Add globals for exec from plaintext secrets YAML

2024-09-22 20:01:45 +02:00 · 2016-02-17 13:14:05 -07:00 · 2016-02-17 13:14:05 -07:00 · 5cc24b3313
commit 5cc24b3313
parent ef32fb5721
3 changed files with 43 additions and 11 deletions
--- a/drone/exec.go
+++ b/drone/exec.go
@ -8,10 +8,14 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"strings"
+
+	"gopkg.in/yaml.v2"

 	"github.com/codegangsta/cli"
 	"github.com/drone/drone-cli/drone/git"
 	"github.com/drone/drone-exec/docker"
+	"github.com/drone/drone-exec/yaml/secure"
 	"github.com/drone/drone-go/drone"
 	"github.com/drone/drone/yaml/matrix"
 	"github.com/fatih/color"
@ -54,6 +58,10 @@ var ExecCmd = cli.Command{
 			Name:  "e",
 			Usage: "secret environment variables",
 		},
+		cli.StringFlag{
+			Name:  "E",
+			Usage: "secrets from plaintext YAML of .drone.sec (use - for stdin)",
+		},
 		cli.BoolFlag{
 			Name:  "trusted",
 			Usage: "enable elevated privilege",
@ -112,6 +120,29 @@ func execCmd(c *cli.Context) error {
 		return err
 	}

+	// initially populate globals from the '-e' slice
+	globals := c.StringSlice("e")
+	if c.IsSet("E") {
+		// read the .drone.sec.yml file (plain text)
+		plaintext, err := readInput(c.String("E"))
+		if err != nil {
+			return err
+		}
+
+		// parse the plaintext secrets file
+		sec := new(secure.Secure)
+		err = yaml.Unmarshal(plaintext, sec)
+		if err != nil {
+			return err
+		}
+
+		// prepend values into globals (allow '-e' to override the secrets file)
+		for k, v := range sec.Environment.Map() {
+			tmp := strings.Join([]string{k, v}, "=")
+			globals = append([]string{tmp}, globals...)
+		}
+	}
+
 	axes, err := matrix.Parse(string(yml))
 	if err != nil {
 		return err
@ -177,7 +208,7 @@ func execCmd(c *cli.Context) error {
 			},
 			System: &drone.System{
 				Link:    c.GlobalString("server"),
-				Globals: c.StringSlice("e"),
+				Globals: globals,
 				Plugins: []string{"plugins/*", "*/*"},
 			},
 		}
--- a/drone/helper.go
+++ b/drone/helper.go
@ -2,6 +2,7 @@ package main

 import (
 	"fmt"
+	"io/ioutil"
 	"os"
 	"path/filepath"
 	"regexp"
@ -43,6 +44,16 @@ func resolvePath(dir string) string {
 	return ""
 }

+// readInput reads the plaintext secret from a file
+// or stdin if inFile is -
+func readInput(inFile string) ([]byte, error) {
+	if inFile == "-" {
+		return ioutil.ReadAll(os.Stdin)
+	} else {
+		return ioutil.ReadFile(inFile)
+	}
+}
+
 var gopathExp = regexp.MustCompile("./src/(github.com/[^/]+/[^/]+|bitbucket.org/[^/]+/[^/]+|code.google.com/[^/]+/[^/]+)")

 // // getRepoPath checks the source codes absolute path
--- a/drone/secure.go
+++ b/drone/secure.go
@ -149,16 +149,6 @@ func sha256sum(in string) string {
 	return fmt.Sprintf("%x", h.Sum(nil))
 }

-// readInput reads the plaintext secret from a file
-// or stdin if inFile is -
-func readInput(inFile string) ([]byte, error) {
-	if inFile == "-" {
-		return ioutil.ReadAll(os.Stdin)
-	} else {
-		return ioutil.ReadFile(inFile)
-	}
-}
-
 // writeOutput writes the encrypted secret to a file
 // or stdout if outFile is -
 func writeOutput(outFile string, ciphertext string) error {