chore: Remove secure repo and fetch secrets from AWS

devops/jobs/UserRetirementArchiver.groovy

@@ -74,8 +74,8 @@ class UserRetirementArchiver {
 
             wrappers {
                 credentialsBinding {
-                    file('AWS_CONFIG_FILE','tools-edx-jenkins-aws-credentials')
                     string('ROLE_ARN', extraVars.get('ENVIRONMENT_DEPLOYMENT') + '-retirement-archive-upload-role')
+                    string('SECRET_ARN', extraVars.get('ENVIRONMENT_DEPLOYMENT') + '-retirement-archive-secret-role')
                 }
             }
 

devops/resources/user-retirement-archiver.sh

@@ -11,8 +11,23 @@ env
 set -ex
 
 cd $WORKSPACE/configuration
+pip install -r util/jenkins/requirements.txt
+
 . util/jenkins/assume-role.sh
 
+# hide the sensitive information in the logs
+set +x
+
+CONFIG_YAML=$(aws secretsmanager get-secret-value --secret-id "${SECRET_ARN}" --region "us-east-1" --output json | jq -r '.SecretString' | yq -y .)
+
+# Create a temporary file to store the YAML
+TEMP_CONFIG_YAML=$(mktemp $WORKSPACE/tempfile.XXXXXXXXXX.yml)
+
+# Write the YAML data to the temporary file
+echo "$CONFIG_YAML" > "$TEMP_CONFIG_YAML"
+
+set -x
+
 assume-role ${ROLE_ARN}
 
 # prepare tubular
@@ -26,9 +41,12 @@ fi
 
 # Call the script to read the retirement statuses from the LMS, send them to S3, and delete them from the LMS.
 python scripts/retirement_archive_and_cleanup.py \
-    --config_file=$WORKSPACE/user-retirement-secure/${ENVIRONMENT_DEPLOYMENT}.yml \
+    --config_file=$TEMP_CONFIG_YAML \
     --cool_off_days=$COOL_OFF_DAYS \
     --batch_size=$BATCH_SIZE \
     --start_date=$START_DATE \
     --end_date=$END_DATE \
     --dry_run=$DRY_RUN
+
+# Remove the temporary file after processing
+rm -f "$TEMP_CONFIG_YAML"

src/main/groovy/org/edx/jenkins/dsl/UserRetirementConstants.groovy

@@ -59,23 +59,6 @@ class UserRetirementConstants {
 
     public static def common_multiscm = { extraVars ->
         return {
-            git {
-                remote {
-                    url('[email protected]:edx-ops/user-retirement-secure.git')
-                    if (extraVars.containsKey('SECURE_GIT_CREDENTIALS')) {
-                        credentials(extraVars.get('SECURE_GIT_CREDENTIALS'))
-                    }
-                }
-                branch('$USER_RETIREMENT_SECURE_BRANCH')
-                extensions {
-                    relativeTargetDirectory('user-retirement-secure')
-                    cloneOptions {
-                        shallow()
-                        timeout(10)
-                    }
-                    cleanBeforeCheckout()
-                }
-            }
             git {
                 remote {
                     url('https://github.com/edx/tubular.git')