Pass secrets more securely for container action

2025-12-17 18:26:44 +00:00 · 2022-06-06 18:43:57 -04:00
parent 689a74e352
commit e928fa3252
6 changed files with 84 additions and 27 deletions
--- a/packages/k8s/src/hooks/constants.ts
+++ b/packages/k8s/src/hooks/constants.ts
@@ -20,7 +20,7 @@ export function getJobPodName(): string {
 export function getStepPodName(): string {
  return `${getRunnerPodName().substring(
    0,
-    MAX_POD_NAME_LENGTH - ('-step'.length + STEP_POD_NAME_SUFFIX_LENGTH)
+    MAX_POD_NAME_LENGTH - ('-step-'.length + STEP_POD_NAME_SUFFIX_LENGTH)
  )}-step-${uuidv4().substring(0, STEP_POD_NAME_SUFFIX_LENGTH)}`
 }

@@ -34,6 +34,13 @@ export function getVolumeClaimName(): string {
  return name
 }

+export function getSecretName(): string {
+  return `${getRunnerPodName().substring(
+    0,
+    MAX_POD_NAME_LENGTH - ('-secret-'.length + STEP_POD_NAME_SUFFIX_LENGTH)
+  )}-secret-${uuidv4().substring(0, STEP_POD_NAME_SUFFIX_LENGTH)}`
+}
+
 const MAX_POD_NAME_LENGTH = 63
 const STEP_POD_NAME_SUFFIX_LENGTH = 8
 export const JOB_CONTAINER_NAME = 'job'