1
0
mirror of https://github.com/drone/drone-cli.git synced 2024-12-03 17:18:15 +01:00

Add globals for exec from plaintext secrets YAML

This commit is contained in:
Ben Schumacher 2016-02-17 13:14:05 -07:00
parent ef32fb5721
commit 5cc24b3313
3 changed files with 43 additions and 11 deletions

@ -8,10 +8,14 @@ import (
"io/ioutil"
"os"
"path/filepath"
"strings"
"gopkg.in/yaml.v2"
"github.com/codegangsta/cli"
"github.com/drone/drone-cli/drone/git"
"github.com/drone/drone-exec/docker"
"github.com/drone/drone-exec/yaml/secure"
"github.com/drone/drone-go/drone"
"github.com/drone/drone/yaml/matrix"
"github.com/fatih/color"
@ -54,6 +58,10 @@ var ExecCmd = cli.Command{
Name: "e",
Usage: "secret environment variables",
},
cli.StringFlag{
Name: "E",
Usage: "secrets from plaintext YAML of .drone.sec (use - for stdin)",
},
cli.BoolFlag{
Name: "trusted",
Usage: "enable elevated privilege",
@ -112,6 +120,29 @@ func execCmd(c *cli.Context) error {
return err
}
// initially populate globals from the '-e' slice
globals := c.StringSlice("e")
if c.IsSet("E") {
// read the .drone.sec.yml file (plain text)
plaintext, err := readInput(c.String("E"))
if err != nil {
return err
}
// parse the plaintext secrets file
sec := new(secure.Secure)
err = yaml.Unmarshal(plaintext, sec)
if err != nil {
return err
}
// prepend values into globals (allow '-e' to override the secrets file)
for k, v := range sec.Environment.Map() {
tmp := strings.Join([]string{k, v}, "=")
globals = append([]string{tmp}, globals...)
}
}
axes, err := matrix.Parse(string(yml))
if err != nil {
return err
@ -177,7 +208,7 @@ func execCmd(c *cli.Context) error {
},
System: &drone.System{
Link: c.GlobalString("server"),
Globals: c.StringSlice("e"),
Globals: globals,
Plugins: []string{"plugins/*", "*/*"},
},
}

@ -2,6 +2,7 @@ package main
import (
"fmt"
"io/ioutil"
"os"
"path/filepath"
"regexp"
@ -43,6 +44,16 @@ func resolvePath(dir string) string {
return ""
}
// readInput reads the plaintext secret from a file
// or stdin if inFile is -
func readInput(inFile string) ([]byte, error) {
if inFile == "-" {
return ioutil.ReadAll(os.Stdin)
} else {
return ioutil.ReadFile(inFile)
}
}
var gopathExp = regexp.MustCompile("./src/(github.com/[^/]+/[^/]+|bitbucket.org/[^/]+/[^/]+|code.google.com/[^/]+/[^/]+)")
// // getRepoPath checks the source codes absolute path

@ -149,16 +149,6 @@ func sha256sum(in string) string {
return fmt.Sprintf("%x", h.Sum(nil))
}
// readInput reads the plaintext secret from a file
// or stdin if inFile is -
func readInput(inFile string) ([]byte, error) {
if inFile == "-" {
return ioutil.ReadAll(os.Stdin)
} else {
return ioutil.ReadFile(inFile)
}
}
// writeOutput writes the encrypted secret to a file
// or stdout if outFile is -
func writeOutput(outFile string, ciphertext string) error {