mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-06-17 21:00:46 +00:00
Implement backend for concealing secrets
This commit is contained in:
Don
parent
cdb9cd915e
commit
e77936f5c8
|
|
@ -23,6 +23,9 @@ type RepoSecret struct {
|
|||
|
||||
// whether the secret requires verification
|
||||
SkipVerify bool `json:"skip_verify" meddler:"secret_skip_verify"`
|
||||
|
||||
// whether the secret should be concealed in the build log
|
||||
Conceal bool `json:"conceal" meddler:"secret_conceal"`
|
||||
}
|
||||
|
||||
// Secret transforms a repo secret into a simple secret.
|
||||
|
|
@ -33,6 +36,7 @@ func (s *RepoSecret) Secret() *Secret {
|
|||
Images: s.Images,
|
||||
Events: s.Events,
|
||||
SkipVerify: s.SkipVerify,
|
||||
Conceal: s.Conceal,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -44,6 +48,7 @@ func (s *RepoSecret) Clone() *RepoSecret {
|
|||
Images: s.Images,
|
||||
Events: s.Events,
|
||||
SkipVerify: s.SkipVerify,
|
||||
Conceal: s.Conceal,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -21,6 +21,9 @@ type Secret struct {
|
|||
|
||||
// whether the secret requires verification
|
||||
SkipVerify bool `json:"skip_verify"`
|
||||
|
||||
// whether the secret should be concealed in the build log
|
||||
Conceal bool `json:"conceal"`
|
||||
}
|
||||
|
||||
// Match returns true if an image and event match the restricted list.
|
||||
|
|
|
|||
|
|
@ -23,6 +23,9 @@ type TeamSecret struct {
|
|||
|
||||
// whether the secret requires verification
|
||||
SkipVerify bool `json:"skip_verify" meddler:"team_secret_skip_verify"`
|
||||
|
||||
// whether the secret should be concealed in the build log
|
||||
Conceal bool `json:"conceal" meddler:"team_secret_conceal"`
|
||||
}
|
||||
|
||||
// Secret transforms a repo secret into a simple secret.
|
||||
|
|
@ -33,6 +36,7 @@ func (s *TeamSecret) Secret() *Secret {
|
|||
Images: s.Images,
|
||||
Events: s.Events,
|
||||
SkipVerify: s.SkipVerify,
|
||||
Conceal: s.Conceal,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -44,6 +48,7 @@ func (s *TeamSecret) Clone() *TeamSecret {
|
|||
Images: s.Images,
|
||||
Events: s.Events,
|
||||
SkipVerify: s.SkipVerify,
|
||||
Conceal: s.Conceal,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
12
store/datastore/ddl/mysql/10.sql
Normal file
12
store/datastore/ddl/mysql/10.sql
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
-- +migrate Up
|
||||
|
||||
ALTER TABLE secrets ADD COLUMN secret_conceal BOOLEAN;
|
||||
ALTER TABLE team_secrets ADD COLUMN team_secret_conceal BOOLEAN;
|
||||
|
||||
UPDATE secrets SET secret_conceal = false;
|
||||
UPDATE team_secrets SET team_secret_conceal = false;
|
||||
|
||||
-- +migrate Down
|
||||
|
||||
ALTER TABLE secrets DROP COLUMN secret_conceal;
|
||||
ALTER TABLE team_secrets DROP COLUMN team_secret_conceal;
|
||||
12
store/datastore/ddl/postgres/10.sql
Normal file
12
store/datastore/ddl/postgres/10.sql
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
-- +migrate Up
|
||||
|
||||
ALTER TABLE secrets ADD COLUMN secret_conceal BOOLEAN;
|
||||
ALTER TABLE team_secrets ADD COLUMN team_secret_conceal BOOLEAN;
|
||||
|
||||
UPDATE secrets SET secret_conceal = false;
|
||||
UPDATE team_secrets SET team_secret_conceal = false;
|
||||
|
||||
-- +migrate Down
|
||||
|
||||
ALTER TABLE secrets DROP COLUMN secret_conceal;
|
||||
ALTER TABLE team_secrets DROP COLUMN team_secret_conceal;
|
||||
12
store/datastore/ddl/sqlite3/10.sql
Normal file
12
store/datastore/ddl/sqlite3/10.sql
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
-- +migrate Up
|
||||
|
||||
ALTER TABLE secrets ADD COLUMN secret_conceal BOOLEAN;
|
||||
ALTER TABLE team_secrets ADD COLUMN team_secret_conceal BOOLEAN;
|
||||
|
||||
UPDATE secrets SET secret_conceal = 0;
|
||||
UPDATE team_secrets SET team_secret_conceal = 0;
|
||||
|
||||
-- +migrate Down
|
||||
|
||||
ALTER TABLE secrets DROP COLUMN secret_conceal;
|
||||
ALTER TABLE team_secrets DROP COLUMN team_secret_conceal;
|
||||
|
|
@ -28,7 +28,8 @@ func TestRepoSecrets(t *testing.T) {
|
|||
Value: "bar",
|
||||
Images: []string{"docker", "gcr"},
|
||||
Events: []string{"push", "tag"},
|
||||
SkipVerify: false,
|
||||
SkipVerify: true,
|
||||
Conceal: true,
|
||||
}
|
||||
err := s.SetSecret(secret)
|
||||
g.Assert(err == nil).IsTrue()
|
||||
|
|
@ -40,6 +41,8 @@ func TestRepoSecrets(t *testing.T) {
|
|||
g.Assert(got.Value).Equal(secret.Value)
|
||||
g.Assert(got.Images).Equal(secret.Images)
|
||||
g.Assert(got.Events).Equal(secret.Events)
|
||||
g.Assert(got.SkipVerify).Equal(secret.SkipVerify)
|
||||
g.Assert(got.Conceal).Equal(secret.Conceal)
|
||||
})
|
||||
|
||||
g.It("Should update a secret", func() {
|
||||
|
|
|
|||
|
|
@ -28,7 +28,8 @@ func TestTeamSecrets(t *testing.T) {
|
|||
Value: "bar",
|
||||
Images: []string{"docker", "gcr"},
|
||||
Events: []string{"push", "tag"},
|
||||
SkipVerify: false,
|
||||
SkipVerify: true,
|
||||
Conceal: true,
|
||||
}
|
||||
err := s.SetTeamSecret(secret)
|
||||
g.Assert(err == nil).IsTrue()
|
||||
|
|
@ -40,6 +41,8 @@ func TestTeamSecrets(t *testing.T) {
|
|||
g.Assert(got.Value).Equal(secret.Value)
|
||||
g.Assert(got.Images).Equal(secret.Images)
|
||||
g.Assert(got.Events).Equal(secret.Events)
|
||||
g.Assert(got.SkipVerify).Equal(secret.SkipVerify)
|
||||
g.Assert(got.Conceal).Equal(secret.Conceal)
|
||||
})
|
||||
|
||||
g.It("Should update a secret", func() {
|
||||
|
|
|
|||
Loading…
Reference in a new issue