mirrors/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2025-02-22 06:06:18 +00:00
Code Issues Projects Releases Wiki Activity

disable yaml change detecting / approval. not needed

Browse source
This commit is contained in:
Brad Rydzewski 2017-04-10 14:56:37 +02:00
parent 4f4e3f2404
commit 489cdf2572
2 changed files with 83 additions and 87 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
drone/secret.go
View file

@ -120,8 +120,11 @@ func secretDisplayList(secrets []*model.Secret, c *cli.Context) error {
// template for secret list items // template for secret list items
var tmplSecretList = "\x1b[33m{{ .Name }} \x1b[0m" + ` var tmplSecretList = "\x1b[33m{{ .Name }} \x1b[0m" + `
Events: {{ list .Events }} Events: {{ list .Events }}
SkipVerify: {{ .SkipVerify }} {{- if .Images }}
Conceal: {{ .Conceal }} Images: {{ list .Images }}
{{- else }}
Images: <any>
{{- end }}
` `
var secretFuncMap = template.FuncMap{ var secretFuncMap = template.FuncMap{

163
server/hook.go
View file

@ -1,7 +1,6 @@
package server package server
import ( import (
"bytes"
"context" "context"
"encoding/json" "encoding/json"
"fmt" "fmt"
@ -164,67 +163,68 @@ func PostHook(c *gin.Context) {
logrus.Debugf("Error getting registry credentials for %s#%d. %s", repo.FullName, build.Number, err) logrus.Debugf("Error getting registry credentials for %s#%d. %s", repo.FullName, build.Number, err)
} }
var mustApprove bool // var mustApprove bool
if build.Event == model.EventPull { // if build.Event == model.EventPull {
for _, sec := range secs { // for _, sec := range secs {
if sec.SkipVerify { // if sec.SkipVerify {
continue // continue
} // }
if sec.MatchEvent(model.EventPull) { // if sec.MatchEvent(model.EventPull) {
mustApprove = true // mustApprove = true
break // break
} // }
} // }
if !mustApprove { // if !mustApprove {
logrus.Debugf("no secrets exposed to pull_request: status: accepted") // logrus.Debugf("no secrets exposed to pull_request: status: accepted")
} // }
} // }
if build.Event == model.EventPull && mustApprove { // if build.Event == model.EventPull && mustApprove {
old, ferr := remote_.FileRef(user, repo, build.Branch, repo.Config) // old, ferr := remote_.FileRef(user, repo, build.Branch, repo.Config)
if ferr != nil { // if ferr != nil {
build.Status = model.StatusBlocked // build.Status = model.StatusBlocked
logrus.Debugf("cannot fetch base yaml: status: blocked") // logrus.Debugf("cannot fetch base yaml: status: blocked")
} else if bytes.Equal(old, raw) { // } else if bytes.Equal(old, raw) {
build.Status = model.StatusPending // build.Status = model.StatusPending
logrus.Debugf("base yaml matches head yaml: status: accepted") // logrus.Debugf("base yaml matches head yaml: status: accepted")
} else { // } else {
// this block is executed if the target yaml file // // this block is executed if the target yaml file
// does not match the base yaml. // // does not match the base yaml.
//
// TODO unfortunately we have no good way to get the // // TODO unfortunately we have no good way to get the
// sender repository permissions unless the user is // // sender repository permissions unless the user is
// a registered drone user. // // a registered drone user.
sender, uerr := store.GetUserLogin(c, build.Sender) // sender, uerr := store.GetUserLogin(c, build.Sender)
if uerr != nil { // if uerr != nil {
build.Status = model.StatusBlocked // build.Status = model.StatusBlocked
logrus.Debugf("sender does not have a drone account: status: blocked") // logrus.Debugf("sender does not have a drone account: status: blocked")
} else { // } else {
if refresher, ok := remote_.(remote.Refresher); ok { // if refresher, ok := remote_.(remote.Refresher); ok {
ok, _ := refresher.Refresh(sender) // ok, _ := refresher.Refresh(sender)
if ok { // if ok {
store.UpdateUser(c, sender) // store.UpdateUser(c, sender)
} // }
} // }
// if the sender does not have push access to the // // if the sender does not have push access to the
// repository the pull request should be blocked. // // repository the pull request should be blocked.
perm, perr := remote_.Perm(sender, repo.Owner, repo.Name) // perm, perr := remote_.Perm(sender, repo.Owner, repo.Name)
if perr == nil && perm.Push == true { // if perr == nil && perm.Push == true {
build.Status = model.StatusPending // build.Status = model.StatusPending
logrus.Debugf("sender %s has push access: status: accepted", sender.Login) // logrus.Debugf("sender %s has push access: status: accepted", sender.Login)
} else { // } else {
build.Status = model.StatusBlocked // build.Status = model.StatusBlocked
logrus.Debugf("sender %s does not have push access: status: blocked", sender.Login) // logrus.Debugf("sender %s does not have push access: status: blocked", sender.Login)
} // }
} // }
} // }
} else { // } else {
build.Status = model.StatusPending // build.Status = model.StatusPending
} // }
// update some build fields // update some build fields
build.RepoID = repo.ID build.RepoID = repo.ID
build.Verified = true build.Verified = true
build.Status = model.StatusPending
if err := store.CreateBuild(c, build, build.Procs...); err != nil { if err := store.CreateBuild(c, build, build.Procs...); err != nil {
logrus.Errorf("failure to save commit for %s. %s", repo.FullName, err) logrus.Errorf("failure to save commit for %s. %s", repo.FullName, err)
@ -234,9 +234,9 @@ func PostHook(c *gin.Context) {
c.JSON(200, build) c.JSON(200, build)
if build.Status == model.StatusBlocked { // if build.Status == model.StatusBlocked {
return // return
} // }
// get the previous build so that we can send // get the previous build so that we can send
// on status change notifications // on status change notifications
@ -454,35 +454,28 @@ func (b *builder) Build() ([]*buildItem, error) {
for k, v := range metadata.EnvironDrone() { for k, v := range metadata.EnvironDrone() {
environ[k] = v environ[k] = v
} }
for k, v := range axis { for k, v := range axis {
environ[k] = v environ[k] = v
} }
secrets := map[string]string{} var secrets []compiler.Secret
var csecrets []compiler.Secret
for _, sec := range b.Secs { for _, sec := range b.Secs {
if !sec.MatchEvent(b.Curr.Event) { if !sec.MatchEvent(b.Curr.Event) {
continue continue
} }
if b.Curr.Verified || sec.SkipVerify { if b.Curr.Verified || sec.SkipVerify {
secrets[sec.Name] = sec.Value secrets = append(secrets, compiler.Secret{
csecrets = append(csecrets, compiler.Secret{
Name: sec.Name, Name: sec.Name,
Value: sec.Value, Value: sec.Value,
Match: sec.Images, Match: sec.Images,
}) })
} }
} }
sub := func(name string) string {
if v, ok := environ[name]; ok {
return v
}
return secrets[name]
}
y := b.Yaml y := b.Yaml
s, err := envsubst.Eval(y, sub) s, err := envsubst.Eval(y, func(name string) string {
return environ[name]
})
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -527,7 +520,7 @@ func (b *builder) Build() ([]*buildItem, error) {
b.Repo.IsPrivate, b.Repo.IsPrivate,
), ),
compiler.WithRegistry(registries...), compiler.WithRegistry(registries...),
compiler.WithSecret(csecrets...), compiler.WithSecret(secrets...),
compiler.WithPrefix( compiler.WithPrefix(
fmt.Sprintf( fmt.Sprintf(
"%d_%d", "%d_%d",
@ -543,18 +536,18 @@ func (b *builder) Build() ([]*buildItem, error) {
compiler.WithMetadata(metadata), compiler.WithMetadata(metadata),
).Compile(parsed) ).Compile(parsed)
for _, sec := range b.Secs { // for _, sec := range b.Secs {
if !sec.MatchEvent(b.Curr.Event) { // if !sec.MatchEvent(b.Curr.Event) {
continue // continue
} // }
if b.Curr.Verified || sec.SkipVerify { // if b.Curr.Verified || sec.SkipVerify {
ir.Secrets = append(ir.Secrets, &backend.Secret{ // ir.Secrets = append(ir.Secrets, &backend.Secret{
Mask: sec.Conceal, // Mask: sec.Conceal,
Name: sec.Name, // Name: sec.Name,
Value: sec.Value, // Value: sec.Value,
}) // })
} // }
} // }
item := &buildItem{ item := &buildItem{
Proc: proc, Proc: proc,