Skip to content

Commit ebaebec

Browse files
authored
Issue opendatahub-io#2199: chore(ci): change build-notebooks workflow to use activation key for Red Hat subscription registration instead of storing entitlement certificates (opendatahub-io#2224)
1 parent f5b3beb commit ebaebec

File tree

1 file changed

+14
-3
lines changed

1 file changed

+14
-3
lines changed

.github/workflows/build-notebooks-TEMPLATE.yaml

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -90,17 +90,28 @@ jobs:
9090
env:
9191
GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }}
9292

93+
# https://console.redhat.com/insights/connector/activation-keys
94+
# This runs slower than storing the entitlement certificates with git-crypt,
95+
# but on the other hand, it's then not necessary to regularly update them in the repo.
9396
- name: Add subscriptions from GitHub secret
9497
if: ${{ inputs.subscription }}
9598
run: |
96-
sudo mkdir -p /etc/pki/
97-
sudo cp -R ${PWD}/ci/secrets/pki/* /etc/pki/
9899
# https://access.redhat.com/solutions/5870841
99100
# https://github.com/containers/common/issues/1735
100-
printf "${PWD}/ci/secrets/run/secrets/rhsm:/etc/rhsm\n${PWD}/ci/secrets/run/secrets/etc-pki-entitlement:/etc/pki/entitlement\n${PWD}/ci/secrets/pki/consumer:/etc/pki/consumer\n" | sudo tee /usr/share/containers/mounts.conf
101+
mkdir entitlement
102+
mkdir consumer
103+
docker run \
104+
-v ${PWD}/entitlement:/etc/pki/entitlement:Z \
105+
-v ${PWD}/consumer:/etc/pki/consumer:Z \
106+
--rm -t registry.access.redhat.com/ubi9/ubi \
107+
/usr/sbin/subscription-manager register --org=${SUBSCRIPTION_ORG} --activationkey=${SUBSCRIPTION_ACTIVATION_KEY}
108+
printf "${PWD}/entitlement:/etc/pki/entitlement\n${PWD}/consumer:/etc/pki/consumer\n" | sudo tee /usr/share/containers/mounts.conf
101109
102110
mkdir -p $HOME/.config/containers/
103111
sudo cp ${PWD}/ci/secrets/pull-secret.json $HOME/.config/containers/auth.json
112+
env:
113+
SUBSCRIPTION_ORG: ${{ secrets.SUBSCRIPTION_ORG }}
114+
SUBSCRIPTION_ACTIVATION_KEY: ${{ secrets.SUBSCRIPTION_ACTIVATION_KEY }}
104115

105116
# for bin/buildinputs in scripts/sandbox.py
106117
- uses: actions/setup-go@v5

0 commit comments

Comments
 (0)