tools/fetch-release-credentials.sh - gke-jenkins - Git at Google

 #!/bin/bash

 PROJECT_ID="mendel-linux-cloud-infra"
 KEYRING_NAME="mendel-linux-signing-key"
 PASSPHRASE_NAME="mendel-linux-signing-key-passphrase"

 set -e

 echo "Fetching Mendel release credentials"

 install -d -m 700 $HOME/.gke-jenkins/
 install -d -m 700 $HOME/.gke-jenkins/release-credentials

 gcloud --project=mendel-linux-cloud-infra \
        secrets versions access latest --secret="${KEYRING_NAME}" \
        | base64 -d \
        > $HOME/.gke-jenkins/release-credentials/release-keyring.gpg

 gcloud --project=mendel-linux-cloud-infra \
        secrets versions access latest --secret="${PASSPHRASE_NAME}" \
        > $HOME/.gke-jenkins/release-credentials/passphrase.txt

 gpg --no-default-keyring \
     --keyring=$HOME/.gke-jenkins/release-credentials/release-keyring.gpg \
     --with-colons \
     --list-secret-keys \
     | awk -F: '$1 == "grp" { print $10 }' \
     | head -n1 \
     > $HOME/.gke-jenkins/release-credentials/keygrip.txt
	#!/bin/bash

	PROJECT_ID="mendel-linux-cloud-infra"
	KEYRING_NAME="mendel-linux-signing-key"
	PASSPHRASE_NAME="mendel-linux-signing-key-passphrase"

	set -e

	echo "Fetching Mendel release credentials"

	install -d -m 700 $HOME/.gke-jenkins/
	install -d -m 700 $HOME/.gke-jenkins/release-credentials

	gcloud --project=mendel-linux-cloud-infra \
	secrets versions access latest --secret="${KEYRING_NAME}" \
	\| base64 -d \
	> $HOME/.gke-jenkins/release-credentials/release-keyring.gpg

	gcloud --project=mendel-linux-cloud-infra \
	secrets versions access latest --secret="${PASSPHRASE_NAME}" \
	> $HOME/.gke-jenkins/release-credentials/passphrase.txt

	gpg --no-default-keyring \
	--keyring=$HOME/.gke-jenkins/release-credentials/release-keyring.gpg \
	--with-colons \
	--list-secret-keys \
	\| awk -F: '$1 == "grp" { print $10 }' \
	\| head -n1 \
	> $HOME/.gke-jenkins/release-credentials/keygrip.txt