From e2cc1814ab4fb951353a3475930c095f0ad91327 Mon Sep 17 00:00:00 2001
From: Guillaume Pasero <guillaume.pasero@c-s.fr>
Date: Wed, 24 Apr 2019 10:22:03 +0200
Subject: [PATCH] CI: use a single token for API access

---
 .gitlab-ci.yml             |  2 +-
 CI/check_twin_pipelines.py | 14 +++++++++-----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 76ca6e10df..62d5eba409 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -26,7 +26,7 @@ before_script:
   - git checkout $CI_COMMIT_REF_NAME
 
 after_script:
-  - python3 CI/cdash_handler.py $CI_COMMIT_SHA $CI_PROJECT_ID $CI_PROJECT_DIR $K8S_SECRET_CDASH
+  - python3 CI/cdash_handler.py $CI_COMMIT_SHA $CI_PROJECT_ID $CI_PROJECT_DIR $K8S_SECRET_API_TOKEN
 
 stages:
   - precheck
diff --git a/CI/check_twin_pipelines.py b/CI/check_twin_pipelines.py
index d2a6113924..7f05c1809c 100644
--- a/CI/check_twin_pipelines.py
+++ b/CI/check_twin_pipelines.py
@@ -64,25 +64,29 @@ if __name__ == "__main__":
   sha1 = env['CI_COMMIT_SHA']
   # are we in a merge_request pipeline ?
   if 'CI_MERGE_REQUEST_IID' in env.keys():
-    if not CheckEnvParameters(['K8S_SECRET_TWIN_PIPELINE','CI_PROJECT_ID','CI_PIPELINE_ID']):
+    if not CheckEnvParameters(['K8S_SECRET_API_TOKEN']):
+      print("Make sure you have set a valid acces token for Gitlab API")
+      print("The K8S_SECRET_API_TOKEN environment variable should be set in 'Settings -> CI/CD -> Variables'")
       sys.exit(1)
-    mrInfo = GitlabRequest('merge_requests/'+env['CI_MERGE_REQUEST_IID'],token=env['K8S_SECRET_TWIN_PIPELINE'])
+    if not CheckEnvParameters(['CI_PROJECT_ID','CI_PIPELINE_ID']):
+      sys.exit(1)
+    mrInfo = GitlabRequest('merge_requests/'+env['CI_MERGE_REQUEST_IID'],token=env['K8S_SECRET_API_TOKEN'])
     wip_regex = re.compile("^[Ww][Ii][Pp]:")
     # is it a "WIP" merge request ?
     if wip_regex.search(mrInfo["title"]):
       # Yes: cancel the current pipeline
       print("Cancel current pipeline "+env['CI_PIPELINE_ID'])
       GitlabRequest('pipelines/'+env['CI_PIPELINE_ID']+'/cancel', data={}, \
-        project=env['CI_PROJECT_ID'], token=env['K8S_SECRET_TWIN_PIPELINE'])
+        project=env['CI_PROJECT_ID'], token=env['K8S_SECRET_API_TOKEN'])
       time.sleep(180)
       print("Error: this pipeline should have been canceled")
       sys.exit(1)
     else:
       # No: cancel any previous "normal" pipeline on the same SHA1
-      jres = GitlabRequest('pipelines?sha='+sha1, project=env['CI_PROJECT_ID'], token=env['K8S_SECRET_TWIN_PIPELINE'])
+      jres = GitlabRequest('pipelines?sha='+sha1, project=env['CI_PROJECT_ID'], token=env['K8S_SECRET_API_TOKEN'])
       for item in jres:
         if item["id"] < int(env['CI_PIPELINE_ID']) and item["status"] == "running":
           print("Cancel pipeline "+str(item["id"]))
           jres2 = GitlabRequest('pipelines/'+str(item["id"])+'/cancel', data={}, \
-            project=env['CI_PROJECT_ID'], token=env['K8S_SECRET_TWIN_PIPELINE'])
+            project=env['CI_PROJECT_ID'], token=env['K8S_SECRET_API_TOKEN'])
 
-- 
GitLab