diff options
author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2017-08-30 17:20:40 +0100 |
---|---|---|
committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2017-10-27 15:17:25 +0100 |
commit | b76058177d73b2973c29dcfecfabd8fe1ab9a6d2 (patch) | |
tree | 1486f4c713eaf9bdc5a8201d2eb231d6a4241f3d /baserock_ostree/ostree-access-config.yml | |
parent | 6e96e97a39880e07f90eea44e6a0562b20cf802e (diff) | |
download | infrastructure-b76058177d73b2973c29dcfecfabd8fe1ab9a6d2.tar.gz |
baserock_ostree: Add 'releases' repo
This is different from the existing 'cache' repo in that we should
be careful what we push to it, and we should never delete things
from it once they have been made public.
Pushing to the releases repo should be done with ostree-push/receive
rather than BuildStream. I've set up the receive hook on the server.
The upstream repo of ostree-push/receive seems abandoned so I have
been using a fork: https://github.com/ssssam/ostree-push
See also:
https://listmaster.pepperfish.net/pipermail/baserock-dev-baserock.org/2017-September/013811.html
https://gitlab.com/baserock/definitions/merge_requests/58
Diffstat (limited to 'baserock_ostree/ostree-access-config.yml')
-rw-r--r-- | baserock_ostree/ostree-access-config.yml | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/baserock_ostree/ostree-access-config.yml b/baserock_ostree/ostree-access-config.yml index ff8c7def..f23cc5f9 100644 --- a/baserock_ostree/ostree-access-config.yml +++ b/baserock_ostree/ostree-access-config.yml @@ -4,7 +4,7 @@ gather_facts: false sudo: yes tasks: - - name: access for Baserock GitLab CI key + - name: authorized SSH keys for ostree (cache) user authorized_key: user: ostree key: '{{ lookup("file", "{{item}}") }}' @@ -14,3 +14,13 @@ - keys/jonathanmaw.key.pub - keys/pedroalvarez.key.pub - keys/samthursfield.key.pub + + - name: authorized SSH keys for ostree-releases user + authorized_key: + user: ostree-releases + key: '{{ lookup("file", "{{item}}") }}' + with_items: + - keys/baserock-gitlab-ci.key.pub + - keys/garyperkins.key.pub + - keys/pedroalvarez.key.pub + - keys/samthursfield.key.pub |