From 1f0261a72a6c73428918f76f35d2e4f3bfaf057b Mon Sep 17 00:00:00 2001
From: Brad Rydzewski <brad.rydzewski@gmail.com>
Date: Fri, 20 Jan 2017 11:12:30 +0700
Subject: [PATCH] promote secret interpolation

---
 agent/agent.go       | 13 ++++++-------
 drone/secret.go      |  6 ------
 model/secret_test.go |  5 +++++
 3 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/agent/agent.go b/agent/agent.go
index d743a5a4..d911c565 100644
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"net"
 	"net/url"
-	"os"
 	"path/filepath"
 	"regexp"
 	"strings"
@@ -95,11 +94,11 @@ func (a *Agent) prep(w *model.Work) (*yaml.Config, error) {
 
 	envs := toEnv(w)
 	envSecrets := map[string]string{}
-	if os.Getenv("DRONE_INTERPOLATE_SECRETS") != "" {
-		for _, secret := range w.Secrets {
-			if (w.Verified || secret.SkipVerify) && secret.MatchEvent(w.Build.Event) {
-				envSecrets[secret.Name] = secret.Value
-			}
+
+	// list of secrets to interpolate in the yaml
+	for _, secret := range w.Secrets {
+		if (w.Verified || secret.SkipVerify) && secret.MatchEvent(w.Build.Event) {
+			envSecrets[secret.Name] = secret.Value
 		}
 	}
 
@@ -107,7 +106,7 @@ func (a *Agent) prep(w *model.Work) (*yaml.Config, error) {
 	w.Yaml, err = envsubst.Eval(w.Yaml, func(s string) string {
 		env, ok := envSecrets[s]
 		if !ok {
-			env, ok = envs[s]
+			env, _ = envs[s]
 		}
 		if strings.Contains(env, "\n") {
 			env = fmt.Sprintf("%q", env)
diff --git a/drone/secret.go b/drone/secret.go
index f6690059..9639665b 100644
--- a/drone/secret.go
+++ b/drone/secret.go
@@ -1,7 +1,6 @@
 package main
 
 import (
-	"fmt"
 	"io/ioutil"
 	"os"
 	"strings"
@@ -79,10 +78,6 @@ func secretParseCmd(name string, value string, c *cli.Context) (*model.Secret, e
 	secret.SkipVerify = c.Bool("skip-verify")
 	secret.Conceal = c.Bool("conceal")
 
-	if len(secret.Images) == 0 {
-		return nil, fmt.Errorf("Please specify the --image parameter")
-	}
-
 	// TODO(bradrydzewski) below we use an @ sybmol to denote that the secret
 	// value should be loaded from a file (inspired by curl). I'd prefer to use
 	// a --input flag to explicitly specify a filepath instead.
@@ -124,7 +119,6 @@ func secretDisplayList(secrets []*model.Secret, c *cli.Context) error {
 
 // template for secret list items
 var tmplSecretList = "\x1b[33m{{ .Name }} \x1b[0m" + `
-Images: {{ list .Images }}
 Events: {{ list .Events }}
 SkipVerify: {{ .SkipVerify }}
 Conceal: {{ .Conceal }}
diff --git a/model/secret_test.go b/model/secret_test.go
index 1a31a2bd..30d63434 100644
--- a/model/secret_test.go
+++ b/model/secret_test.go
@@ -48,6 +48,11 @@ func TestSecret(t *testing.T) {
 			// image is only authorized for golang, not golang:1.4.2
 			g.Assert(secret.MatchImage("golang:1.4.2")).IsFalse()
 		})
+		g.It("should not match empty image", func() {
+			secret := Secret{}
+			secret.Images = []string{}
+			g.Assert(secret.MatchImage("node")).IsFalse()
+		})
 		g.It("should not match event", func() {
 			secret := Secret{}
 			secret.Events = []string{"pull_request"}