Move .pypirc into tmpfs

Store .pypirc in tmpfs since it contains secrets, we do this for both
gpg and ssh keys.

Change-Id: Ie85bd6daf8650547842de99d3f7260c49f6d623d
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This commit is contained in:
Paul Belanger 2017-08-29 11:34:22 -04:00
parent 4ee195decb
commit 40fd9474af
No known key found for this signature in database
GPG Key ID: 611A80832067AF38

View File

@ -1,6 +1,11 @@
- name: Install .pypirc configuration file - name: Create .pypirc configuration file tempfile
tempfile:
state: file
register: _pypirc_tmp
- name: Create .pypirc configuration file
template: template:
dest: ~/.pypirc dest: "{{ _pypirc_tmp.path }}"
mode: 0400 mode: 0400
src: .pypirc.j2 src: .pypirc.j2
@ -11,7 +16,7 @@
register: found_wheels register: found_wheels
- name: Upload wheel with twine before tarballs - name: Upload wheel with twine before tarballs
command: "{{ pypi_twine_executable }} upload -r {{ pypi_repository }} {{ item.path }}" command: "{{ pypi_twine_executable }} upload --config-file {{ _pypirc_tmp.path }} -r {{ pypi_repository }} {{ item.path }}"
with_items: "{{ found_wheels.files }}" with_items: "{{ found_wheels.files }}"
- name: Find tarballs to upload - name: Find tarballs to upload
@ -21,10 +26,10 @@
register: found_tarballs register: found_tarballs
- name: Upload tarballs with twine - name: Upload tarballs with twine
command: "{{ pypi_twine_executable }} upload -r {{ pypi_repository }} {{ item.path }}" command: "{{ pypi_twine_executable }} upload --config-file {{ _pypirc_tmp.path }} -r {{ pypi_repository }} {{ item.path }}"
with_items: "{{ found_tarballs.files }}" with_items: "{{ found_tarballs.files }}"
- name: Delete .pypirc configuration file - name: Delete .pypirc configuration file
file: file:
path: ~/.pyirc path: "{{ _pypirc_tmp.path }}"
state: absent state: absent