From 5cc24b33135707315a32972c851611ece5e82a78 Mon Sep 17 00:00:00 2001 From: Ben Schumacher Date: Wed, 17 Feb 2016 13:14:05 -0700 Subject: [PATCH] Add globals for exec from plaintext secrets YAML --- drone/exec.go | 33 ++++++++++++++++++++++++++++++++- drone/helper.go | 11 +++++++++++ drone/secure.go | 10 ---------- 3 files changed, 43 insertions(+), 11 deletions(-) diff --git a/drone/exec.go b/drone/exec.go index f82d2f4..ac79243 100644 --- a/drone/exec.go +++ b/drone/exec.go @@ -8,10 +8,14 @@ import ( "io/ioutil" "os" "path/filepath" + "strings" + + "gopkg.in/yaml.v2" "github.com/codegangsta/cli" "github.com/drone/drone-cli/drone/git" "github.com/drone/drone-exec/docker" + "github.com/drone/drone-exec/yaml/secure" "github.com/drone/drone-go/drone" "github.com/drone/drone/yaml/matrix" "github.com/fatih/color" @@ -54,6 +58,10 @@ var ExecCmd = cli.Command{ Name: "e", Usage: "secret environment variables", }, + cli.StringFlag{ + Name: "E", + Usage: "secrets from plaintext YAML of .drone.sec (use - for stdin)", + }, cli.BoolFlag{ Name: "trusted", Usage: "enable elevated privilege", @@ -112,6 +120,29 @@ func execCmd(c *cli.Context) error { return err } + // initially populate globals from the '-e' slice + globals := c.StringSlice("e") + if c.IsSet("E") { + // read the .drone.sec.yml file (plain text) + plaintext, err := readInput(c.String("E")) + if err != nil { + return err + } + + // parse the plaintext secrets file + sec := new(secure.Secure) + err = yaml.Unmarshal(plaintext, sec) + if err != nil { + return err + } + + // prepend values into globals (allow '-e' to override the secrets file) + for k, v := range sec.Environment.Map() { + tmp := strings.Join([]string{k, v}, "=") + globals = append([]string{tmp}, globals...) + } + } + axes, err := matrix.Parse(string(yml)) if err != nil { return err @@ -177,7 +208,7 @@ func execCmd(c *cli.Context) error { }, System: &drone.System{ Link: c.GlobalString("server"), - Globals: c.StringSlice("e"), + Globals: globals, Plugins: []string{"plugins/*", "*/*"}, }, } diff --git a/drone/helper.go b/drone/helper.go index c16bf52..d55f387 100644 --- a/drone/helper.go +++ b/drone/helper.go @@ -2,6 +2,7 @@ package main import ( "fmt" + "io/ioutil" "os" "path/filepath" "regexp" @@ -43,6 +44,16 @@ func resolvePath(dir string) string { return "" } +// readInput reads the plaintext secret from a file +// or stdin if inFile is - +func readInput(inFile string) ([]byte, error) { + if inFile == "-" { + return ioutil.ReadAll(os.Stdin) + } else { + return ioutil.ReadFile(inFile) + } +} + var gopathExp = regexp.MustCompile("./src/(github.com/[^/]+/[^/]+|bitbucket.org/[^/]+/[^/]+|code.google.com/[^/]+/[^/]+)") // // getRepoPath checks the source codes absolute path diff --git a/drone/secure.go b/drone/secure.go index b06aa4c..fd86582 100644 --- a/drone/secure.go +++ b/drone/secure.go @@ -149,16 +149,6 @@ func sha256sum(in string) string { return fmt.Sprintf("%x", h.Sum(nil)) } -// readInput reads the plaintext secret from a file -// or stdin if inFile is - -func readInput(inFile string) ([]byte, error) { - if inFile == "-" { - return ioutil.ReadAll(os.Stdin) - } else { - return ioutil.ReadFile(inFile) - } -} - // writeOutput writes the encrypted secret to a file // or stdout if outFile is - func writeOutput(outFile string, ciphertext string) error {