mirror of
https://github.com/drone/drone-cli.git
synced 2024-12-03 17:18:15 +01:00
Add globals for exec from plaintext secrets YAML
This commit is contained in:
parent
ef32fb5721
commit
5cc24b3313
@ -8,10 +8,14 @@ import (
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"gopkg.in/yaml.v2"
|
||||
|
||||
"github.com/codegangsta/cli"
|
||||
"github.com/drone/drone-cli/drone/git"
|
||||
"github.com/drone/drone-exec/docker"
|
||||
"github.com/drone/drone-exec/yaml/secure"
|
||||
"github.com/drone/drone-go/drone"
|
||||
"github.com/drone/drone/yaml/matrix"
|
||||
"github.com/fatih/color"
|
||||
@ -54,6 +58,10 @@ var ExecCmd = cli.Command{
|
||||
Name: "e",
|
||||
Usage: "secret environment variables",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "E",
|
||||
Usage: "secrets from plaintext YAML of .drone.sec (use - for stdin)",
|
||||
},
|
||||
cli.BoolFlag{
|
||||
Name: "trusted",
|
||||
Usage: "enable elevated privilege",
|
||||
@ -112,6 +120,29 @@ func execCmd(c *cli.Context) error {
|
||||
return err
|
||||
}
|
||||
|
||||
// initially populate globals from the '-e' slice
|
||||
globals := c.StringSlice("e")
|
||||
if c.IsSet("E") {
|
||||
// read the .drone.sec.yml file (plain text)
|
||||
plaintext, err := readInput(c.String("E"))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// parse the plaintext secrets file
|
||||
sec := new(secure.Secure)
|
||||
err = yaml.Unmarshal(plaintext, sec)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// prepend values into globals (allow '-e' to override the secrets file)
|
||||
for k, v := range sec.Environment.Map() {
|
||||
tmp := strings.Join([]string{k, v}, "=")
|
||||
globals = append([]string{tmp}, globals...)
|
||||
}
|
||||
}
|
||||
|
||||
axes, err := matrix.Parse(string(yml))
|
||||
if err != nil {
|
||||
return err
|
||||
@ -177,7 +208,7 @@ func execCmd(c *cli.Context) error {
|
||||
},
|
||||
System: &drone.System{
|
||||
Link: c.GlobalString("server"),
|
||||
Globals: c.StringSlice("e"),
|
||||
Globals: globals,
|
||||
Plugins: []string{"plugins/*", "*/*"},
|
||||
},
|
||||
}
|
||||
|
@ -2,6 +2,7 @@ package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
@ -43,6 +44,16 @@ func resolvePath(dir string) string {
|
||||
return ""
|
||||
}
|
||||
|
||||
// readInput reads the plaintext secret from a file
|
||||
// or stdin if inFile is -
|
||||
func readInput(inFile string) ([]byte, error) {
|
||||
if inFile == "-" {
|
||||
return ioutil.ReadAll(os.Stdin)
|
||||
} else {
|
||||
return ioutil.ReadFile(inFile)
|
||||
}
|
||||
}
|
||||
|
||||
var gopathExp = regexp.MustCompile("./src/(github.com/[^/]+/[^/]+|bitbucket.org/[^/]+/[^/]+|code.google.com/[^/]+/[^/]+)")
|
||||
|
||||
// // getRepoPath checks the source codes absolute path
|
||||
|
@ -149,16 +149,6 @@ func sha256sum(in string) string {
|
||||
return fmt.Sprintf("%x", h.Sum(nil))
|
||||
}
|
||||
|
||||
// readInput reads the plaintext secret from a file
|
||||
// or stdin if inFile is -
|
||||
func readInput(inFile string) ([]byte, error) {
|
||||
if inFile == "-" {
|
||||
return ioutil.ReadAll(os.Stdin)
|
||||
} else {
|
||||
return ioutil.ReadFile(inFile)
|
||||
}
|
||||
}
|
||||
|
||||
// writeOutput writes the encrypted secret to a file
|
||||
// or stdout if outFile is -
|
||||
func writeOutput(outFile string, ciphertext string) error {
|
||||
|
Loading…
Reference in New Issue
Block a user