enables cloning private repos

This commit is contained in:
Brad Rydzewski 2016-04-21 01:18:20 -07:00
parent bcc768b157
commit 6529e095a8
6 changed files with 77 additions and 22 deletions

View file

@ -52,21 +52,33 @@ var AgentCmd = cli.Command{
Usage: "drone authorization token",
},
cli.DurationFlag{
EnvVar: "BACKOFF",
Name: "drone-backoff",
EnvVar: "DRONE_BACKOFF",
Name: "backoff",
Usage: "drone server backoff interval",
Value: time.Second * 15,
},
cli.BoolFlag{
EnvVar: "DEBUG",
EnvVar: "DRONE_DEBUG",
Name: "debug",
Usage: "start the agent in debug mode",
},
cli.BoolFlag{
EnvVar: "EXPERIMENTAL",
EnvVar: "DRONE_EXPERIMENTAL",
Name: "experimental",
Usage: "start the agent with experimental features",
},
cli.StringSliceFlag{
EnvVar: "DRONE_NETRC_PLUGIN",
Name: "netrc-plugin",
Usage: "plugins that receive the netrc file",
Value: &cli.StringSlice{"git", "hg"},
},
cli.StringSliceFlag{
EnvVar: "DRONE_PRIVILEGED_PLUGIN",
Name: "privileged-plugin",
Usage: "plugins that require privileged mode",
Value: &cli.StringSlice{"docker", "gcr", "ecr"},
},
},
}
@ -99,7 +111,7 @@ func start(c *cli.Context) {
go func() {
for {
if err := recoverExec(client, docker); err != nil {
dur := c.Duration("drone-backoff")
dur := c.Duration("backoff")
logrus.Debugf("Attempting to reconnect in %v", dur)
time.Sleep(dur)
}

View file

@ -47,7 +47,28 @@ func exec(client client.Client, docker dockerclient.Client) error {
envs := toEnv(w)
w.Yaml = expander.ExpandString(w.Yaml, envs)
w.Secrets = append(w.Secrets, &model.Secret{Name: "HEROKU_TOKEN", Value: "GODZILLA", Images: []string{"golang:1.4.2"}, Events: []string{w.Build.Event}})
// inject the netrc file into the clone plugin if the repositroy is
// private and requires authentication.
if w.Repo.IsPrivate {
w.Secrets = append(w.Secrets, &model.Secret{
Name: "DRONE_NETRC_USERNAME",
Value: w.Netrc.Login,
Images: []string{"git", "hg"}, // TODO(bradrydzewski) use the command line parameters here
Events: []string{model.EventDeploy, model.EventPull, model.EventPush, model.EventTag},
})
w.Secrets = append(w.Secrets, &model.Secret{
Name: "DRONE_NETRC_PASSWORD",
Value: w.Netrc.Password,
Images: []string{w.Repo.Kind},
Events: []string{model.EventDeploy, model.EventPull, model.EventPush, model.EventTag},
})
w.Secrets = append(w.Secrets, &model.Secret{
Name: "DRONE_NETRC_MACHINE",
Value: w.Netrc.Machine,
Images: []string{"git", "hg"},
Events: []string{model.EventDeploy, model.EventPull, model.EventPush, model.EventTag},
})
}
trans := []compiler.Transform{
builtin.NewCloneOp("plugins/"+w.Repo.Kind+":latest", true),

View file

@ -1,5 +1,7 @@
package model
import "path/filepath"
type Secret struct {
// the id for this secret.
ID int64 `json:"id" meddler:"secret_id,pk"`
@ -7,12 +9,12 @@ type Secret struct {
// the foreign key for this secret.
RepoID int64 `json:"-" meddler:"secret_repo_id"`
// the name of the secret which will be used as the
// environment variable name at runtime.
// the name of the secret which will be used as the environment variable
// name at runtime.
Name string `json:"name" meddler:"secret_name"`
// the value of the secret which will be provided to
// the runtime environment as a named environment variable.
// the value of the secret which will be provided to the runtime environment
// as a named environment variable.
Value string `json:"value" meddler:"secret_value"`
// the secret is restricted to this list of images.
@ -28,9 +30,9 @@ func (s *Secret) Match(image, event string) bool {
}
// MatchImage returns true if an image matches the restricted list.
func (s *Secret) MatchImage(want string) bool {
for _, got := range s.Images {
if want == got {
func (s *Secret) MatchImage(image string) bool {
for _, pattern := range s.Images {
if match, _ := filepath.Match(pattern, image); match {
return true
}
}
@ -38,9 +40,9 @@ func (s *Secret) MatchImage(want string) bool {
}
// MatchEvent returns true if an event matches the restricted list.
func (s *Secret) MatchEvent(want string) bool {
for _, got := range s.Events {
if want == got {
func (s *Secret) MatchEvent(event string) bool {
for _, pattern := range s.Events {
if match, _ := filepath.Match(pattern, event); match {
return true
}
}

View file

@ -21,11 +21,33 @@ func TestSecret(t *testing.T) {
secret.Events = []string{"pull_request"}
g.Assert(secret.MatchEvent("pull_request")).IsTrue()
})
g.It("should match image patterns", func() {
secret := Secret{}
secret.Images = []string{"golang:*"}
g.Assert(secret.MatchImage("golang:1.4.2")).IsTrue()
})
g.It("should match any image", func() {
secret := Secret{}
secret.Images = []string{"*"}
g.Assert(secret.MatchImage("golang")).IsTrue()
})
g.It("should match any event", func() {
secret := Secret{}
secret.Events = []string{"*"}
g.Assert(secret.MatchEvent("pull_request")).IsTrue()
})
g.It("should not match image", func() {
secret := Secret{}
secret.Images = []string{"golang"}
g.Assert(secret.MatchImage("node")).IsFalse()
})
g.It("should not match image substring", func() {
secret := Secret{}
secret.Images = []string{"golang"}
// image is only authorized for golang, not golang:1.4.2
g.Assert(secret.MatchImage("golang:1.4.2")).IsFalse()
})
g.It("should not match event", func() {
secret := Secret{}
secret.Events = []string{"pull_request"}

View file

@ -9,8 +9,8 @@ import (
"strings"
)
// Check is a calculates and verifies a file checksum.
// This supports the sha1, sha256 and sha512 values.
// Check is a calculates and verifies a file checksum. This supports the sha1,
// sha256 and sha512 values.
func Check(in, checksum string) bool {
hash, size, _ := split(checksum)
@ -27,8 +27,6 @@ func Check(in, checksum string) bool {
return sha512sum(in) == hash
case 40:
return sha1sum(in) == hash
case 0:
return true // if no checksum assume valid
}
return false

View file

@ -89,9 +89,9 @@ func TestParse(t *testing.T) {
g.Assert(ok).IsFalse()
})
g.It("Should return true if empty checksum", func() {
g.It("Should return false if empty checksum", func() {
ok := Check("foo\n", "")
g.Assert(ok).IsTrue()
g.Assert(ok).IsFalse()
})
})
}