mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-12-28 03:10:29 +00:00
promote secret interpolation
This commit is contained in:
parent
67fbc8f14d
commit
1f0261a72a
3 changed files with 11 additions and 13 deletions
|
@ -4,7 +4,6 @@ import (
|
|||
"fmt"
|
||||
"net"
|
||||
"net/url"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
@ -95,11 +94,11 @@ func (a *Agent) prep(w *model.Work) (*yaml.Config, error) {
|
|||
|
||||
envs := toEnv(w)
|
||||
envSecrets := map[string]string{}
|
||||
if os.Getenv("DRONE_INTERPOLATE_SECRETS") != "" {
|
||||
for _, secret := range w.Secrets {
|
||||
if (w.Verified || secret.SkipVerify) && secret.MatchEvent(w.Build.Event) {
|
||||
envSecrets[secret.Name] = secret.Value
|
||||
}
|
||||
|
||||
// list of secrets to interpolate in the yaml
|
||||
for _, secret := range w.Secrets {
|
||||
if (w.Verified || secret.SkipVerify) && secret.MatchEvent(w.Build.Event) {
|
||||
envSecrets[secret.Name] = secret.Value
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -107,7 +106,7 @@ func (a *Agent) prep(w *model.Work) (*yaml.Config, error) {
|
|||
w.Yaml, err = envsubst.Eval(w.Yaml, func(s string) string {
|
||||
env, ok := envSecrets[s]
|
||||
if !ok {
|
||||
env, ok = envs[s]
|
||||
env, _ = envs[s]
|
||||
}
|
||||
if strings.Contains(env, "\n") {
|
||||
env = fmt.Sprintf("%q", env)
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"strings"
|
||||
|
@ -79,10 +78,6 @@ func secretParseCmd(name string, value string, c *cli.Context) (*model.Secret, e
|
|||
secret.SkipVerify = c.Bool("skip-verify")
|
||||
secret.Conceal = c.Bool("conceal")
|
||||
|
||||
if len(secret.Images) == 0 {
|
||||
return nil, fmt.Errorf("Please specify the --image parameter")
|
||||
}
|
||||
|
||||
// TODO(bradrydzewski) below we use an @ sybmol to denote that the secret
|
||||
// value should be loaded from a file (inspired by curl). I'd prefer to use
|
||||
// a --input flag to explicitly specify a filepath instead.
|
||||
|
@ -124,7 +119,6 @@ func secretDisplayList(secrets []*model.Secret, c *cli.Context) error {
|
|||
|
||||
// template for secret list items
|
||||
var tmplSecretList = "\x1b[33m{{ .Name }} \x1b[0m" + `
|
||||
Images: {{ list .Images }}
|
||||
Events: {{ list .Events }}
|
||||
SkipVerify: {{ .SkipVerify }}
|
||||
Conceal: {{ .Conceal }}
|
||||
|
|
|
@ -48,6 +48,11 @@ func TestSecret(t *testing.T) {
|
|||
// image is only authorized for golang, not golang:1.4.2
|
||||
g.Assert(secret.MatchImage("golang:1.4.2")).IsFalse()
|
||||
})
|
||||
g.It("should not match empty image", func() {
|
||||
secret := Secret{}
|
||||
secret.Images = []string{}
|
||||
g.Assert(secret.MatchImage("node")).IsFalse()
|
||||
})
|
||||
g.It("should not match event", func() {
|
||||
secret := Secret{}
|
||||
secret.Events = []string{"pull_request"}
|
||||
|
|
Loading…
Reference in a new issue