promote secret interpolation

2024-06-18 05:10:48 +00:00 · 2017-01-20 11:12:30 +07:00 · 2017-01-20 11:12:30 +07:00 · 1f0261a72a
parent 67fbc8f14d
commit 1f0261a72a
3 changed files with 11 additions and 13 deletions
--- a/agent/agent.go
+++ b/agent/agent.go
@ -4,7 +4,6 @@ import (
 	"fmt"
 	"net"
 	"net/url"
-	"os"
 	"path/filepath"
 	"regexp"
 	"strings"
@ -95,11 +94,11 @@ func (a *Agent) prep(w *model.Work) (*yaml.Config, error) {

 	envs := toEnv(w)
 	envSecrets := map[string]string{}
-	if os.Getenv("DRONE_INTERPOLATE_SECRETS") != "" {
-		for _, secret := range w.Secrets {
-			if (w.Verified || secret.SkipVerify) && secret.MatchEvent(w.Build.Event) {
-				envSecrets[secret.Name] = secret.Value
-			}
+
+	// list of secrets to interpolate in the yaml
+	for _, secret := range w.Secrets {
+		if (w.Verified || secret.SkipVerify) && secret.MatchEvent(w.Build.Event) {
+			envSecrets[secret.Name] = secret.Value
 		}
 	}

@ -107,7 +106,7 @@ func (a *Agent) prep(w *model.Work) (*yaml.Config, error) {
 	w.Yaml, err = envsubst.Eval(w.Yaml, func(s string) string {
 		env, ok := envSecrets[s]
 		if !ok {
-			env, ok = envs[s]
+			env, _ = envs[s]
 		}
 		if strings.Contains(env, "\n") {
 			env = fmt.Sprintf("%q", env)
--- a/drone/secret.go
+++ b/drone/secret.go
@ -1,7 +1,6 @@
 package main

 import (
-	"fmt"
 	"io/ioutil"
 	"os"
 	"strings"
@ -79,10 +78,6 @@ func secretParseCmd(name string, value string, c *cli.Context) (*model.Secret, e
 	secret.SkipVerify = c.Bool("skip-verify")
 	secret.Conceal = c.Bool("conceal")

-	if len(secret.Images) == 0 {
-		return nil, fmt.Errorf("Please specify the --image parameter")
-	}
-
 	// TODO(bradrydzewski) below we use an @ sybmol to denote that the secret
 	// value should be loaded from a file (inspired by curl). I'd prefer to use
 	// a --input flag to explicitly specify a filepath instead.
@ -124,7 +119,6 @@ func secretDisplayList(secrets []*model.Secret, c *cli.Context) error {

 // template for secret list items
 var tmplSecretList = "\x1b[33m{{ .Name }} \x1b[0m" + `
-Images: {{ list .Images }}
 Events: {{ list .Events }}
 SkipVerify: {{ .SkipVerify }}
 Conceal: {{ .Conceal }}
--- a/model/secret_test.go
+++ b/model/secret_test.go
@ -48,6 +48,11 @@ func TestSecret(t *testing.T) {
 			// image is only authorized for golang, not golang:1.4.2
 			g.Assert(secret.MatchImage("golang:1.4.2")).IsFalse()
 		})
+		g.It("should not match empty image", func() {
+			secret := Secret{}
+			secret.Images = []string{}
+			g.Assert(secret.MatchImage("node")).IsFalse()
+		})
 		g.It("should not match event", func() {
 			secret := Secret{}
 			secret.Events = []string{"pull_request"}