Skip to content

Commit c32839f

Browse files
Will Fengfacebook-github-bot
Will Feng
authored and
facebook-github-bot
committed
CircleCI: better credentials visibility (pytorch#12552)
Summary: We will rotate the credentials if the new setting works. Pull Request resolved: pytorch#12552 Differential Revision: D10322121 Pulled By: yf225 fbshipit-source-id: 158f2f89b83a751566a912869a4400d5be6e5765
1 parent 89010d6 commit c32839f

File tree

1 file changed

+30
-30
lines changed

1 file changed

+30
-30
lines changed

.circleci/config.yml

+30-30
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,8 @@ docker_config_defaults: &docker_config_defaults
77
user: jenkins
88
aws_auth:
99
# This IAM user only allows read-write access to ECR
10-
aws_access_key_id: AKIAI43PKLK3PGLUWQMA
11-
aws_secret_access_key: ${CIRCLECI_AWS_SECRET_KEY_FOR_ECR_READ_WRITE}
10+
aws_access_key_id: ${CIRCLECI_AWS_ACCESS_KEY_FOR_ECR_READ_WRITE_V2}
11+
aws_secret_access_key: ${CIRCLECI_AWS_SECRET_KEY_FOR_ECR_READ_WRITE_V2}
1212

1313
# NOTE: We only perform the merge in build step and not in test step, because
1414
# all source files will be shared from build to test
@@ -37,15 +37,15 @@ install_official_git_client: &install_official_git_client
3737
name: Install Official Git Client
3838
no_output_timeout: "1h"
3939
command: |
40-
set -ex
40+
set -e
4141
sudo apt-get update
4242
sudo apt-get install -y openssh-client git
4343
4444
setup_ci_environment: &setup_ci_environment
4545
name: Set Up CI Environment
4646
no_output_timeout: "1h"
4747
command: |
48-
set -ex
48+
set -e
4949
sudo pip install awscli
5050
5151
sudo apt-get update
@@ -83,13 +83,13 @@ setup_ci_environment: &setup_ci_environment
8383
echo "declare -x MAX_JOBS=${MAX_JOBS}" >> /home/circleci/project/env
8484
8585
# This IAM user allows write access to S3 bucket for sccache
86-
echo "declare -x AWS_ACCESS_KEY_ID=AKIAJJZUW4G2ASX5W7KA" >> /home/circleci/project/env
87-
echo "declare -x AWS_SECRET_ACCESS_KEY=${CIRCLECI_AWS_SECRET_KEY_FOR_SCCACHE_S3_BUCKET}" >> /home/circleci/project/env
86+
echo "declare -x AWS_ACCESS_KEY_ID=${CIRCLECI_AWS_ACCESS_KEY_FOR_SCCACHE_S3_BUCKET_V2}" >> /home/circleci/project/env
87+
echo "declare -x AWS_SECRET_ACCESS_KEY=${CIRCLECI_AWS_SECRET_KEY_FOR_SCCACHE_S3_BUCKET_V2}" >> /home/circleci/project/env
8888
fi
8989
9090
# This IAM user only allows read-write access to ECR
91-
export AWS_ACCESS_KEY_ID=AKIAI43PKLK3PGLUWQMA
92-
export AWS_SECRET_ACCESS_KEY=${CIRCLECI_AWS_SECRET_KEY_FOR_ECR_READ_WRITE}
91+
export AWS_ACCESS_KEY_ID=${CIRCLECI_AWS_ACCESS_KEY_FOR_ECR_READ_WRITE_V2}
92+
export AWS_SECRET_ACCESS_KEY=${CIRCLECI_AWS_SECRET_KEY_FOR_ECR_READ_WRITE_V2}
9393
eval $(aws ecr get-login --region us-east-1 --no-include-email)
9494
9595
pytorch_linux_cpu_build_test_defaults: &pytorch_linux_cpu_build_test_defaults
@@ -112,8 +112,8 @@ pytorch_linux_cpu_build_test_defaults: &pytorch_linux_cpu_build_test_defaults
112112
export MEMORY_LIMIT_MAX_JOBS=8 # the "large" resource class on CircleCI has 32 CPU cores, if we use all of them we'll OOM
113113
export MAX_JOBS=$(( ${SCCACHE_MAX_JOBS} > ${MEMORY_LIMIT_MAX_JOBS} ? ${MEMORY_LIMIT_MAX_JOBS} : ${SCCACHE_MAX_JOBS} ))
114114
# This IAM user allows write access to S3 bucket for sccache
115-
export AWS_ACCESS_KEY_ID=AKIAJJZUW4G2ASX5W7KA
116-
export AWS_SECRET_ACCESS_KEY=${CIRCLECI_AWS_SECRET_KEY_FOR_SCCACHE_S3_BUCKET}
115+
export AWS_ACCESS_KEY_ID=${CIRCLECI_AWS_ACCESS_KEY_FOR_SCCACHE_S3_BUCKET_V2}
116+
export AWS_SECRET_ACCESS_KEY=${CIRCLECI_AWS_SECRET_KEY_FOR_SCCACHE_S3_BUCKET_V2}
117117
git submodule sync && git submodule update --init
118118
.jenkins/pytorch/build.sh
119119
.jenkins/pytorch/test.sh
@@ -203,7 +203,7 @@ caffe2_linux_build_defaults: &caffe2_linux_build_defaults
203203
name: Build
204204
no_output_timeout: "1h"
205205
command: |
206-
set -ex
206+
set -e
207207
sudo pip install awscli
208208
209209
sudo apt-get update
@@ -229,8 +229,8 @@ caffe2_linux_build_defaults: &caffe2_linux_build_defaults
229229
echo "declare -x MAX_JOBS=${MAX_JOBS}" >> /home/circleci/project/env
230230
231231
# This IAM user allows write access to S3 bucket for sccache
232-
echo "declare -x AWS_ACCESS_KEY_ID=AKIAJJZUW4G2ASX5W7KA" >> /home/circleci/project/env
233-
echo "declare -x AWS_SECRET_ACCESS_KEY=${CIRCLECI_AWS_SECRET_KEY_FOR_SCCACHE_S3_BUCKET}" >> /home/circleci/project/env
232+
echo "declare -x AWS_ACCESS_KEY_ID=${CIRCLECI_AWS_ACCESS_KEY_FOR_SCCACHE_S3_BUCKET_V2}" >> /home/circleci/project/env
233+
echo "declare -x AWS_SECRET_ACCESS_KEY=${CIRCLECI_AWS_SECRET_KEY_FOR_SCCACHE_S3_BUCKET_V2}" >> /home/circleci/project/env
234234
235235
# TODO: merge this into Caffe2 build.sh
236236
cat >/home/circleci/project/ci_build_script.sh <<EOL
@@ -278,8 +278,8 @@ caffe2_linux_build_defaults: &caffe2_linux_build_defaults
278278
279279
sudo pkill -SIGHUP dockerd
280280
# This IAM user only allows read-write access to ECR
281-
export AWS_ACCESS_KEY_ID=AKIAI43PKLK3PGLUWQMA
282-
export AWS_SECRET_ACCESS_KEY=${CIRCLECI_AWS_SECRET_KEY_FOR_ECR_READ_WRITE}
281+
export AWS_ACCESS_KEY_ID=${CIRCLECI_AWS_ACCESS_KEY_FOR_ECR_READ_WRITE_V2}
282+
export AWS_SECRET_ACCESS_KEY=${CIRCLECI_AWS_SECRET_KEY_FOR_ECR_READ_WRITE_V2}
283283
eval $(aws ecr get-login --region us-east-1 --no-include-email)
284284
docker pull ${DOCKER_IMAGE}
285285
export id=$(docker run -t -d -w /var/lib/jenkins ${DOCKER_IMAGE})
@@ -316,7 +316,7 @@ caffe2_linux_test_defaults: &caffe2_linux_test_defaults
316316
name: Test
317317
no_output_timeout: "1h"
318318
command: |
319-
set -x
319+
set -e
320320
sudo pip install awscli
321321
322322
sudo apt-get update
@@ -387,8 +387,8 @@ caffe2_linux_test_defaults: &caffe2_linux_test_defaults
387387
388388
source /home/circleci/project/caffe2-ci-env/COMMIT_DOCKER_IMAGE
389389
# This IAM user only allows read-write access to ECR
390-
export AWS_ACCESS_KEY_ID=AKIAI43PKLK3PGLUWQMA
391-
export AWS_SECRET_ACCESS_KEY=${CIRCLECI_AWS_SECRET_KEY_FOR_ECR_READ_WRITE}
390+
export AWS_ACCESS_KEY_ID=${CIRCLECI_AWS_ACCESS_KEY_FOR_ECR_READ_WRITE_V2}
391+
export AWS_SECRET_ACCESS_KEY=${CIRCLECI_AWS_SECRET_KEY_FOR_ECR_READ_WRITE_V2}
392392
eval $(aws ecr get-login --region us-east-1 --no-include-email)
393393
docker pull ${COMMIT_DOCKER_IMAGE}
394394
if [ -n "${CUDA_VERSION}" ]; then
@@ -411,7 +411,7 @@ caffe2_macos_build_defaults: &caffe2_macos_build_defaults
411411
name: Build
412412
no_output_timeout: "1h"
413413
command: |
414-
set -ex
414+
set -e
415415
416416
export IN_CIRCLECI=1
417417
@@ -446,8 +446,8 @@ caffe2_macos_build_defaults: &caffe2_macos_build_defaults
446446
export SCCACHE_BUCKET=ossci-compiler-cache-circleci-v2
447447
448448
# This IAM user allows write access to S3 bucket for sccache
449-
export AWS_ACCESS_KEY_ID=AKIAJJZUW4G2ASX5W7KA
450-
export AWS_SECRET_ACCESS_KEY=${CIRCLECI_AWS_SECRET_KEY_FOR_SCCACHE_S3_BUCKET}
449+
export AWS_ACCESS_KEY_ID=${CIRCLECI_AWS_ACCESS_KEY_FOR_SCCACHE_S3_BUCKET_V2}
450+
export AWS_SECRET_ACCESS_KEY=${CIRCLECI_AWS_SECRET_KEY_FOR_SCCACHE_S3_BUCKET_V2}
451451
452452
export SCCACHE_BIN=${PWD}/sccache_bin
453453
mkdir -p ${SCCACHE_BIN}
@@ -665,8 +665,8 @@ jobs:
665665
666666
docker cp $id:/var/lib/jenkins/workspace/env /home/circleci/project/env
667667
# This IAM user allows write access to S3 bucket for perf test numbers
668-
echo "declare -x AWS_ACCESS_KEY_ID=AKIAIKUCKAAULNJNWFWA" >> /home/circleci/project/env
669-
echo "declare -x AWS_SECRET_ACCESS_KEY=${CIRCLECI_AWS_SECRET_KEY_FOR_PERF_TEST_S3_BUCKET}" >> /home/circleci/project/env
668+
echo "declare -x AWS_ACCESS_KEY_ID=${CIRCLECI_AWS_ACCESS_KEY_FOR_PERF_TEST_S3_BUCKET_V2}" >> /home/circleci/project/env
669+
echo "declare -x AWS_SECRET_ACCESS_KEY=${CIRCLECI_AWS_SECRET_KEY_FOR_PERF_TEST_S3_BUCKET_V2}" >> /home/circleci/project/env
670670
docker cp /home/circleci/project/env $id:/var/lib/jenkins/workspace/env
671671
672672
(echo "export JOB_BASE_NAME=${JOB_BASE_NAME}" && echo "source ./workspace/env" && echo 'sudo chown -R jenkins workspace && cd workspace && .jenkins/pytorch/short-perf-test-gpu.sh') | docker exec -u jenkins -i "$id" bash
@@ -685,7 +685,7 @@ jobs:
685685
BUILD_ENVIRONMENT: pytorch-macos-10.13-py3
686686
no_output_timeout: "1h"
687687
command: |
688-
set -ex
688+
set -e
689689
690690
export IN_CIRCLECI=1
691691
@@ -695,8 +695,8 @@ jobs:
695695
696696
export SCCACHE_BUCKET=ossci-compiler-cache-circleci-v2
697697
# This IAM user allows write access to S3 bucket for sccache
698-
export AWS_ACCESS_KEY_ID=AKIAJJZUW4G2ASX5W7KA
699-
export AWS_SECRET_ACCESS_KEY=${CIRCLECI_AWS_SECRET_KEY_FOR_SCCACHE_S3_BUCKET}
698+
export AWS_ACCESS_KEY_ID=${CIRCLECI_AWS_ACCESS_KEY_FOR_SCCACHE_S3_BUCKET_V2}
699+
export AWS_SECRET_ACCESS_KEY=${CIRCLECI_AWS_SECRET_KEY_FOR_SCCACHE_S3_BUCKET_V2}
700700
701701
git submodule sync && git submodule update --init
702702
chmod a+x .jenkins/pytorch/macos-build.sh
@@ -728,7 +728,7 @@ jobs:
728728
no_output_timeout: "1h"
729729
command: |
730730
# TODO: need to share source files from build to test, when macOS builds are enabled
731-
set -ex
731+
set -e
732732
export IN_CIRCLECI=1
733733
chmod a+x .jenkins/pytorch/macos-test.sh
734734
.jenkins/pytorch/macos-test.sh
@@ -747,7 +747,7 @@ jobs:
747747
BUILD_ENVIRONMENT: pytorch-macos-10.13-cuda9.2-cudnn7-py3
748748
no_output_timeout: "1h"
749749
command: |
750-
set -ex
750+
set -e
751751
752752
export IN_CIRCLECI=1
753753
@@ -772,8 +772,8 @@ jobs:
772772
sudo chmod +x /usr/local/bin/sccache
773773
export SCCACHE_BUCKET=ossci-compiler-cache-circleci-v2
774774
# This IAM user allows write access to S3 bucket for sccache
775-
export AWS_ACCESS_KEY_ID=AKIAJJZUW4G2ASX5W7KA
776-
export AWS_SECRET_ACCESS_KEY=${CIRCLECI_AWS_SECRET_KEY_FOR_SCCACHE_S3_BUCKET}
775+
export AWS_ACCESS_KEY_ID=${CIRCLECI_AWS_ACCESS_KEY_FOR_SCCACHE_S3_BUCKET_V2}
776+
export AWS_SECRET_ACCESS_KEY=${CIRCLECI_AWS_SECRET_KEY_FOR_SCCACHE_S3_BUCKET_V2}
777777
778778
git submodule sync && git submodule update --init
779779
chmod a+x .jenkins/pytorch/macos-build.sh

0 commit comments

Comments
 (0)