Merge pull request #1996 from bradrydzewski/master

do not include tag when matching secrets to images
This commit is contained in:
Brad Rydzewski 2017-04-10 18:41:17 +02:00 committed by GitHub
commit 94f5724c45
7 changed files with 50 additions and 36 deletions

View file

@ -25,11 +25,6 @@ func secretAddFlags() []cli.Flag {
cli.StringSliceFlag{ cli.StringSliceFlag{
Name: "event", Name: "event",
Usage: "inject the secret for these event types", Usage: "inject the secret for these event types",
Value: &cli.StringSlice{
model.EventPush,
model.EventTag,
model.EventDeploy,
},
}, },
cli.StringSliceFlag{ cli.StringSliceFlag{
Name: "image", Name: "image",
@ -77,6 +72,13 @@ func secretParseCmd(name string, value string, c *cli.Context) (*model.Secret, e
secret.Events = c.StringSlice("event") secret.Events = c.StringSlice("event")
secret.SkipVerify = c.Bool("skip-verify") secret.SkipVerify = c.Bool("skip-verify")
secret.Conceal = c.Bool("conceal") secret.Conceal = c.Bool("conceal")
if len(secret.Events) == 0 {
secret.Events = []string{
model.EventPush,
model.EventTag,
model.EventDeploy,
}
}
// TODO(bradrydzewski) below we use an @ sybmol to denote that the secret // TODO(bradrydzewski) below we use an @ sybmol to denote that the secret
// value should be loaded from a file (inspired by curl). I'd prefer to use // value should be loaded from a file (inspired by curl). I'd prefer to use

View file

@ -463,14 +463,12 @@ func (b *builder) Build() ([]*buildItem, error) {
if !sec.MatchEvent(b.Curr.Event) { if !sec.MatchEvent(b.Curr.Event) {
continue continue
} }
if b.Curr.Verified || sec.SkipVerify {
secrets = append(secrets, compiler.Secret{ secrets = append(secrets, compiler.Secret{
Name: sec.Name, Name: sec.Name,
Value: sec.Value, Value: sec.Value,
Match: sec.Images, Match: sec.Images,
}) })
} }
}
y := b.Yaml y := b.Yaml
s, err := envsubst.Eval(y, func(name string) string { s, err := envsubst.Eval(y, func(name string) string {

View file

@ -32,6 +32,7 @@ type Compiler struct {
escalated []string escalated []string
prefix string prefix string
volumes []string volumes []string
networks []string
env map[string]string env map[string]string
base string base string
path string path string

View file

@ -28,6 +28,11 @@ func (c *Compiler) createProcess(name string, container *yaml.Container) *backen
Aliases: c.aliases, Aliases: c.aliases,
}, },
} }
for _, network := range c.networks {
networks = append(networks, backend.Conn{
Name: network,
})
}
var volumes []string var volumes []string
if !c.local { if !c.local {

View file

@ -28,7 +28,7 @@ func expandImage(name string) string {
func matchImage(from string, to ...string) bool { func matchImage(from string, to ...string) bool {
from = trimImage(from) from = trimImage(from)
for _, match := range to { for _, match := range to {
if from == match { if from == trimImage(match) {
return true return true
} }
} }

View file

@ -161,6 +161,14 @@ func WithProxy() Option {
) )
} }
// WithNetworks configures the compiler with additionnal networks
// to be connected to build containers
func WithNetworks(networks ...string) Option {
return func(compiler *Compiler) {
compiler.networks = networks
}
}
// TODO(bradrydzewski) consider an alternate approach to // TODO(bradrydzewski) consider an alternate approach to
// WithProxy where the proxy strings are passed directly // WithProxy where the proxy strings are passed directly
// to the function as named parameters. // to the function as named parameters.

46
vendor/vendor.json vendored
View file

@ -28,68 +28,68 @@
{ {
"checksumSHA1": "W3AuK8ocqHwlUajGmQLFvnRhTZE=", "checksumSHA1": "W3AuK8ocqHwlUajGmQLFvnRhTZE=",
"path": "github.com/cncd/pipeline/pipeline", "path": "github.com/cncd/pipeline/pipeline",
"revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18",
"revisionTime": "2017-04-09T09:45:58Z" "revisionTime": "2017-04-10T16:25:49Z"
}, },
{ {
"checksumSHA1": "Qu2FreqaMr8Yx2bW9O0cxAGgjr0=", "checksumSHA1": "Qu2FreqaMr8Yx2bW9O0cxAGgjr0=",
"path": "github.com/cncd/pipeline/pipeline/backend", "path": "github.com/cncd/pipeline/pipeline/backend",
"revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18",
"revisionTime": "2017-04-09T09:45:58Z" "revisionTime": "2017-04-10T16:25:49Z"
}, },
{ {
"checksumSHA1": "0CGXRaYwZhJxGIrGhn8WGpkFqPo=", "checksumSHA1": "0CGXRaYwZhJxGIrGhn8WGpkFqPo=",
"path": "github.com/cncd/pipeline/pipeline/backend/docker", "path": "github.com/cncd/pipeline/pipeline/backend/docker",
"revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18",
"revisionTime": "2017-04-09T09:45:58Z" "revisionTime": "2017-04-10T16:25:49Z"
}, },
{ {
"checksumSHA1": "/8wE+cVb7T4PQZgpLNu0DHzKGuE=", "checksumSHA1": "/8wE+cVb7T4PQZgpLNu0DHzKGuE=",
"path": "github.com/cncd/pipeline/pipeline/frontend", "path": "github.com/cncd/pipeline/pipeline/frontend",
"revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18",
"revisionTime": "2017-04-09T09:45:58Z" "revisionTime": "2017-04-10T16:25:49Z"
}, },
{ {
"checksumSHA1": "QWs+L3emrt5DDTWvqD6rbMtLKMw=", "checksumSHA1": "QWs+L3emrt5DDTWvqD6rbMtLKMw=",
"path": "github.com/cncd/pipeline/pipeline/frontend/yaml", "path": "github.com/cncd/pipeline/pipeline/frontend/yaml",
"revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18",
"revisionTime": "2017-04-09T09:45:58Z" "revisionTime": "2017-04-10T16:25:49Z"
}, },
{ {
"checksumSHA1": "Bsp5Fq7oc6ZDDX5COo//pajb0kk=", "checksumSHA1": "ggOpR/vh0Hs6SnaiuiEO/9dUkcA=",
"path": "github.com/cncd/pipeline/pipeline/frontend/yaml/compiler", "path": "github.com/cncd/pipeline/pipeline/frontend/yaml/compiler",
"revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18",
"revisionTime": "2017-04-09T09:45:58Z" "revisionTime": "2017-04-10T16:25:49Z"
}, },
{ {
"checksumSHA1": "Q0GkNUFamVYIA1Fd8r0A5M6Gx54=", "checksumSHA1": "Q0GkNUFamVYIA1Fd8r0A5M6Gx54=",
"path": "github.com/cncd/pipeline/pipeline/frontend/yaml/linter", "path": "github.com/cncd/pipeline/pipeline/frontend/yaml/linter",
"revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18",
"revisionTime": "2017-04-09T09:45:58Z" "revisionTime": "2017-04-10T16:25:49Z"
}, },
{ {
"checksumSHA1": "kx2sPUIMozPC/g6E4w48h3FfH3k=", "checksumSHA1": "kx2sPUIMozPC/g6E4w48h3FfH3k=",
"path": "github.com/cncd/pipeline/pipeline/frontend/yaml/matrix", "path": "github.com/cncd/pipeline/pipeline/frontend/yaml/matrix",
"revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18",
"revisionTime": "2017-04-09T09:45:58Z" "revisionTime": "2017-04-10T16:25:49Z"
}, },
{ {
"checksumSHA1": "2/3f3oNmxXy5kcrRLCFa24Oc9O4=", "checksumSHA1": "2/3f3oNmxXy5kcrRLCFa24Oc9O4=",
"path": "github.com/cncd/pipeline/pipeline/interrupt", "path": "github.com/cncd/pipeline/pipeline/interrupt",
"revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18",
"revisionTime": "2017-04-09T09:45:58Z" "revisionTime": "2017-04-10T16:25:49Z"
}, },
{ {
"checksumSHA1": "uOjTfke7Qxosrivgz/nVTHeIP5g=", "checksumSHA1": "uOjTfke7Qxosrivgz/nVTHeIP5g=",
"path": "github.com/cncd/pipeline/pipeline/multipart", "path": "github.com/cncd/pipeline/pipeline/multipart",
"revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18",
"revisionTime": "2017-04-09T09:45:58Z" "revisionTime": "2017-04-10T16:25:49Z"
}, },
{ {
"checksumSHA1": "TP5lK1T8cOKv5QjZ2nqdlYczSTo=", "checksumSHA1": "TP5lK1T8cOKv5QjZ2nqdlYczSTo=",
"path": "github.com/cncd/pipeline/pipeline/rpc", "path": "github.com/cncd/pipeline/pipeline/rpc",
"revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18",
"revisionTime": "2017-04-09T09:45:58Z" "revisionTime": "2017-04-10T16:25:49Z"
}, },
{ {
"checksumSHA1": "7Qj1DK0ceAXkYztW0l3+L6sn+V8=", "checksumSHA1": "7Qj1DK0ceAXkYztW0l3+L6sn+V8=",