUNT_ID: 244531986313
@@ -53,9 +55,10 @@ jobs:
 
   deploy-prod:
     needs: [pre-build, build-test-push, deploy-staging]
-    uses: cyber-dojo/reusable-actions-workflows/.github/workflows/[email protected].2
+    uses: cyber-dojo/reusable-actions-workflows/.github/workflows/[email protected].5
     secrets:
       KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }}
+      KOSLI_API_TOKEN_STAGING: ${{ secrets.KOSLI_API_TOKEN_STAGING }}
     with:
       tagged_image: 274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:${{ needs.pre-build.outputs.image_tag }}
       AWS_ACCOUNT_ID: 274425519734

diff --git a/sh/kosli.sh b/sh/kosli.sh
@@ -5,6 +5,7 @@ export KOSLI_FLOW=saver
 
 # KOSLI_ORG is set in CI
 # KOSLI_API_TOKEN is set in CI
+# KOSLI_API_TOKEN_STAGING is set in CI
 # KOSLI_HOST_STAGING is set in CI
 # KOSLI_HOST_PRODUCTION is set in CI
 # SNYK_TOKEN is set in CI
@@ -13,10 +14,12 @@ export KOSLI_FLOW=saver
 kosli_create_flow()
 {
   local -r hostname="${1}"
+  local -r api_token="${2}"
 
   kosli create flow "${KOSLI_FLOW}" \
     --description="Group/Kata model+persistence" \
     --host="${hostname}" \
+    --api-token="${api_token}" \
     --template=artifact,branch-coverage,snyk-scan \
     --visibility=public
 }
@@ -25,12 +28,14 @@ kosli_create_flow()
 kosli_report_artifact()
 {
   local -r hostname="${1}"
+  local -r api_token="${2}"
 
   pushd "$(root_dir)"  # So we don't need --repo-root flag
 
   kosli report artifact "$(artifact_name)" \
-      --artifact-type=docker \
-      --host="${hostname}"
+    --artifact-type=docker \
+    --host="${hostname}" \
+    --api-token="${api_token}"
 
   popd
 }
@@ -39,42 +44,49 @@ kosli_report_artifact()
 kosli_report_coverage_evidence()
 {
   local -r hostname="${1}"
+  local -r api_token="${2}"
 
   kosli report evidence artifact generic "$(artifact_name)" \
-      --artifact-type=docker \
-      --description="server & client branch-coverage reports" \
-      --name=branch-coverage \
-      --user-data="$(coverage_json_path)" \
-      --host="${hostname}"
+    --artifact-type=docker \
+    --description="server & client branch-coverage reports" \
+    --name=branch-coverage \
+    --user-data="$(coverage_json_path)" \
+    --host="${hostname}" \
+    --api-token="${api_token}"
 }
 
 # - - - - - - - - - - - - - - - - - - -
 kosli_report_snyk_evidence()
 {
   local -r hostname="${1}"
+  local -r api_token="${2}"
 
   kosli report evidence artifact snyk "$(artifact_name)" \
-      --artifact-type=docker \
-      --host="${hostname}" \
-      --name=snyk-scan \
-      --scan-results="$(root_dir)/snyk.json"
+    --artifact-type=docker \
+    --host="${hostname}" \
+    --api-token="${api_token}" \
+    --name=snyk-scan \
+    --scan-results="$(root_dir)/snyk.json"
 }
 
 # - - - - - - - - - - - - - - - - - - -
 kosli_assert_artifact()
 {
   local -r hostname="${1}"
+  local -r api_token="${2}"
 
   kosli assert artifact "$(artifact_name)" \
-      --artifact-type=docker \
-      --host="${hostname}"
+    --artifact-type=docker \
+    --host="${hostname}" \
+    --api-token="${api_token}"
 }
 
 # - - - - - - - - - - - - - - - - - - -
 kosli_expect_deployment()
 {
   local -r environment="${1}"
   local -r hostname="${2}"
+  local -r api_token="${3}"
 
   # In .github/workflows/main.yml deployment is its own job
   # and the image must be present to get its sha256 fingerprint.
@@ -84,24 +96,25 @@ kosli_expect_deployment()
     --artifact-type=docker \
     --description="Deployed to ${environment} in Github Actions pipeline" \
     --environment="${environment}" \
-    --host="${hostname}"
+    --host="${hostname}" \
+    --api-token="${api_token}"
 }
 
 # - - - - - - - - - - - - - - - - - - -
 on_ci_kosli_create_flow()
 {
   if on_ci; then
-    kosli_create_flow "${KOSLI_HOST_STAGING}"
-    kosli_create_flow "${KOSLI_HOST_PRODUCTION}"
+    kosli_create_flow "${KOSLI_HOST_STAGING}"    "${KOSLI_API_TOKEN_STAGING}"
+    kosli_create_flow "${KOSLI_HOST_PRODUCTION}" "${KOSLI_API_TOKEN}"
   fi
 }
 
 # - - - - - - - - - - - - - - - - - - -
 on_ci_kosli_report_artifact()
 {
   if on_ci; then
-    kosli_report_artifact "${KOSLI_HOST_STAGING}"
-    kosli_report_artifact "${KOSLI_HOST_PRODUCTION}"
+    kosli_report_artifact "${KOSLI_HOST_STAGING}"    "${KOSLI_API_TOKEN_STAGING}"
+    kosli_report_artifact "${KOSLI_HOST_PRODUCTION}" "${KOSLI_API_TOKEN}"
   fi
 }
 
@@ -110,8 +123,8 @@ on_ci_kosli_report_coverage_evidence()
 {
   if on_ci; then
     write_coverage_json
-    kosli_report_coverage_evidence "${KOSLI_HOST_STAGING}"
-    kosli_report_coverage_evidence "${KOSLI_HOST_PRODUCTION}"
+    kosli_report_coverage_evidence "${KOSLI_HOST_STAGING}"    "${KOSLI_API_TOKEN_STAGING}"
+    kosli_report_coverage_evidence "${KOSLI_HOST_PRODUCTION}" "${KOSLI_API_TOKEN}"
   fi
 }
 
@@ -125,17 +138,17 @@ on_ci_kosli_report_snyk_scan_evidence()
       --policy-path="$(root_dir)/.snyk"
     set -e
 
-    kosli_report_snyk_evidence "${KOSLI_HOST_STAGING}"
-    kosli_report_snyk_evidence "${KOSLI_HOST_PRODUCTION}"
+    kosli_report_snyk_evidence "${KOSLI_HOST_STAGING}"    "${KOSLI_API_TOKEN_STAGING}"
+    kosli_report_snyk_evidence "${KOSLI_HOST_PRODUCTION}" "${KOSLI_API_TOKEN}"
   fi
 }
 
 # - - - - - - - - - - - - - - - - - - -
 on_ci_kosli_assert_artifact()
 {
   if on_ci; then
-    kosli_assert_artifact "${KOSLI_HOST_STAGING}"
-    kosli_assert_artifact "${KOSLI_HOST_PRODUCTION}"
+    kosli_assert_artifact "${KOSLI_HOST_STAGING}"    "${KOSLI_API_TOKEN_STAGING}"
+    kosli_assert_artifact "${KOSLI_HOST_PRODUCTION}" "${KOSLI_API_TOKEN}"
   fi
 }