Merge pull request #1587 from bradrydzewski/master

enables cloning private repos in 0.5

drone/agent/agent.go

@@ -52,21 +52,33 @@ var AgentCmd = cli.Command{
 			Usage:  "drone authorization token",
 		},
 		cli.DurationFlag{
-			EnvVar: "BACKOFF",
+			EnvVar: "DRONE_BACKOFF",
-			Name:   "drone-backoff",
+			Name:   "backoff",
 			Usage:  "drone server backoff interval",
 			Value:  time.Second * 15,
 		},
 		cli.BoolFlag{
-			EnvVar: "DEBUG",
+			EnvVar: "DRONE_DEBUG",
 			Name:   "debug",
 			Usage:  "start the agent in debug mode",
 		},
 		cli.BoolFlag{
-			EnvVar: "EXPERIMENTAL",
+			EnvVar: "DRONE_EXPERIMENTAL",
 			Name:   "experimental",
 			Usage:  "start the agent with experimental features",
 		},
+		cli.StringSliceFlag{
+			EnvVar: "DRONE_NETRC_PLUGIN",
+			Name:   "netrc-plugin",
+			Usage:  "plugins that receive the netrc file",
+			Value:  &cli.StringSlice{"git", "hg"},
+		},
+		cli.StringSliceFlag{
+			EnvVar: "DRONE_PRIVILEGED_PLUGIN",
+			Name:   "privileged-plugin",
+			Usage:  "plugins that require privileged mode",
+			Value:  &cli.StringSlice{"docker", "gcr", "ecr"},
+		},
 	},
 }
 
@@ -99,7 +111,7 @@ func start(c *cli.Context) {
 		go func() {
 			for {
 				if err := recoverExec(client, docker); err != nil {
-					dur := c.Duration("drone-backoff")
+					dur := c.Duration("backoff")
 					logrus.Debugf("Attempting to reconnect in %v", dur)
 					time.Sleep(dur)
 				}

drone/agent/exec.go

@@ -47,7 +47,28 @@ func exec(client client.Client, docker dockerclient.Client) error {
 	envs := toEnv(w)
 	w.Yaml = expander.ExpandString(w.Yaml, envs)
 
-	w.Secrets = append(w.Secrets, &model.Secret{Name: "HEROKU_TOKEN", Value: "GODZILLA", Images: []string{"golang:1.4.2"}, Events: []string{w.Build.Event}})
+	// inject the netrc file into the clone plugin if the repositroy is
+	// private and requires authentication.
+	if w.Repo.IsPrivate {
+		w.Secrets = append(w.Secrets, &model.Secret{
+			Name:   "DRONE_NETRC_USERNAME",
+			Value:  w.Netrc.Login,
+			Images: []string{"git", "hg"}, // TODO(bradrydzewski) use the command line parameters here
+			Events: []string{model.EventDeploy, model.EventPull, model.EventPush, model.EventTag},
+		})
+		w.Secrets = append(w.Secrets, &model.Secret{
+			Name:   "DRONE_NETRC_PASSWORD",
+			Value:  w.Netrc.Password,
+			Images: []string{w.Repo.Kind},
+			Events: []string{model.EventDeploy, model.EventPull, model.EventPush, model.EventTag},
+		})
+		w.Secrets = append(w.Secrets, &model.Secret{
+			Name:   "DRONE_NETRC_MACHINE",
+			Value:  w.Netrc.Machine,
+			Images: []string{"git", "hg"},
+			Events: []string{model.EventDeploy, model.EventPull, model.EventPush, model.EventTag},
+		})
+	}
 
 	trans := []compiler.Transform{
 		builtin.NewCloneOp("plugins/"+w.Repo.Kind+":latest", true),

model/secret.go

@@ -1,5 +1,7 @@
 package model
 
+import "path/filepath"
+
 type Secret struct {
 	// the id for this secret.
 	ID int64 `json:"id" meddler:"secret_id,pk"`
@@ -7,12 +9,12 @@ type Secret struct {
 	// the foreign key for this secret.
 	RepoID int64 `json:"-" meddler:"secret_repo_id"`
 
-	// the name of the secret which will be used as the
+	// the name of the secret which will be used as the environment variable
-	// environment variable name at runtime.
+	// name at runtime.
 	Name string `json:"name" meddler:"secret_name"`
 
-	// the value of the secret which will be provided to
+	// the value of the secret which will be provided to the runtime environment
-	// the runtime environment as a named environment variable.
+	// as a named environment variable.
 	Value string `json:"value" meddler:"secret_value"`
 
 	// the secret is restricted to this list of images.
@@ -28,9 +30,9 @@ func (s *Secret) Match(image, event string) bool {
 }
 
 // MatchImage returns true if an image matches the restricted list.
-func (s *Secret) MatchImage(want string) bool {
+func (s *Secret) MatchImage(image string) bool {
-	for _, got := range s.Images {
+	for _, pattern := range s.Images {
-		if want == got {
+		if match, _ := filepath.Match(pattern, image); match {
 			return true
 		}
 	}
@@ -38,9 +40,9 @@ func (s *Secret) MatchImage(want string) bool {
 }
 
 // MatchEvent returns true if an event matches the restricted list.
-func (s *Secret) MatchEvent(want string) bool {
+func (s *Secret) MatchEvent(event string) bool {
-	for _, got := range s.Events {
+	for _, pattern := range s.Events {
-		if want == got {
+		if match, _ := filepath.Match(pattern, event); match {
 			return true
 		}
 	}

model/secret_test.go

@@ -21,11 +21,33 @@ func TestSecret(t *testing.T) {
 			secret.Events = []string{"pull_request"}
 			g.Assert(secret.MatchEvent("pull_request")).IsTrue()
 		})
+		g.It("should match image patterns", func() {
+			secret := Secret{}
+			secret.Images = []string{"golang:*"}
+			g.Assert(secret.MatchImage("golang:1.4.2")).IsTrue()
+		})
+		g.It("should match any image", func() {
+			secret := Secret{}
+			secret.Images = []string{"*"}
+			g.Assert(secret.MatchImage("golang")).IsTrue()
+		})
+		g.It("should match any event", func() {
+			secret := Secret{}
+			secret.Events = []string{"*"}
+			g.Assert(secret.MatchEvent("pull_request")).IsTrue()
+		})
 		g.It("should not match image", func() {
 			secret := Secret{}
 			secret.Images = []string{"golang"}
 			g.Assert(secret.MatchImage("node")).IsFalse()
 		})
+		g.It("should not match image substring", func() {
+			secret := Secret{}
+			secret.Images = []string{"golang"}
+
+			// image is only authorized for golang, not golang:1.4.2
+			g.Assert(secret.MatchImage("golang:1.4.2")).IsFalse()
+		})
 		g.It("should not match event", func() {
 			secret := Secret{}
 			secret.Events = []string{"pull_request"}

yaml/checksum/checksum.go

@@ -9,8 +9,8 @@ import (
 	"strings"
 )
 
-// Check is a calculates and verifies a file checksum.
+// Check is a calculates and verifies a file checksum. This supports the sha1,
-// This supports the sha1, sha256 and sha512 values.
+// sha256 and sha512 values.
 func Check(in, checksum string) bool {
 	hash, size, _ := split(checksum)
 
@@ -27,8 +27,6 @@ func Check(in, checksum string) bool {
 		return sha512sum(in) == hash
 	case 40:
 		return sha1sum(in) == hash
-	case 0:
-		return true // if no checksum assume valid
 	}
 
 	return false

yaml/checksum/checksum_test.go

@@ -89,9 +89,9 @@ func TestParse(t *testing.T) {
 			g.Assert(ok).IsFalse()
 		})
 
-		g.It("Should return true if empty checksum", func() {
+		g.It("Should return false if empty checksum", func() {
 			ok := Check("foo\n", "")
-			g.Assert(ok).IsTrue()
+			g.Assert(ok).IsFalse()
 		})
 	})
 }