Fix netrc passing to clone image (#1964)

closes #1837
This commit is contained in:
Anbraten 2023-07-09 23:41:13 +02:00 committed by GitHub
parent a3b9cae759
commit f2c33a0d89
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 15 additions and 13 deletions

View file

@ -7,6 +7,7 @@ import (
backend_types "github.com/woodpecker-ci/woodpecker/pipeline/backend/types" backend_types "github.com/woodpecker-ci/woodpecker/pipeline/backend/types"
"github.com/woodpecker-ci/woodpecker/pipeline/frontend/metadata" "github.com/woodpecker-ci/woodpecker/pipeline/frontend/metadata"
yaml_types "github.com/woodpecker-ci/woodpecker/pipeline/frontend/yaml/types" yaml_types "github.com/woodpecker-ci/woodpecker/pipeline/frontend/yaml/types"
"github.com/woodpecker-ci/woodpecker/pipeline/frontend/yaml/utils"
"github.com/woodpecker-ci/woodpecker/shared/constant" "github.com/woodpecker-ci/woodpecker/shared/constant"
) )
@ -34,7 +35,7 @@ type Secret struct {
} }
func (s *Secret) Available(container *yaml_types.Container) bool { func (s *Secret) Available(container *yaml_types.Container) bool {
return (len(s.Match) == 0 || matchImage(container.Image, s.Match...)) && (!s.PluginOnly || container.IsPlugin()) return (len(s.Match) == 0 || utils.MatchImage(container.Image, s.Match...)) && (!s.PluginOnly || container.IsPlugin())
} }
type secretMap map[string]Secret type secretMap map[string]Secret

View file

@ -14,6 +14,7 @@ import (
"github.com/woodpecker-ci/woodpecker/pipeline/frontend/metadata" "github.com/woodpecker-ci/woodpecker/pipeline/frontend/metadata"
"github.com/woodpecker-ci/woodpecker/pipeline/frontend/yaml/compiler/settings" "github.com/woodpecker-ci/woodpecker/pipeline/frontend/yaml/compiler/settings"
yaml_types "github.com/woodpecker-ci/woodpecker/pipeline/frontend/yaml/types" yaml_types "github.com/woodpecker-ci/woodpecker/pipeline/frontend/yaml/types"
"github.com/woodpecker-ci/woodpecker/pipeline/frontend/yaml/utils"
) )
func (c *Compiler) createProcess(name string, container *yaml_types.Container, section string) *backend_types.Step { func (c *Compiler) createProcess(name string, container *yaml_types.Container, section string) *backend_types.Step {
@ -80,13 +81,13 @@ func (c *Compiler) createProcess(name string, container *yaml_types.Container, s
} }
} }
if matchImage(container.Image, c.escalated...) && container.IsPlugin() { if utils.MatchImage(container.Image, c.escalated...) && container.IsPlugin() {
privileged = true privileged = true
} }
authConfig := backend_types.Auth{} authConfig := backend_types.Auth{}
for _, registry := range c.registries { for _, registry := range c.registries {
if matchHostname(container.Image, registry.Hostname) { if utils.MatchHostname(container.Image, registry.Hostname) {
authConfig.Username = registry.Username authConfig.Username = registry.Username
authConfig.Password = registry.Password authConfig.Password = registry.Password
authConfig.Email = registry.Email authConfig.Email = registry.Email

View file

@ -3,11 +3,11 @@ package types
import ( import (
"fmt" "fmt"
"golang.org/x/exp/slices"
"gopkg.in/yaml.v3" "gopkg.in/yaml.v3"
"github.com/woodpecker-ci/woodpecker/pipeline/frontend/yaml/constraint" "github.com/woodpecker-ci/woodpecker/pipeline/frontend/yaml/constraint"
"github.com/woodpecker-ci/woodpecker/pipeline/frontend/yaml/types/base" "github.com/woodpecker-ci/woodpecker/pipeline/frontend/yaml/types/base"
"github.com/woodpecker-ci/woodpecker/pipeline/frontend/yaml/utils"
"github.com/woodpecker-ci/woodpecker/shared/constant" "github.com/woodpecker-ci/woodpecker/shared/constant"
) )
@ -109,5 +109,5 @@ func (c *Container) IsPlugin() bool {
} }
func (c *Container) IsTrustedCloneImage() bool { func (c *Container) IsTrustedCloneImage() bool {
return c.IsPlugin() && slices.Contains(constant.TrustedCloneImages, c.Image) return c.IsPlugin() && utils.MatchImage(c.Image, constant.TrustedCloneImages...)
} }

View file

@ -1,4 +1,4 @@
package compiler package utils
import "github.com/docker/distribution/reference" import "github.com/docker/distribution/reference"
@ -30,10 +30,10 @@ func expandImage(name string) string {
return named.String() return named.String()
} }
// matchImage returns true if the image name matches // MatchImage returns true if the image name matches
// an image in the list. Note the image tag is not used // an image in the list. Note the image tag is not used
// in the matching logic. // in the matching logic.
func matchImage(from string, to ...string) bool { func MatchImage(from string, to ...string) bool {
from = trimImage(from) from = trimImage(from)
for _, match := range to { for _, match := range to {
if from == trimImage(match) { if from == trimImage(match) {
@ -43,9 +43,9 @@ func matchImage(from string, to ...string) bool {
return false return false
} }
// matchHostname returns true if the image hostname // MatchHostname returns true if the image hostname
// matches the specified hostname. // matches the specified hostname.
func matchHostname(image, hostname string) bool { func MatchHostname(image, hostname string) bool {
ref, err := reference.ParseAnyReference(image) ref, err := reference.ParseAnyReference(image)
if err != nil { if err != nil {
return false return false

View file

@ -1,4 +1,4 @@
package compiler package utils
import ( import (
"testing" "testing"
@ -191,7 +191,7 @@ func Test_matchImage(t *testing.T) {
}, },
} }
for _, test := range testdata { for _, test := range testdata {
got, want := matchImage(test.from, test.to), test.want got, want := MatchImage(test.from, test.to), test.want
if got != want { if got != want {
t.Errorf("Want image %q matching %q is %v", test.from, test.to, want) t.Errorf("Want image %q matching %q is %v", test.from, test.to, want)
} }
@ -250,7 +250,7 @@ func Test_matchHostname(t *testing.T) {
}, },
} }
for _, test := range testdata { for _, test := range testdata {
got, want := matchHostname(test.image, test.hostname), test.want got, want := MatchHostname(test.image, test.hostname), test.want
if got != want { if got != want {
t.Errorf("Want image %q matching hostname %q is %v", test.image, test.hostname, want) t.Errorf("Want image %q matching hostname %q is %v", test.image, test.hostname, want)
} }