projectcalico · fasaxc · Nov 28, 2025 · Copilot · Nov 28, 2025 · Copilot
@@ -67,13 +67,4 @@ if [ "$startup_success" = false ]; then
   exit 23
 fi
 
-set +x
-echo "$DOCKERHUB_PASSWORD" | ssh "ubuntu@${vm_ip}" -- docker login --username "$DOCKERHUB_USERNAME" --password-stdin
-scp -r -C "$HOME/secrets" "ubuntu@${vm_ip}:/home/ubuntu/secrets"
-set -x
-${ssh_cmd} "gcloud auth activate-service-account --key-file=/home/ubuntu/secrets/secret.google-service-account-key.json && \
-  gcloud config set project unique-caldron-775 && \
-  gcloud storage cp '${GCS_WORKFLOW_DIR}/${COMPONENT}/fv-artifacts/*' /tmp && \
-  tar -xzf /tmp/working-copy.tgz && \
-  ${CALICO_DIR_NAME}/${COMPONENT}/.semaphore/load-test-artifacts"
-
+echo "VM $vm_name configured successfully."
@@ -40,6 +40,12 @@ for batch in "${batches[@]}"; do
   fi
 done
 
+cat $my_dir/vm-bootstrap.sh |
+  sed "s|__GCS_WORKFLOW_DIR__|${GCS_WORKFLOW_DIR}|g" |
+  sed "s|__DOCKERHUB_USERNAME__|${DOCKERHUB_USERNAME}|g" |
+  sed "s|__CALICO_DIR_NAME__|${CALICO_DIR_NAME}|g" |
+  sed "s|__COMPONENT__|${COMPONENT}|g" > "/tmp/vm-bootstrap.sh"
+
 # Do a bulk create; this is faster and it saves API quota.
 gcloud --quiet compute instances bulk create \
        --predefined-names="$names" \
@@ -51,7 +57,8 @@ gcloud --quiet compute instances bulk create \
        --boot-disk-type=hyperdisk-balanced \
        --max-run-duration="${MAX_RUN_DURATION}" \
        --instance-termination-action=DELETE \
-       --metadata-from-file startup-script="$my_dir/vm-bootstrap.sh" \
+       --metadata-from-file startup-script="/tmp/vm-bootstrap.sh" \
+       --service-account=ci-test-vm@unique-caldron-775.iam.gserviceaccount.com \
-       --service-account=ci-test-vm@unique-caldron-775.iam.gserviceaccount.com \
+       --service-account=ci-test-vm@${GCP_PROJECT}.iam.gserviceaccount.com \
-       --service-account=ci-test-vm@unique-caldron-775.iam.gserviceaccount.com \
+       --service-account=ci-test-vm@${GCP_PROJECT}.iam.gserviceaccount.com \
        --metadata block-project-ssh-keys=TRUE,ssh-keys="ubuntu:$(ssh-keygen -y -f $HOME/.ssh/id_rsa)",enable-guest-attributes=TRUE
 
 for batch in "${batches[@]}"; do

@@ -79,4 +79,15 @@ EOF
 
 mv /tmp/daemon.json /etc/docker/daemon.json
 systemctl restart docker
+
+set +x
+DOCKERHUB_USERNAME=__DOCKERHUB_USERNAME__
+DOCKERHUB_PASSWORD=$(gcloud secrets versions access latest --project=unique-caldron-775 --secret=ci-dockerhub-password)
-DOCKERHUB_PASSWORD=$(gcloud secrets versions access latest --project=unique-caldron-775 --secret=ci-dockerhub-password)
+DOCKERHUB_PASSWORD=$(gcloud secrets versions access latest --project="${GCP_PROJECT}" --secret=ci-dockerhub-password)
-DOCKERHUB_PASSWORD=$(gcloud secrets versions access latest --project=unique-caldron-775 --secret=ci-dockerhub-password)
+DOCKERHUB_PASSWORD=$(gcloud secrets versions access latest --project="${GCP_PROJECT}" --secret=ci-dockerhub-password)
+echo "$DOCKERHUB_PASSWORD" | docker login --username "$DOCKERHUB_USERNAME" --password-stdin
+set -x
+
+gcloud storage cp '__GCS_WORKFLOW_DIR__/__COMPONENT__/fv-artifacts/*' /tmp
+tar -xzf /tmp/working-copy.tgz
+__CALICO_DIR_NAME__/__COMPONENT__/.semaphore/load-test-artifacts
+
 touch /var/run/startup-script-complete