Merge branch 'master' into bbserver-cleanup

README.md

@@ -35,12 +35,6 @@ Please see our [installation guide](http://readme.drone.io/setup/overview) to in
 
 ### From Source
 
-Install build dependencies:
-
-* go 1.5+ ([install guide](http://golang.org/doc/install))
-* libsqlite3 ([install script](https://github.com/drone/drone/blob/master/contrib/setup-sqlite.sh))
-* sassc ([install script](https://github.com/drone/drone/blob/master/contrib/setup-sassc.sh))
-
 Clone the repository to your Go workspace:
 
 ```

client/client_impl.go

@@ -76,7 +76,10 @@ func NewClientTokenTLS(uri, token string, c *tls.Config) Client {
 	auther := config.Client(oauth2.NoContext, &oauth2.Token{AccessToken: token})
 	if c != nil {
 		if trans, ok := auther.Transport.(*oauth2.Transport); ok {
-			trans.Base = &http.Transport{TLSClientConfig: c}
+			trans.Base = &http.Transport{
+				TLSClientConfig: c,
+				Proxy: http.ProxyFromEnvironment,
+			}
 		}
 	}
 	return &client{client: auther, base: uri, token: token}

drone/agent/agent.go

@@ -1,7 +1,10 @@
 package agent
 
 import (
+	"os"
+	"os/signal"
 	"sync"
+	"syscall"
 	"time"
 
 	"github.com/drone/drone/client"
@@ -201,5 +204,25 @@ func start(c *cli.Context) {
 			}
 		}()
 	}
+	handleSignals()
 	wg.Wait()
 }
+
+// tracks running builds
+var running sync.WaitGroup
+
+func handleSignals() {
+	// Graceful shut-down on SIGINT/SIGTERM
+	c := make(chan os.Signal, 1)
+	signal.Notify(c, os.Interrupt)
+	signal.Notify(c, syscall.SIGTERM)
+
+	go func() {
+		<-c
+		logrus.Debugln("SIGTERM received.")
+		logrus.Debugln("wait for running builds to finish.")
+		running.Wait()
+		logrus.Debugln("done.")
+		os.Exit(0)
+	}()
+}

drone/agent/exec.go

@@ -33,6 +33,10 @@ func (r *pipeline) run() error {
 	if err != nil {
 		return err
 	}
+	running.Add(1)
+	defer func() {
+		running.Done()
+	}()
 
 	logrus.Infof("Starting build %s/%s#%d.%d",
 		w.Repo.Owner, w.Repo.Name, w.Build.Number, w.Job.Number)

drone/server.go

@@ -110,7 +110,7 @@ var serverCmd = cli.Command{
 		},
 		cli.StringFlag{
 			EnvVar: "DRONE_GITHUB_SECRET",
-			Name:   "github-sercret",
+			Name:   "github-secret",
 			Usage:  "github oauth2 client secret",
 		},
 		cli.StringSliceFlag{
@@ -203,7 +203,7 @@ var serverCmd = cli.Command{
 		},
 		cli.StringFlag{
 			EnvVar: "DRONE_GITLAB_SECRET",
-			Name:   "gitlab-sercret",
+			Name:   "gitlab-secret",
 			Usage:  "gitlab oauth2 client secret",
 		},
 		cli.StringFlag{

router/middleware/remote.go

@@ -80,7 +80,7 @@ func setupGitlab(c *cli.Context) (remote.Remote, error) {
 	return gitlab.New(gitlab.Opts{
 		URL:         c.String("gitlab-server"),
 		Client:      c.String("gitlab-client"),
-		Secret:      c.String("gitlab-sercret"),
+		Secret:      c.String("gitlab-secret"),
 		Username:    c.String("gitlab-git-username"),
 		Password:    c.String("gitlab-git-password"),
 		PrivateMode: c.Bool("gitlab-private-mode"),
@@ -94,7 +94,7 @@ func setupGithub(c *cli.Context) (remote.Remote, error) {
 		URL:         c.String("github-server"),
 		Context:     c.String("github-context"),
 		Client:      c.String("github-client"),
-		Secret:      c.String("github-sercret"),
+		Secret:      c.String("github-secret"),
 		Scopes:      c.StringSlice("github-scope"),
 		Username:    c.String("github-git-username"),
 		Password:    c.String("github-git-password"),

router/middleware/session/user.go

@@ -85,6 +85,23 @@ func MustAdmin() gin.HandlerFunc {
 	}
 }
 
+func MustRepoAdmin() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		user := User(c)
+		perm := Perm(c)
+		switch {
+		case user == nil:
+			c.String(401, "User not authorized")
+			c.Abort()
+		case perm.Admin == false:
+			c.String(403, "User not authorized")
+			c.Abort()
+		default:
+			c.Next()
+		}
+	}
+}
+
 func MustUser() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		user := User(c)

router/router.go

@@ -84,8 +84,8 @@ func Load(middleware ...gin.HandlerFunc) http.Handler {
 
 			// requires push permissions
 			repo.PATCH("", session.MustPush, server.PatchRepo)
-			repo.DELETE("", session.MustPush, server.DeleteRepo)
-			repo.POST("/chown", session.MustPush, server.ChownRepo)
+			repo.DELETE("", session.MustRepoAdmin(), server.DeleteRepo)
+			repo.POST("/chown", session.MustRepoAdmin(), server.ChownRepo)
 
 			repo.POST("/builds/:number", session.MustPush, server.PostBuild)
 			repo.DELETE("/builds/:number/:job", session.MustPush, server.DeleteBuild)

yaml/transform/command.go

@@ -65,6 +65,7 @@ machine $DRONE_NETRC_MACHINE
 login $DRONE_NETRC_USERNAME
 password $DRONE_NETRC_PASSWORD
 EOF
+chmod 0600 $HOME/.netrc
 fi
 
 unset DRONE_NETRC_USERNAME

yaml/transform/image.go

@@ -1,6 +1,7 @@
 package transform
 
 import (
+	"fmt"
 	"path/filepath"
 	"strings"
 
@@ -61,6 +62,9 @@ func ImageEscalate(conf *yaml.Config, patterns []string) error {
 	for _, c := range conf.Pipeline {
 		for _, pattern := range patterns {
 			if ok, _ := filepath.Match(pattern, c.Image); ok {
+				if len(c.Commands) != 0 {
+					return fmt.Errorf("Custom commands disabled for the %s plugin", c.Image)
+				}
 				c.Privileged = true
 			}
 		}

yaml/transform/image_test.go

@@ -89,6 +89,17 @@ func Test_escalate(t *testing.T) {
 			ImageEscalate(c, []string{"plugins/docker"})
 			g.Assert(c.Pipeline[0].Privileged).IsFalse()
 		})
+
+		g.It("should not escalate plugin with commands", func() {
+			c := newConfig(&yaml.Container{
+				Image:    "docker",
+				Commands: []string{"echo foo"},
+			})
+
+			err := ImageEscalate(c, []string{"docker"})
+			g.Assert(c.Pipeline[0].Privileged).IsFalse()
+			g.Assert(err.Error()).Equal("Custom commands disabled for the docker plugin")
+		})
 	})
 }