skolo/ansible/switchboard/build_and_release_metadata_server_ansible.yml - buildbot - Git at Google

 # Builds and uploads to CIPD the metadata_server_ansible binary.
 # That CIPD binary is used by the install_metadata_server role.
 - hosts: jumphosts
   gather_facts: false

   tasks:
     - name: make temporary directory for secrets and trigger `clean_up_tempfile`
       delegate_to: 127.0.0.1
       run_once: true
       tempfile:
         state: directory
       register: secrets_dir
       notify: clean_up_tempfile

     - name: set service account key location fact
       delegate_to: 127.0.0.1
       run_once: true
       set_fact:
         service_account_key_filename: '{{ secrets_dir.path }}/key.json'
         internal_service_account_key_filename:
           '{{ secrets_dir.path }}/internal_key.json'

     - name: Extract service account key
       delegate_to: 127.0.0.1
       run_once: true
       command:
         argv:
           - '{{ all.repo_root }}/kube/secrets/get-secret-at-path.sh'
           - etc
           - chromium-swarm-bots
           - '.data."key.json"'
           - '{{ service_account_key_filename }}'
         creates: '{{ service_account_key_filename }}'

     - name: Extract internal service account key
       delegate_to: 127.0.0.1
       run_once: true
       command:
         argv:
           - '{{ all.repo_root }}/kube/secrets/get-secret-at-path.sh'
           - etc
           - chrome-swarming-bots
           - '.data."key.json"'
           - '{{ internal_service_account_key_filename }}'
         creates: '{{ internal_service_account_key_filename }}'

     - name:
         Build and release metadata_server_ansible for the target machine with
         the service account key embedded.
       delegate_to: 127.0.0.1
       run_once: true
       make:
         chdir: '{{ all.repo_root }}/skolo/'
         target: 'release_metadata_server_ansible'
         params:
           # Pass the service account keys base64 encoded so they don't mess up the
           # Go compile command line.
           SERVICE_ACCOUNT_KEY:
             "{{ lookup('file', service_account_key_filename) | b64encode }}"
           INTERNAL_SERVICE_ACCOUNT_KEY:
             "{{ lookup('file', internal_service_account_key_filename) |
             b64encode }}"

   handlers:
     - name: clean_up_tempfile
       delegate_to: 127.0.0.1
       file:
         path: '{{ secrets_dir.path }}'
         state: absent
	# Builds and uploads to CIPD the metadata_server_ansible binary.
	# That CIPD binary is used by the install_metadata_server role.
	- hosts: jumphosts
	gather_facts: false

	tasks:
	- name: make temporary directory for secrets and trigger `clean_up_tempfile`
	delegate_to: 127.0.0.1
	run_once: true
	tempfile:
	state: directory
	register: secrets_dir
	notify: clean_up_tempfile

	- name: set service account key location fact
	delegate_to: 127.0.0.1
	run_once: true
	set_fact:
	service_account_key_filename: '{{ secrets_dir.path }}/key.json'
	internal_service_account_key_filename:
	'{{ secrets_dir.path }}/internal_key.json'

	- name: Extract service account key
	delegate_to: 127.0.0.1
	run_once: true
	command:
	argv:
	- '{{ all.repo_root }}/kube/secrets/get-secret-at-path.sh'
	- etc
	- chromium-swarm-bots
	- '.data."key.json"'
	- '{{ service_account_key_filename }}'
	creates: '{{ service_account_key_filename }}'

	- name: Extract internal service account key
	delegate_to: 127.0.0.1
	run_once: true
	command:
	argv:
	- '{{ all.repo_root }}/kube/secrets/get-secret-at-path.sh'
	- etc
	- chrome-swarming-bots
	- '.data."key.json"'
	- '{{ internal_service_account_key_filename }}'
	creates: '{{ internal_service_account_key_filename }}'

	- name:
	Build and release metadata_server_ansible for the target machine with
	the service account key embedded.
	delegate_to: 127.0.0.1
	run_once: true
	make:
	chdir: '{{ all.repo_root }}/skolo/'
	target: 'release_metadata_server_ansible'
	params:
	# Pass the service account keys base64 encoded so they don't mess up the
	# Go compile command line.
	SERVICE_ACCOUNT_KEY:
	"{{ lookup('file', service_account_key_filename) \| b64encode }}"
	INTERNAL_SERVICE_ACCOUNT_KEY:
	"{{ lookup('file', internal_service_account_key_filename) \|
	b64encode }}"

	handlers:
	- name: clean_up_tempfile
	delegate_to: 127.0.0.1
	file:
	path: '{{ secrets_dir.path }}'
	state: absent