mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2025-01-03 06:08:42 +00:00
enables cloning private repos
This commit is contained in:
parent
bcc768b157
commit
6529e095a8
6 changed files with 77 additions and 22 deletions
|
@ -52,21 +52,33 @@ var AgentCmd = cli.Command{
|
||||||
Usage: "drone authorization token",
|
Usage: "drone authorization token",
|
||||||
},
|
},
|
||||||
cli.DurationFlag{
|
cli.DurationFlag{
|
||||||
EnvVar: "BACKOFF",
|
EnvVar: "DRONE_BACKOFF",
|
||||||
Name: "drone-backoff",
|
Name: "backoff",
|
||||||
Usage: "drone server backoff interval",
|
Usage: "drone server backoff interval",
|
||||||
Value: time.Second * 15,
|
Value: time.Second * 15,
|
||||||
},
|
},
|
||||||
cli.BoolFlag{
|
cli.BoolFlag{
|
||||||
EnvVar: "DEBUG",
|
EnvVar: "DRONE_DEBUG",
|
||||||
Name: "debug",
|
Name: "debug",
|
||||||
Usage: "start the agent in debug mode",
|
Usage: "start the agent in debug mode",
|
||||||
},
|
},
|
||||||
cli.BoolFlag{
|
cli.BoolFlag{
|
||||||
EnvVar: "EXPERIMENTAL",
|
EnvVar: "DRONE_EXPERIMENTAL",
|
||||||
Name: "experimental",
|
Name: "experimental",
|
||||||
Usage: "start the agent with experimental features",
|
Usage: "start the agent with experimental features",
|
||||||
},
|
},
|
||||||
|
cli.StringSliceFlag{
|
||||||
|
EnvVar: "DRONE_NETRC_PLUGIN",
|
||||||
|
Name: "netrc-plugin",
|
||||||
|
Usage: "plugins that receive the netrc file",
|
||||||
|
Value: &cli.StringSlice{"git", "hg"},
|
||||||
|
},
|
||||||
|
cli.StringSliceFlag{
|
||||||
|
EnvVar: "DRONE_PRIVILEGED_PLUGIN",
|
||||||
|
Name: "privileged-plugin",
|
||||||
|
Usage: "plugins that require privileged mode",
|
||||||
|
Value: &cli.StringSlice{"docker", "gcr", "ecr"},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -99,7 +111,7 @@ func start(c *cli.Context) {
|
||||||
go func() {
|
go func() {
|
||||||
for {
|
for {
|
||||||
if err := recoverExec(client, docker); err != nil {
|
if err := recoverExec(client, docker); err != nil {
|
||||||
dur := c.Duration("drone-backoff")
|
dur := c.Duration("backoff")
|
||||||
logrus.Debugf("Attempting to reconnect in %v", dur)
|
logrus.Debugf("Attempting to reconnect in %v", dur)
|
||||||
time.Sleep(dur)
|
time.Sleep(dur)
|
||||||
}
|
}
|
||||||
|
|
|
@ -47,7 +47,28 @@ func exec(client client.Client, docker dockerclient.Client) error {
|
||||||
envs := toEnv(w)
|
envs := toEnv(w)
|
||||||
w.Yaml = expander.ExpandString(w.Yaml, envs)
|
w.Yaml = expander.ExpandString(w.Yaml, envs)
|
||||||
|
|
||||||
w.Secrets = append(w.Secrets, &model.Secret{Name: "HEROKU_TOKEN", Value: "GODZILLA", Images: []string{"golang:1.4.2"}, Events: []string{w.Build.Event}})
|
// inject the netrc file into the clone plugin if the repositroy is
|
||||||
|
// private and requires authentication.
|
||||||
|
if w.Repo.IsPrivate {
|
||||||
|
w.Secrets = append(w.Secrets, &model.Secret{
|
||||||
|
Name: "DRONE_NETRC_USERNAME",
|
||||||
|
Value: w.Netrc.Login,
|
||||||
|
Images: []string{"git", "hg"}, // TODO(bradrydzewski) use the command line parameters here
|
||||||
|
Events: []string{model.EventDeploy, model.EventPull, model.EventPush, model.EventTag},
|
||||||
|
})
|
||||||
|
w.Secrets = append(w.Secrets, &model.Secret{
|
||||||
|
Name: "DRONE_NETRC_PASSWORD",
|
||||||
|
Value: w.Netrc.Password,
|
||||||
|
Images: []string{w.Repo.Kind},
|
||||||
|
Events: []string{model.EventDeploy, model.EventPull, model.EventPush, model.EventTag},
|
||||||
|
})
|
||||||
|
w.Secrets = append(w.Secrets, &model.Secret{
|
||||||
|
Name: "DRONE_NETRC_MACHINE",
|
||||||
|
Value: w.Netrc.Machine,
|
||||||
|
Images: []string{"git", "hg"},
|
||||||
|
Events: []string{model.EventDeploy, model.EventPull, model.EventPush, model.EventTag},
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
trans := []compiler.Transform{
|
trans := []compiler.Transform{
|
||||||
builtin.NewCloneOp("plugins/"+w.Repo.Kind+":latest", true),
|
builtin.NewCloneOp("plugins/"+w.Repo.Kind+":latest", true),
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
package model
|
package model
|
||||||
|
|
||||||
|
import "path/filepath"
|
||||||
|
|
||||||
type Secret struct {
|
type Secret struct {
|
||||||
// the id for this secret.
|
// the id for this secret.
|
||||||
ID int64 `json:"id" meddler:"secret_id,pk"`
|
ID int64 `json:"id" meddler:"secret_id,pk"`
|
||||||
|
@ -7,12 +9,12 @@ type Secret struct {
|
||||||
// the foreign key for this secret.
|
// the foreign key for this secret.
|
||||||
RepoID int64 `json:"-" meddler:"secret_repo_id"`
|
RepoID int64 `json:"-" meddler:"secret_repo_id"`
|
||||||
|
|
||||||
// the name of the secret which will be used as the
|
// the name of the secret which will be used as the environment variable
|
||||||
// environment variable name at runtime.
|
// name at runtime.
|
||||||
Name string `json:"name" meddler:"secret_name"`
|
Name string `json:"name" meddler:"secret_name"`
|
||||||
|
|
||||||
// the value of the secret which will be provided to
|
// the value of the secret which will be provided to the runtime environment
|
||||||
// the runtime environment as a named environment variable.
|
// as a named environment variable.
|
||||||
Value string `json:"value" meddler:"secret_value"`
|
Value string `json:"value" meddler:"secret_value"`
|
||||||
|
|
||||||
// the secret is restricted to this list of images.
|
// the secret is restricted to this list of images.
|
||||||
|
@ -28,9 +30,9 @@ func (s *Secret) Match(image, event string) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
// MatchImage returns true if an image matches the restricted list.
|
// MatchImage returns true if an image matches the restricted list.
|
||||||
func (s *Secret) MatchImage(want string) bool {
|
func (s *Secret) MatchImage(image string) bool {
|
||||||
for _, got := range s.Images {
|
for _, pattern := range s.Images {
|
||||||
if want == got {
|
if match, _ := filepath.Match(pattern, image); match {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -38,9 +40,9 @@ func (s *Secret) MatchImage(want string) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
// MatchEvent returns true if an event matches the restricted list.
|
// MatchEvent returns true if an event matches the restricted list.
|
||||||
func (s *Secret) MatchEvent(want string) bool {
|
func (s *Secret) MatchEvent(event string) bool {
|
||||||
for _, got := range s.Events {
|
for _, pattern := range s.Events {
|
||||||
if want == got {
|
if match, _ := filepath.Match(pattern, event); match {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,11 +21,33 @@ func TestSecret(t *testing.T) {
|
||||||
secret.Events = []string{"pull_request"}
|
secret.Events = []string{"pull_request"}
|
||||||
g.Assert(secret.MatchEvent("pull_request")).IsTrue()
|
g.Assert(secret.MatchEvent("pull_request")).IsTrue()
|
||||||
})
|
})
|
||||||
|
g.It("should match image patterns", func() {
|
||||||
|
secret := Secret{}
|
||||||
|
secret.Images = []string{"golang:*"}
|
||||||
|
g.Assert(secret.MatchImage("golang:1.4.2")).IsTrue()
|
||||||
|
})
|
||||||
|
g.It("should match any image", func() {
|
||||||
|
secret := Secret{}
|
||||||
|
secret.Images = []string{"*"}
|
||||||
|
g.Assert(secret.MatchImage("golang")).IsTrue()
|
||||||
|
})
|
||||||
|
g.It("should match any event", func() {
|
||||||
|
secret := Secret{}
|
||||||
|
secret.Events = []string{"*"}
|
||||||
|
g.Assert(secret.MatchEvent("pull_request")).IsTrue()
|
||||||
|
})
|
||||||
g.It("should not match image", func() {
|
g.It("should not match image", func() {
|
||||||
secret := Secret{}
|
secret := Secret{}
|
||||||
secret.Images = []string{"golang"}
|
secret.Images = []string{"golang"}
|
||||||
g.Assert(secret.MatchImage("node")).IsFalse()
|
g.Assert(secret.MatchImage("node")).IsFalse()
|
||||||
})
|
})
|
||||||
|
g.It("should not match image substring", func() {
|
||||||
|
secret := Secret{}
|
||||||
|
secret.Images = []string{"golang"}
|
||||||
|
|
||||||
|
// image is only authorized for golang, not golang:1.4.2
|
||||||
|
g.Assert(secret.MatchImage("golang:1.4.2")).IsFalse()
|
||||||
|
})
|
||||||
g.It("should not match event", func() {
|
g.It("should not match event", func() {
|
||||||
secret := Secret{}
|
secret := Secret{}
|
||||||
secret.Events = []string{"pull_request"}
|
secret.Events = []string{"pull_request"}
|
||||||
|
|
|
@ -9,8 +9,8 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Check is a calculates and verifies a file checksum.
|
// Check is a calculates and verifies a file checksum. This supports the sha1,
|
||||||
// This supports the sha1, sha256 and sha512 values.
|
// sha256 and sha512 values.
|
||||||
func Check(in, checksum string) bool {
|
func Check(in, checksum string) bool {
|
||||||
hash, size, _ := split(checksum)
|
hash, size, _ := split(checksum)
|
||||||
|
|
||||||
|
@ -27,8 +27,6 @@ func Check(in, checksum string) bool {
|
||||||
return sha512sum(in) == hash
|
return sha512sum(in) == hash
|
||||||
case 40:
|
case 40:
|
||||||
return sha1sum(in) == hash
|
return sha1sum(in) == hash
|
||||||
case 0:
|
|
||||||
return true // if no checksum assume valid
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return false
|
return false
|
||||||
|
|
|
@ -89,9 +89,9 @@ func TestParse(t *testing.T) {
|
||||||
g.Assert(ok).IsFalse()
|
g.Assert(ok).IsFalse()
|
||||||
})
|
})
|
||||||
|
|
||||||
g.It("Should return true if empty checksum", func() {
|
g.It("Should return false if empty checksum", func() {
|
||||||
ok := Check("foo\n", "")
|
ok := Check("foo\n", "")
|
||||||
g.Assert(ok).IsTrue()
|
g.Assert(ok).IsFalse()
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue