mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-12-23 00:46:30 +00:00
use yaml parameter to restrict local plugin execution
This commit is contained in:
parent
9df2a43525
commit
def995b164
6 changed files with 27 additions and 41 deletions
|
@ -29,7 +29,6 @@ type Agent struct {
|
||||||
Platform string
|
Platform string
|
||||||
Namespace string
|
Namespace string
|
||||||
Extension []string
|
Extension []string
|
||||||
Disable []string
|
|
||||||
Escalate []string
|
Escalate []string
|
||||||
Netrc []string
|
Netrc []string
|
||||||
Local string
|
Local string
|
||||||
|
@ -187,7 +186,7 @@ func (a *Agent) prep(w *model.Work) (*yaml.Config, error) {
|
||||||
transform.PluginParams(conf)
|
transform.PluginParams(conf)
|
||||||
|
|
||||||
if a.Local != "" {
|
if a.Local != "" {
|
||||||
transform.PluginDisable(conf, a.Disable)
|
transform.PluginDisable(conf, true)
|
||||||
transform.ImageVolume(conf, []string{a.Local + ":" + conf.Workspace.Path})
|
transform.ImageVolume(conf, []string{a.Local + ":" + conf.Workspace.Path})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -33,11 +33,6 @@ var execCmd = cli.Command{
|
||||||
Usage: "build from local directory",
|
Usage: "build from local directory",
|
||||||
EnvVar: "DRONE_LOCAL",
|
EnvVar: "DRONE_LOCAL",
|
||||||
},
|
},
|
||||||
cli.StringSliceFlag{
|
|
||||||
Name: "plugin",
|
|
||||||
Usage: "plugin steps to enable",
|
|
||||||
EnvVar: "DRONE_PLUGIN_ENABLE",
|
|
||||||
},
|
|
||||||
cli.StringSliceFlag{
|
cli.StringSliceFlag{
|
||||||
Name: "secret",
|
Name: "secret",
|
||||||
Usage: "build secrets in KEY=VALUE format",
|
Usage: "build secrets in KEY=VALUE format",
|
||||||
|
@ -70,12 +65,6 @@ var execCmd = cli.Command{
|
||||||
Name: "pull",
|
Name: "pull",
|
||||||
Usage: "always pull latest plugin images",
|
Usage: "always pull latest plugin images",
|
||||||
},
|
},
|
||||||
cli.StringFlag{
|
|
||||||
EnvVar: "DRONE_PLUGIN_NAMESPACE",
|
|
||||||
Name: "namespace",
|
|
||||||
Value: "plugins",
|
|
||||||
Usage: "default plugin image namespace",
|
|
||||||
},
|
|
||||||
cli.StringSliceFlag{
|
cli.StringSliceFlag{
|
||||||
EnvVar: "DRONE_PLUGIN_PRIVILEGED",
|
EnvVar: "DRONE_PLUGIN_PRIVILEGED",
|
||||||
Name: "privileged",
|
Name: "privileged",
|
||||||
|
@ -157,7 +146,7 @@ var execCmd = cli.Command{
|
||||||
Usage: "repository is private",
|
Usage: "repository is private",
|
||||||
EnvVar: "DRONE_REPO_PRIVATE",
|
EnvVar: "DRONE_REPO_PRIVATE",
|
||||||
},
|
},
|
||||||
cli.BoolFlag{
|
cli.BoolTFlag{
|
||||||
Name: "repo.trusted",
|
Name: "repo.trusted",
|
||||||
Usage: "repository is trusted",
|
Usage: "repository is trusted",
|
||||||
EnvVar: "DRONE_REPO_TRUSTED",
|
EnvVar: "DRONE_REPO_TRUSTED",
|
||||||
|
@ -326,17 +315,15 @@ func exec(c *cli.Context) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
a := agent.Agent{
|
a := agent.Agent{
|
||||||
Update: agent.NoopUpdateFunc,
|
Update: agent.NoopUpdateFunc,
|
||||||
Logger: agent.TermLoggerFunc,
|
Logger: agent.TermLoggerFunc,
|
||||||
Engine: engine,
|
Engine: engine,
|
||||||
Timeout: c.Duration("timeout.inactivity"),
|
Timeout: c.Duration("timeout.inactivity"),
|
||||||
Platform: "linux/amd64",
|
Platform: "linux/amd64",
|
||||||
Namespace: c.String("namespace"),
|
Escalate: c.StringSlice("privileged"),
|
||||||
Disable: c.StringSlice("plugin"),
|
Netrc: []string{},
|
||||||
Escalate: c.StringSlice("privileged"),
|
Local: dir,
|
||||||
Netrc: []string{},
|
Pull: c.Bool("pull"),
|
||||||
Local: dir,
|
|
||||||
Pull: c.Bool("pull"),
|
|
||||||
}
|
}
|
||||||
|
|
||||||
payload := &model.Work{
|
payload := &model.Work{
|
||||||
|
@ -353,7 +340,7 @@ func exec(c *cli.Context) error {
|
||||||
Avatar: c.String("repo.avatar"),
|
Avatar: c.String("repo.avatar"),
|
||||||
Timeout: int64(c.Duration("timeout").Minutes()),
|
Timeout: int64(c.Duration("timeout").Minutes()),
|
||||||
IsPrivate: c.Bool("repo.private"),
|
IsPrivate: c.Bool("repo.private"),
|
||||||
IsTrusted: c.Bool("repo.trusted"),
|
IsTrusted: c.BoolT("repo.trusted"),
|
||||||
Clone: c.String("remote.url"),
|
Clone: c.String("remote.url"),
|
||||||
},
|
},
|
||||||
System: &model.System{
|
System: &model.System{
|
||||||
|
|
|
@ -10,7 +10,7 @@ import (
|
||||||
type Constraints struct {
|
type Constraints struct {
|
||||||
Repo Constraint
|
Repo Constraint
|
||||||
Ref Constraint
|
Ref Constraint
|
||||||
Refspec Constraint
|
Runtime Constraint
|
||||||
Platform Constraint
|
Platform Constraint
|
||||||
Environment Constraint
|
Environment Constraint
|
||||||
Event Constraint
|
Event Constraint
|
||||||
|
|
|
@ -1,27 +1,22 @@
|
||||||
package transform
|
package transform
|
||||||
|
|
||||||
import (
|
import "github.com/drone/drone/yaml"
|
||||||
"path/filepath"
|
|
||||||
|
|
||||||
"github.com/drone/drone/yaml"
|
|
||||||
)
|
|
||||||
|
|
||||||
// PluginDisable is a transform function that alters the Yaml configuration to
|
// PluginDisable is a transform function that alters the Yaml configuration to
|
||||||
// disables plugins. This is intended for use when executing the pipeline
|
// disables plugins. This is intended for use when executing the pipeline
|
||||||
// locally on your own computer.
|
// locally on your own computer.
|
||||||
func PluginDisable(conf *yaml.Config, patterns []string) error {
|
func PluginDisable(conf *yaml.Config, local bool) error {
|
||||||
for _, container := range conf.Pipeline {
|
for _, container := range conf.Pipeline {
|
||||||
if len(container.Commands) != 0 { // skip build steps
|
if len(container.Commands) != 0 || container.Detached { // skip build steps
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
var match bool
|
|
||||||
for _, pattern := range patterns {
|
if isClone(container) {
|
||||||
if ok, _ := filepath.Match(pattern, container.Name); ok {
|
container.Disabled = true
|
||||||
match = true
|
continue
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
if !match {
|
|
||||||
|
if local && container.Constraints.Runtime.Match("cli") {
|
||||||
container.Disabled = true
|
container.Disabled = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,6 +5,10 @@ import (
|
||||||
"github.com/drone/drone/yaml"
|
"github.com/drone/drone/yaml"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
//
|
||||||
|
// TODO remove
|
||||||
|
//
|
||||||
|
|
||||||
func ImageSecrets(c *yaml.Config, secrets []*model.Secret, event string) error {
|
func ImageSecrets(c *yaml.Config, secrets []*model.Secret, event string) error {
|
||||||
var images []*yaml.Container
|
var images []*yaml.Container
|
||||||
images = append(images, c.Pipeline...)
|
images = append(images, c.Pipeline...)
|
||||||
|
|
|
@ -2,6 +2,7 @@ package transform
|
||||||
|
|
||||||
import "github.com/drone/drone/yaml"
|
import "github.com/drone/drone/yaml"
|
||||||
|
|
||||||
|
// ImageVolume mounts a default volume (used for drone exec)
|
||||||
func ImageVolume(conf *yaml.Config, volumes []string) error {
|
func ImageVolume(conf *yaml.Config, volumes []string) error {
|
||||||
|
|
||||||
if len(volumes) == 0 {
|
if len(volumes) == 0 {
|
||||||
|
|
Loading…
Reference in a new issue