enables cloning private repos

This commit is contained in:
Brad Rydzewski 2016-04-21 01:18:20 -07:00
parent bcc768b157
commit 6529e095a8
6 changed files with 77 additions and 22 deletions

View file

@ -52,21 +52,33 @@ var AgentCmd = cli.Command{
Usage: "drone authorization token", Usage: "drone authorization token",
}, },
cli.DurationFlag{ cli.DurationFlag{
EnvVar: "BACKOFF", EnvVar: "DRONE_BACKOFF",
Name: "drone-backoff", Name: "backoff",
Usage: "drone server backoff interval", Usage: "drone server backoff interval",
Value: time.Second * 15, Value: time.Second * 15,
}, },
cli.BoolFlag{ cli.BoolFlag{
EnvVar: "DEBUG", EnvVar: "DRONE_DEBUG",
Name: "debug", Name: "debug",
Usage: "start the agent in debug mode", Usage: "start the agent in debug mode",
}, },
cli.BoolFlag{ cli.BoolFlag{
EnvVar: "EXPERIMENTAL", EnvVar: "DRONE_EXPERIMENTAL",
Name: "experimental", Name: "experimental",
Usage: "start the agent with experimental features", Usage: "start the agent with experimental features",
}, },
cli.StringSliceFlag{
EnvVar: "DRONE_NETRC_PLUGIN",
Name: "netrc-plugin",
Usage: "plugins that receive the netrc file",
Value: &cli.StringSlice{"git", "hg"},
},
cli.StringSliceFlag{
EnvVar: "DRONE_PRIVILEGED_PLUGIN",
Name: "privileged-plugin",
Usage: "plugins that require privileged mode",
Value: &cli.StringSlice{"docker", "gcr", "ecr"},
},
}, },
} }
@ -99,7 +111,7 @@ func start(c *cli.Context) {
go func() { go func() {
for { for {
if err := recoverExec(client, docker); err != nil { if err := recoverExec(client, docker); err != nil {
dur := c.Duration("drone-backoff") dur := c.Duration("backoff")
logrus.Debugf("Attempting to reconnect in %v", dur) logrus.Debugf("Attempting to reconnect in %v", dur)
time.Sleep(dur) time.Sleep(dur)
} }

View file

@ -47,7 +47,28 @@ func exec(client client.Client, docker dockerclient.Client) error {
envs := toEnv(w) envs := toEnv(w)
w.Yaml = expander.ExpandString(w.Yaml, envs) w.Yaml = expander.ExpandString(w.Yaml, envs)
w.Secrets = append(w.Secrets, &model.Secret{Name: "HEROKU_TOKEN", Value: "GODZILLA", Images: []string{"golang:1.4.2"}, Events: []string{w.Build.Event}}) // inject the netrc file into the clone plugin if the repositroy is
// private and requires authentication.
if w.Repo.IsPrivate {
w.Secrets = append(w.Secrets, &model.Secret{
Name: "DRONE_NETRC_USERNAME",
Value: w.Netrc.Login,
Images: []string{"git", "hg"}, // TODO(bradrydzewski) use the command line parameters here
Events: []string{model.EventDeploy, model.EventPull, model.EventPush, model.EventTag},
})
w.Secrets = append(w.Secrets, &model.Secret{
Name: "DRONE_NETRC_PASSWORD",
Value: w.Netrc.Password,
Images: []string{w.Repo.Kind},
Events: []string{model.EventDeploy, model.EventPull, model.EventPush, model.EventTag},
})
w.Secrets = append(w.Secrets, &model.Secret{
Name: "DRONE_NETRC_MACHINE",
Value: w.Netrc.Machine,
Images: []string{"git", "hg"},
Events: []string{model.EventDeploy, model.EventPull, model.EventPush, model.EventTag},
})
}
trans := []compiler.Transform{ trans := []compiler.Transform{
builtin.NewCloneOp("plugins/"+w.Repo.Kind+":latest", true), builtin.NewCloneOp("plugins/"+w.Repo.Kind+":latest", true),

View file

@ -1,5 +1,7 @@
package model package model
import "path/filepath"
type Secret struct { type Secret struct {
// the id for this secret. // the id for this secret.
ID int64 `json:"id" meddler:"secret_id,pk"` ID int64 `json:"id" meddler:"secret_id,pk"`
@ -7,12 +9,12 @@ type Secret struct {
// the foreign key for this secret. // the foreign key for this secret.
RepoID int64 `json:"-" meddler:"secret_repo_id"` RepoID int64 `json:"-" meddler:"secret_repo_id"`
// the name of the secret which will be used as the // the name of the secret which will be used as the environment variable
// environment variable name at runtime. // name at runtime.
Name string `json:"name" meddler:"secret_name"` Name string `json:"name" meddler:"secret_name"`
// the value of the secret which will be provided to // the value of the secret which will be provided to the runtime environment
// the runtime environment as a named environment variable. // as a named environment variable.
Value string `json:"value" meddler:"secret_value"` Value string `json:"value" meddler:"secret_value"`
// the secret is restricted to this list of images. // the secret is restricted to this list of images.
@ -28,9 +30,9 @@ func (s *Secret) Match(image, event string) bool {
} }
// MatchImage returns true if an image matches the restricted list. // MatchImage returns true if an image matches the restricted list.
func (s *Secret) MatchImage(want string) bool { func (s *Secret) MatchImage(image string) bool {
for _, got := range s.Images { for _, pattern := range s.Images {
if want == got { if match, _ := filepath.Match(pattern, image); match {
return true return true
} }
} }
@ -38,9 +40,9 @@ func (s *Secret) MatchImage(want string) bool {
} }
// MatchEvent returns true if an event matches the restricted list. // MatchEvent returns true if an event matches the restricted list.
func (s *Secret) MatchEvent(want string) bool { func (s *Secret) MatchEvent(event string) bool {
for _, got := range s.Events { for _, pattern := range s.Events {
if want == got { if match, _ := filepath.Match(pattern, event); match {
return true return true
} }
} }

View file

@ -21,11 +21,33 @@ func TestSecret(t *testing.T) {
secret.Events = []string{"pull_request"} secret.Events = []string{"pull_request"}
g.Assert(secret.MatchEvent("pull_request")).IsTrue() g.Assert(secret.MatchEvent("pull_request")).IsTrue()
}) })
g.It("should match image patterns", func() {
secret := Secret{}
secret.Images = []string{"golang:*"}
g.Assert(secret.MatchImage("golang:1.4.2")).IsTrue()
})
g.It("should match any image", func() {
secret := Secret{}
secret.Images = []string{"*"}
g.Assert(secret.MatchImage("golang")).IsTrue()
})
g.It("should match any event", func() {
secret := Secret{}
secret.Events = []string{"*"}
g.Assert(secret.MatchEvent("pull_request")).IsTrue()
})
g.It("should not match image", func() { g.It("should not match image", func() {
secret := Secret{} secret := Secret{}
secret.Images = []string{"golang"} secret.Images = []string{"golang"}
g.Assert(secret.MatchImage("node")).IsFalse() g.Assert(secret.MatchImage("node")).IsFalse()
}) })
g.It("should not match image substring", func() {
secret := Secret{}
secret.Images = []string{"golang"}
// image is only authorized for golang, not golang:1.4.2
g.Assert(secret.MatchImage("golang:1.4.2")).IsFalse()
})
g.It("should not match event", func() { g.It("should not match event", func() {
secret := Secret{} secret := Secret{}
secret.Events = []string{"pull_request"} secret.Events = []string{"pull_request"}

View file

@ -9,8 +9,8 @@ import (
"strings" "strings"
) )
// Check is a calculates and verifies a file checksum. // Check is a calculates and verifies a file checksum. This supports the sha1,
// This supports the sha1, sha256 and sha512 values. // sha256 and sha512 values.
func Check(in, checksum string) bool { func Check(in, checksum string) bool {
hash, size, _ := split(checksum) hash, size, _ := split(checksum)
@ -27,8 +27,6 @@ func Check(in, checksum string) bool {
return sha512sum(in) == hash return sha512sum(in) == hash
case 40: case 40:
return sha1sum(in) == hash return sha1sum(in) == hash
case 0:
return true // if no checksum assume valid
} }
return false return false

View file

@ -89,9 +89,9 @@ func TestParse(t *testing.T) {
g.Assert(ok).IsFalse() g.Assert(ok).IsFalse()
}) })
g.It("Should return true if empty checksum", func() { g.It("Should return false if empty checksum", func() {
ok := Check("foo\n", "") ok := Check("foo\n", "")
g.Assert(ok).IsTrue() g.Assert(ok).IsFalse()
}) })
}) })
} }