fix issue with wrong default .drone.yml file
This commit is contained in:
parent
f7fd7185a3
commit
69a8e404bd
16 changed files with 263 additions and 103 deletions
|
@ -38,8 +38,8 @@ func provideRunner(
|
|||
registry core.RegistryService,
|
||||
config config.Config,
|
||||
) *runner.Runner {
|
||||
// the local runner is only created when the nomad or
|
||||
// kubernetes scheduler are disabled
|
||||
// the local runner is only created when the nomad scheduler,
|
||||
// kubernetes scheduler, and remote agents are disabled
|
||||
if config.Nomad.Enabled || config.Kube.Enabled || config.Agent.Enabled {
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -57,7 +57,7 @@ func provideDockerScheduler(config config.Config) core.Scheduler {
|
|||
// provideKubernetesScheduler is a Wire provider function that
|
||||
// returns a nomad kubernetes from the environment configuration.
|
||||
func provideKubernetesScheduler(config config.Config) core.Scheduler {
|
||||
logrus.Info("main: kubernetes runtime enabled")
|
||||
logrus.Info("main: kubernetes scheduler enabled")
|
||||
sched, err := kube.FromConfig(kube.Config{
|
||||
Namespace: config.Kube.Namespace,
|
||||
ServiceAccount: config.Kube.ServiceAccountName,
|
||||
|
@ -95,7 +95,7 @@ func provideKubernetesScheduler(config config.Config) core.Scheduler {
|
|||
// provideNomadScheduler is a Wire provider function that returns
|
||||
// a nomad scheduler from the environment configuration.
|
||||
func provideNomadScheduler(config config.Config) core.Scheduler {
|
||||
logrus.Info("main: nomad runtime enabled")
|
||||
logrus.Info("main: nomad scheduler enabled")
|
||||
sched, err := nomad.FromConfig(nomad.Config{
|
||||
Datacenter: config.Nomad.Datacenters,
|
||||
Namespace: config.Nomad.Namespace,
|
||||
|
@ -134,6 +134,6 @@ func provideNomadScheduler(config config.Config) core.Scheduler {
|
|||
// returns an in-memory scheduler for use by the built-in
|
||||
// docker runner, and by remote agents.
|
||||
func provideQueueScheduler(store core.StageStore, config config.Config) core.Scheduler {
|
||||
logrus.Info("main: nomad runtime enabled")
|
||||
logrus.Info("main: internal scheduler enabled")
|
||||
return queue.New(store)
|
||||
}
|
||||
|
|
|
@ -45,9 +45,10 @@ type (
|
|||
// RegistryArgs provides arguments for requesting
|
||||
// registry credentials from the remote service.
|
||||
RegistryArgs struct {
|
||||
Repo *Repository `json:"repo,omitempty"`
|
||||
Build *Build `json:"build,omitempty"`
|
||||
Conf *yaml.Manifest `json:"-"`
|
||||
Repo *Repository `json:"repo,omitempty"`
|
||||
Build *Build `json:"build,omitempty"`
|
||||
Conf *yaml.Manifest `json:"-"`
|
||||
Pipeline *yaml.Pipeline `json:"-"`
|
||||
}
|
||||
|
||||
// RegistryService provides registry credentials from an
|
||||
|
|
6
go.mod
6
go.mod
|
@ -12,13 +12,13 @@ require (
|
|||
github.com/davecgh/go-spew v1.1.1
|
||||
github.com/dchest/authcookie v0.0.0-20120917135355-fbdef6e99866
|
||||
github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9
|
||||
github.com/docker/distribution v0.0.0-20170726174610-edc3ab29cdff
|
||||
github.com/docker/distribution v2.7.1+incompatible
|
||||
github.com/docker/go-connections v0.3.0
|
||||
github.com/docker/go-units v0.3.3
|
||||
github.com/drone/drone-go v0.0.0-20190217024616-3e8b71333e59
|
||||
github.com/drone/drone-runtime v0.0.0-20190123233515-16c002539b15
|
||||
github.com/drone/drone-runtime v0.0.0-20190210191445-ad403a0ca24e
|
||||
github.com/drone/drone-ui v0.0.0-20190212070020-c372640c766f
|
||||
github.com/drone/drone-yaml v0.0.0-20190122234417-98eb77b4c58a
|
||||
github.com/drone/drone-yaml v1.0.1-0.20190222030833-0e9ca9cdb963
|
||||
github.com/drone/envsubst v1.0.1
|
||||
github.com/drone/go-license v1.0.2
|
||||
github.com/drone/go-login v1.0.3
|
||||
|
|
17
go.sum
17
go.sum
|
@ -3,6 +3,10 @@ docker.io/go-docker v1.0.0/go.mod h1:7tiAn5a0LFmjbPDbyTPOaTTOuG1ZRNXdPA6RvKY+fpY
|
|||
github.com/99designs/httpsignatures-go v0.0.0-20170731043157-88528bf4ca7e h1:rl2Aq4ZODqTDkeSqQBy+fzpZPamacO1Srp8zq7jf2Sc=
|
||||
github.com/99designs/httpsignatures-go v0.0.0-20170731043157-88528bf4ca7e/go.mod h1:Xa6lInWHNQnuWoF0YPSsx+INFA9qk7/7pTjwb3PInkY=
|
||||
github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
|
||||
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc h1:cAKDfWh5VpdgMhJosfJnn5/FoN2SRZ4p7fJNX58YPaU=
|
||||
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
|
||||
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf h1:qet1QNfXsQxTZqLG4oE62mJzwPIB8+Tee4RNCL9ulrY=
|
||||
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
|
||||
github.com/asaskevich/govalidator v0.0.0-20180315120708-ccb8e960c48f h1:y2hSFdXeA1y5z5f0vfNO0Dg5qVY036qzlz3Pds0B92o=
|
||||
github.com/asaskevich/govalidator v0.0.0-20180315120708-ccb8e960c48f/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
|
||||
github.com/aws/aws-sdk-go v1.15.57 h1:inht07/mRNnvV4uAjjVgTVD7/rF+j0mXllYcNQxDgGA=
|
||||
|
@ -21,6 +25,8 @@ github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9 h1:74lLNRzvsdIlkTgfD
|
|||
github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9/go.mod h1:GgB8SF9nRG+GqaDtLcwJZsQFhcogVCJ79j4EdT0c2V4=
|
||||
github.com/docker/distribution v0.0.0-20170726174610-edc3ab29cdff h1:FKH02LHYqSmeWd3GBh0KIkM8JBpw3RrShgtcWShdWJg=
|
||||
github.com/docker/distribution v0.0.0-20170726174610-edc3ab29cdff/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
|
||||
github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
|
||||
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
|
||||
github.com/docker/go-connections v0.3.0 h1:3lOnM9cSzgGwx8VfK/NGOW5fLQ0GjIlCkaktF+n1M6o=
|
||||
github.com/docker/go-connections v0.3.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
|
||||
github.com/docker/go-units v0.3.3 h1:Xk8S3Xj5sLGlG5g67hJmYMmUgXv5N4PhkjJHHqrwnTk=
|
||||
|
@ -29,10 +35,16 @@ github.com/drone/drone-go v0.0.0-20190217024616-3e8b71333e59 h1:tH7rJBME3tKWunUm
|
|||
github.com/drone/drone-go v0.0.0-20190217024616-3e8b71333e59/go.mod h1:qVb1k1w9X5jgoGyLtbnfWNnd4XZfAwokxBmiutbpGqw=
|
||||
github.com/drone/drone-runtime v0.0.0-20190123233515-16c002539b15 h1:uwgJGp/Rsu1I2UdP+ozDJrW33EbMjfO5ILAd4ePoSAw=
|
||||
github.com/drone/drone-runtime v0.0.0-20190123233515-16c002539b15/go.mod h1:I+wJO4yvngCUAro6wKjkMbuPPDI/jRynqU0LTW+8J44=
|
||||
github.com/drone/drone-runtime v0.0.0-20190210191445-ad403a0ca24e h1:Eq0QI9lKe6T5pziU/Kes1xX6QKAA6ZfnYvaZZeyY5TU=
|
||||
github.com/drone/drone-runtime v0.0.0-20190210191445-ad403a0ca24e/go.mod h1:I+wJO4yvngCUAro6wKjkMbuPPDI/jRynqU0LTW+8J44=
|
||||
github.com/drone/drone-ui v0.0.0-20190212070020-c372640c766f h1:iNutUxLvlEY9rVB+v/KEefXnYGxz70LcN4PFCYig2F0=
|
||||
github.com/drone/drone-ui v0.0.0-20190212070020-c372640c766f/go.mod h1:NBtVWW7NNJpD9+huMD/5TAE1db2nrEh0i35/9Rf1MPI=
|
||||
github.com/drone/drone-yaml v0.0.0-20190122234417-98eb77b4c58a h1:lkYg2gkLiuTtVgIUgBj5EX2EMj6sERIYfyM0RN1YzuY=
|
||||
github.com/drone/drone-yaml v0.0.0-20190122234417-98eb77b4c58a/go.mod h1:JclcdvMwnrxyy25H3YQRxVrsj2u4GdI6L6NgJpEIp00=
|
||||
github.com/drone/drone-yaml v1.0.1-0.20190222011027-9e589be71ad8 h1:Fig8cPBvJu/0jgrnYrG5ciHnlPzAu4Moc+LymIpTa4U=
|
||||
github.com/drone/drone-yaml v1.0.1-0.20190222011027-9e589be71ad8/go.mod h1:eM365p3g9M5sroFBTR/najiGrZnd/GiIpWHC2UW8PoI=
|
||||
github.com/drone/drone-yaml v1.0.1-0.20190222030833-0e9ca9cdb963 h1:c/xcHqxU4sSjehiWoN91nNDN0QmB0UyHOVINvJJ1GUg=
|
||||
github.com/drone/drone-yaml v1.0.1-0.20190222030833-0e9ca9cdb963/go.mod h1:eM365p3g9M5sroFBTR/najiGrZnd/GiIpWHC2UW8PoI=
|
||||
github.com/drone/envsubst v1.0.1 h1:NOOStingM2sbBwsIUeQkKUz8ShwCUzmqMxWrpXItfPE=
|
||||
github.com/drone/envsubst v1.0.1/go.mod h1:bkZbnc/2vh1M12Ecn7EYScpI4YGYU0etwLJICOWi8Z0=
|
||||
github.com/drone/go-license v1.0.2 h1:7OwndfYk+Lp/cGHkxe4HUn/Ysrrw3WYH2pnd99yrkok=
|
||||
|
@ -89,6 +101,8 @@ github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uP
|
|||
github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
|
||||
github.com/hashicorp/go-retryablehttp v0.0.0-20180718195005-e651d75abec6 h1:qCv4319q2q7XKn0MQbi8p37hsJ+9Xo8e6yojA73JVxk=
|
||||
github.com/hashicorp/go-retryablehttp v0.0.0-20180718195005-e651d75abec6/go.mod h1:fXcdFsQoipQa7mwORhKad5jmDCeSy/RCGzWA08PO0lM=
|
||||
github.com/hashicorp/go-rootcerts v1.0.0 h1:ueI78wUjYExhCvMLow4icJnayNNFRgy0d9EGs/a1T44=
|
||||
github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
|
||||
github.com/hashicorp/golang-lru v0.5.0 h1:CL2msUPvZTLb5O648aiLNJw3hnBxN2+1Jq8rCOH9wdo=
|
||||
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
|
||||
github.com/hashicorp/nomad v0.0.0-20190125003214-134391155854 h1:L7WhLZt2ory/kQWxqkMwOiBpIoa4BWoadN7yx8LHEtk=
|
||||
|
@ -146,6 +160,7 @@ github.com/robfig/cron v0.0.0-20180505203441-b41be1df6967 h1:x7xEyJDP7Hv3LVgvWhz
|
|||
github.com/robfig/cron v0.0.0-20180505203441-b41be1df6967/go.mod h1:JGuDeoQd7Z6yL4zQhZ3OPEVHB7fL6Ka6skscFHfmt2k=
|
||||
github.com/segmentio/ksuid v1.0.2 h1:9yBfKyw4ECGTdALaF09Snw3sLJmYIX6AbPJrAy6MrDc=
|
||||
github.com/segmentio/ksuid v1.0.2/go.mod h1:BXuJDr2byAiHuQaQtSKoXh1J0YmUDurywOXgB2w+OSU=
|
||||
github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
|
||||
github.com/sirupsen/logrus v0.0.0-20181103062819-44067abb194b h1:dnSVC38LseSWVhj3WWqD3worKZY+EqoWwi+MMAKgPbs=
|
||||
github.com/sirupsen/logrus v0.0.0-20181103062819-44067abb194b/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
|
||||
github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=
|
||||
|
@ -174,6 +189,8 @@ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c h1:fqgJT0MGcGpPgpWU7VRdRjuA
|
|||
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/tools v0.0.0-20181017214349-06f26fdaaa28/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||
gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
|
||||
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
|
||||
|
|
|
@ -53,7 +53,7 @@ func HandleEnable(
|
|||
repo.UserID = user.ID
|
||||
|
||||
if repo.Config == "" {
|
||||
repo.Config = ".core.yml"
|
||||
repo.Config = ".drone.yml"
|
||||
}
|
||||
if repo.Signer == "" {
|
||||
repo.Signer = uniuri.NewLen(32)
|
||||
|
|
|
@ -261,9 +261,10 @@ func (r *Runner) Run(ctx context.Context, id int64) error {
|
|||
transform.WithAuthsFunc(
|
||||
func() []*engine.DockerAuth {
|
||||
in := &core.RegistryArgs{
|
||||
Build: m.Build,
|
||||
Repo: m.Repo,
|
||||
Conf: manifest,
|
||||
Build: m.Build,
|
||||
Repo: m.Repo,
|
||||
Conf: manifest,
|
||||
Pipeline: pipeline,
|
||||
}
|
||||
out, err := registryService.List(ctx, in)
|
||||
if err != nil {
|
||||
|
|
|
@ -9,6 +9,7 @@ import (
|
|||
|
||||
"github.com/drone/drone-go/plugin/registry"
|
||||
"github.com/drone/drone/core"
|
||||
"github.com/drone/drone/logger"
|
||||
)
|
||||
|
||||
// EndpointSource returns a registry credential provider
|
||||
|
@ -31,6 +32,9 @@ func (c *service) List(ctx context.Context, in *core.RegistryArgs) ([]*core.Regi
|
|||
if c.endpoint == "" {
|
||||
return nil, nil
|
||||
}
|
||||
logger := logger.FromContext(ctx)
|
||||
logger.Trace("registry: plugin: get credentials")
|
||||
|
||||
req := ®istry.Request{
|
||||
Repo: toRepo(in.Repo),
|
||||
Build: toBuild(in.Build),
|
||||
|
@ -38,6 +42,7 @@ func (c *service) List(ctx context.Context, in *core.RegistryArgs) ([]*core.Regi
|
|||
client := registry.Client(c.endpoint, c.secret, c.skipVerify)
|
||||
res, err := client.List(ctx, req)
|
||||
if err != nil {
|
||||
logger.WithError(err).Warn("registry: plugin: cannot get credentials")
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
@ -48,6 +53,8 @@ func (c *service) List(ctx context.Context, in *core.RegistryArgs) ([]*core.Regi
|
|||
Username: registry.Username,
|
||||
Password: registry.Password,
|
||||
})
|
||||
logger.WithField("address", registry.Address).
|
||||
Trace("registry: plugin: found credentials")
|
||||
}
|
||||
return registries, nil
|
||||
}
|
||||
|
|
|
@ -6,7 +6,6 @@ package registry
|
|||
|
||||
import (
|
||||
"context"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/drone/drone-go/plugin/secret"
|
||||
|
@ -29,73 +28,75 @@ type externalController struct {
|
|||
}
|
||||
|
||||
func (c *externalController) List(ctx context.Context, in *core.RegistryArgs) ([]*core.Registry, error) {
|
||||
// lookup the named secret in the manifest. If the
|
||||
// secret does not exist, return a nil variable,
|
||||
// allowing the next secret controller in the chain
|
||||
// to be invoked.
|
||||
path, name, ok := getExternal(in.Conf)
|
||||
if !ok {
|
||||
return nil, nil
|
||||
var results []*core.Registry
|
||||
|
||||
for _, name := range in.Pipeline.PullSecrets {
|
||||
// lookup the named secret in the manifest. If the
|
||||
// secret does not exist, return a nil variable,
|
||||
// allowing the next secret controller in the chain
|
||||
// to be invoked.
|
||||
path, name, ok := getExternal(in.Conf, name)
|
||||
if !ok {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
// include a timeout to prevent an API call from
|
||||
// hanging the build process indefinitely. The
|
||||
// external service must return a request within
|
||||
// one minute.
|
||||
ctx, cancel := context.WithTimeout(ctx, time.Minute)
|
||||
defer cancel()
|
||||
|
||||
req := &secret.Request{
|
||||
Name: name,
|
||||
Path: path,
|
||||
Repo: toRepo(in.Repo),
|
||||
Build: toBuild(in.Build),
|
||||
}
|
||||
client := secret.Client(c.endpoint, c.secret, c.skipVerify)
|
||||
res, err := client.Find(ctx, req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// if no error is returned and the secret is empty,
|
||||
// this indicates the client returned No Content,
|
||||
// and we should exit with no secret, but no error.
|
||||
if res.Data == "" {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
// The secret can be restricted to non-pull request
|
||||
// events. If the secret is restricted, return
|
||||
// empty results.
|
||||
if (res.Pull == false && res.PullRequest == false) &&
|
||||
in.Build.Event == core.EventPullRequest {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
parsed, err := auths.ParseString(res.Data)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
results = append(results, parsed...)
|
||||
}
|
||||
|
||||
// include a timeout to prevent an API call from
|
||||
// hanging the build process indefinitely. The
|
||||
// external service must return a request within
|
||||
// one minute.
|
||||
ctx, cancel := context.WithTimeout(ctx, time.Minute)
|
||||
defer cancel()
|
||||
|
||||
req := &secret.Request{
|
||||
Name: name,
|
||||
Path: path,
|
||||
Repo: toRepo(in.Repo),
|
||||
Build: toBuild(in.Build),
|
||||
}
|
||||
client := secret.Client(c.endpoint, c.secret, c.skipVerify)
|
||||
res, err := client.Find(ctx, req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// if no error is returned and the secret is empty,
|
||||
// this indicates the client returned No Content,
|
||||
// and we should exit with no secret, but no error.
|
||||
if res.Data == "" {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
// The secret can be restricted to non-pull request
|
||||
// events. If the secret is restricted, return
|
||||
// empty results.
|
||||
if (res.Pull == false && res.PullRequest == false) &&
|
||||
in.Build.Event == core.EventPullRequest {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
return auths.ParseString(res.Data)
|
||||
return results, nil
|
||||
}
|
||||
|
||||
func getExternal(manifest *yaml.Manifest) (path, name string, ok bool) {
|
||||
func getExternal(manifest *yaml.Manifest, match string) (path, name string, ok bool) {
|
||||
for _, resource := range manifest.Resources {
|
||||
secret, ok := resource.(*yaml.Secret)
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
if !strings.EqualFold(secret.Type, "docker") {
|
||||
if secret.Name != match {
|
||||
continue
|
||||
}
|
||||
value, ok := secret.External["docker_auth_config"]
|
||||
if ok {
|
||||
return value.Path, value.Name, ok
|
||||
}
|
||||
value, ok = secret.External[".dockerconfig"]
|
||||
if ok {
|
||||
return value.Path, value.Name, ok
|
||||
}
|
||||
value, ok = secret.External[".dockerconfigjson"]
|
||||
if ok {
|
||||
return value.Path, value.Name, ok
|
||||
if secret.Get.Name == "" && secret.Get.Path == "" {
|
||||
continue
|
||||
}
|
||||
return secret.Get.Path, secret.Get.Name, true
|
||||
}
|
||||
return
|
||||
}
|
||||
|
|
|
@ -6,9 +6,9 @@ package registry
|
|||
|
||||
import (
|
||||
"context"
|
||||
"strings"
|
||||
|
||||
"github.com/drone/drone/core"
|
||||
"github.com/drone/drone/logger"
|
||||
"github.com/drone/drone/plugin/registry/auths"
|
||||
)
|
||||
|
||||
|
@ -22,25 +22,39 @@ type staticController struct {
|
|||
}
|
||||
|
||||
func (c *staticController) List(ctx context.Context, in *core.RegistryArgs) ([]*core.Registry, error) {
|
||||
static := map[string]*core.Secret{}
|
||||
for _, secret := range c.secrets {
|
||||
if !isRegistrySecret(secret.Name) {
|
||||
static[secret.Name] = secret
|
||||
}
|
||||
|
||||
var results []*core.Registry
|
||||
for _, name := range in.Pipeline.PullSecrets {
|
||||
logger := logger.FromContext(ctx).WithField("name", name)
|
||||
logger.Trace("registry: image_pull_secret: find secret")
|
||||
|
||||
secret, ok := static[name]
|
||||
if !ok {
|
||||
logger.Warn("registry: image_pull_secret: cannot find secret")
|
||||
continue
|
||||
}
|
||||
|
||||
// The secret can be restricted to non-pull request
|
||||
// events. If the secret is restricted, return
|
||||
// empty results.
|
||||
if secret.PullRequest == false &&
|
||||
in.Build.Event == core.EventPullRequest {
|
||||
logger.Trace("registry: image_pull_secret: pull_request access denied")
|
||||
continue
|
||||
}
|
||||
return auths.ParseString(secret.Data)
|
||||
}
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func isRegistrySecret(name string) bool {
|
||||
return strings.EqualFold(name, "docker_auth_config") ||
|
||||
strings.EqualFold(name, ".dockerconfig") ||
|
||||
strings.EqualFold(name, ".dockerconfigjson") ||
|
||||
strings.EqualFold(name, "_docker")
|
||||
logger.Trace("registry: image_pull_secret: secret found")
|
||||
parsed, err := auths.ParseString(secret.Data)
|
||||
if err != nil {
|
||||
logger.WithError(err).Error("registry: image_pull_secret: parsing error")
|
||||
return nil, err
|
||||
}
|
||||
|
||||
results = append(results, parsed...)
|
||||
}
|
||||
return results, nil
|
||||
}
|
||||
|
|
121
plugin/registry/static_test.go
Normal file
121
plugin/registry/static_test.go
Normal file
|
@ -0,0 +1,121 @@
|
|||
// Copyright 2019 Drone.IO Inc. All rights reserved.
|
||||
// Use of this source code is governed by the Drone Non-Commercial License
|
||||
// that can be found in the LICENSE file.
|
||||
|
||||
package registry
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/drone/drone-yaml/yaml"
|
||||
"github.com/drone/drone/core"
|
||||
"github.com/google/go-cmp/cmp"
|
||||
)
|
||||
|
||||
var mockDockerAuthConfig = `{
|
||||
"auths": {
|
||||
"https://index.docker.io/v1/": {
|
||||
"auth": "b2N0b2NhdDpjb3JyZWN0LWhvcnNlLWJhdHRlcnktc3RhcGxl"
|
||||
}
|
||||
}
|
||||
}`
|
||||
|
||||
func TestStatic(t *testing.T) {
|
||||
secrets := []*core.Secret{
|
||||
{
|
||||
Name: "dockerhub",
|
||||
Data: mockDockerAuthConfig,
|
||||
},
|
||||
}
|
||||
|
||||
manifest, err := yaml.ParseString("kind: pipeline\nimage_pull_secrets: [ dockerhub ]")
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
return
|
||||
}
|
||||
|
||||
args := &core.RegistryArgs{
|
||||
Build: &core.Build{Event: core.EventPush},
|
||||
Conf: manifest,
|
||||
Pipeline: manifest.Resources[0].(*yaml.Pipeline),
|
||||
}
|
||||
service := Static(secrets)
|
||||
got, err := service.List(noContext, args)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
return
|
||||
}
|
||||
|
||||
want := []*core.Registry{
|
||||
{
|
||||
Address: "https://index.docker.io/v1/",
|
||||
Username: "octocat",
|
||||
Password: "correct-horse-battery-staple",
|
||||
},
|
||||
}
|
||||
if diff := cmp.Diff(got, want); diff != "" {
|
||||
t.Errorf(diff)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
func TestStatic_NoMatch(t *testing.T) {
|
||||
secrets := []*core.Secret{
|
||||
{
|
||||
Name: "dockerhub",
|
||||
Data: mockDockerAuthConfig,
|
||||
},
|
||||
}
|
||||
|
||||
manifest, err := yaml.ParseString("kind: pipeline\nimage_pull_secrets: [ unknown ]")
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
return
|
||||
}
|
||||
|
||||
args := &core.RegistryArgs{
|
||||
Build: &core.Build{Event: core.EventPush},
|
||||
Conf: manifest,
|
||||
Pipeline: manifest.Resources[0].(*yaml.Pipeline),
|
||||
}
|
||||
service := Static(secrets)
|
||||
got, err := service.List(noContext, args)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
return
|
||||
}
|
||||
if len(got) != 0 {
|
||||
t.Errorf("Expect no results")
|
||||
}
|
||||
}
|
||||
|
||||
func TestStatic_DisablePullRequest(t *testing.T) {
|
||||
secrets := []*core.Secret{
|
||||
{
|
||||
Name: "dockerhub",
|
||||
Data: mockDockerAuthConfig,
|
||||
PullRequest: false,
|
||||
},
|
||||
}
|
||||
|
||||
manifest, err := yaml.ParseString("kind: pipeline\nimage_pull_secrets: [ dockerhub ]")
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
return
|
||||
}
|
||||
|
||||
args := &core.RegistryArgs{
|
||||
Build: &core.Build{Event: core.EventPullRequest},
|
||||
Conf: manifest,
|
||||
Pipeline: manifest.Resources[0].(*yaml.Pipeline),
|
||||
}
|
||||
service := Static(secrets)
|
||||
got, err := service.List(noContext, args)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
return
|
||||
}
|
||||
if len(got) != 0 {
|
||||
t.Errorf("Expect no results")
|
||||
}
|
||||
}
|
|
@ -6,7 +6,6 @@ package secret
|
|||
|
||||
import (
|
||||
"context"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/drone/drone-yaml/yaml"
|
||||
|
@ -86,20 +85,19 @@ func (c *externalController) Find(ctx context.Context, in *core.SecretArgs) (*co
|
|||
}, nil
|
||||
}
|
||||
|
||||
func getExternal(manifest *yaml.Manifest, named string) (path, name string, ok bool) {
|
||||
func getExternal(manifest *yaml.Manifest, match string) (path, name string, ok bool) {
|
||||
for _, resource := range manifest.Resources {
|
||||
secret, ok := resource.(*yaml.Secret)
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
if secret.Type != "" &&
|
||||
!strings.EqualFold(secret.Type, "general") {
|
||||
if secret.Name != match {
|
||||
continue
|
||||
}
|
||||
value, ok := secret.External[named]
|
||||
if ok {
|
||||
return value.Path, value.Name, ok
|
||||
if secret.Get.Name == "" && secret.Get.Path == "" {
|
||||
continue
|
||||
}
|
||||
return secret.Get.Path, secret.Get.Name, true
|
||||
}
|
||||
return
|
||||
}
|
||||
|
|
12
service/content/cache/contents_test.go
vendored
12
service/content/cache/contents_test.go
vendored
|
@ -30,7 +30,7 @@ func TestFind(t *testing.T) {
|
|||
}
|
||||
|
||||
mockContents := mock.NewMockFileService(controller)
|
||||
mockContents.EXPECT().Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml").Return(mockFile, nil)
|
||||
mockContents.EXPECT().Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml").Return(mockFile, nil)
|
||||
|
||||
service := Contents(mockContents).(*service)
|
||||
|
||||
|
@ -39,7 +39,7 @@ func TestFind(t *testing.T) {
|
|||
Hash: []byte(""),
|
||||
}
|
||||
|
||||
got, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml")
|
||||
got, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml")
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
|
@ -59,11 +59,11 @@ func TestFindError(t *testing.T) {
|
|||
mockUser := &core.User{}
|
||||
|
||||
mockContents := mock.NewMockFileService(controller)
|
||||
mockContents.EXPECT().Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml").Return(nil, scm.ErrNotFound)
|
||||
mockContents.EXPECT().Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml").Return(nil, scm.ErrNotFound)
|
||||
|
||||
service := Contents(mockContents).(*service)
|
||||
|
||||
_, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml")
|
||||
_, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml")
|
||||
if err != scm.ErrNotFound {
|
||||
t.Errorf("Expect not found error")
|
||||
}
|
||||
|
@ -79,7 +79,7 @@ func TestFindCache(t *testing.T) {
|
|||
Hash: []byte(""),
|
||||
}
|
||||
|
||||
key := fmt.Sprintf(contentKey, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", ".core.yml")
|
||||
key := fmt.Sprintf(contentKey, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", ".drone.yml")
|
||||
service := Contents(nil).(*service)
|
||||
service.cache.Add(key, mockFile)
|
||||
|
||||
|
@ -88,7 +88,7 @@ func TestFindCache(t *testing.T) {
|
|||
Hash: []byte(""),
|
||||
}
|
||||
|
||||
got, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml")
|
||||
got, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml")
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
|
|
|
@ -25,12 +25,12 @@ func TestFind(t *testing.T) {
|
|||
|
||||
mockUser := &core.User{}
|
||||
mockFile := &scm.Content{
|
||||
Path: ".core.yml",
|
||||
Path: ".drone.yml",
|
||||
Data: []byte("hello world"),
|
||||
}
|
||||
|
||||
mockContents := mockscm.NewMockContentService(controller)
|
||||
mockContents.EXPECT().Find(gomock.Any(), "octocat/hello-world", ".core.yml", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa").Return(mockFile, nil, nil)
|
||||
mockContents.EXPECT().Find(gomock.Any(), "octocat/hello-world", ".drone.yml", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa").Return(mockFile, nil, nil)
|
||||
|
||||
mockRenewer := mock.NewMockRenewer(controller)
|
||||
mockRenewer.EXPECT().Renew(gomock.Any(), mockUser, false)
|
||||
|
@ -44,7 +44,7 @@ func TestFind(t *testing.T) {
|
|||
}
|
||||
|
||||
service := New(client, mockRenewer)
|
||||
got, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml")
|
||||
got, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml")
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
|
@ -60,7 +60,7 @@ func TestFind_Error(t *testing.T) {
|
|||
mockUser := &core.User{}
|
||||
|
||||
mockContents := mockscm.NewMockContentService(controller)
|
||||
mockContents.EXPECT().Find(gomock.Any(), "octocat/hello-world", ".core.yml", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa").Return(nil, nil, scm.ErrNotFound)
|
||||
mockContents.EXPECT().Find(gomock.Any(), "octocat/hello-world", ".drone.yml", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa").Return(nil, nil, scm.ErrNotFound)
|
||||
|
||||
mockRenewer := mock.NewMockRenewer(controller)
|
||||
mockRenewer.EXPECT().Renew(gomock.Any(), mockUser, false)
|
||||
|
@ -71,7 +71,7 @@ func TestFind_Error(t *testing.T) {
|
|||
s := New(client, mockRenewer)
|
||||
s.(*service).attempts = 1
|
||||
s.(*service).wait = 0
|
||||
_, err := s.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml")
|
||||
_, err := s.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml")
|
||||
if err != scm.ErrNotFound {
|
||||
t.Errorf("Expect not found error, got %s", err)
|
||||
}
|
||||
|
@ -89,7 +89,7 @@ func TestFind_RenewalError(t *testing.T) {
|
|||
client := new(scm.Client)
|
||||
|
||||
service := New(client, mockRenewer)
|
||||
_, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml")
|
||||
_, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml")
|
||||
if err == nil {
|
||||
t.Errorf("Expect error refreshing token")
|
||||
}
|
||||
|
|
|
@ -121,7 +121,7 @@ func (t *triggerer) Trigger(ctx context.Context, repo *core.Repository, base *co
|
|||
}
|
||||
|
||||
// // some tag hooks provide the tag but do not provide the sha.
|
||||
// // this may be important if we want to fetch the .core.yml
|
||||
// // this may be important if we want to fetch the .drone.yml
|
||||
// if base.After == "" && base.Event == core.EventTag {
|
||||
// tag, _, err := t.client.Git.FindTag(ctx, repo.Slug, base.Ref)
|
||||
// if err != nil {
|
||||
|
|
|
@ -445,7 +445,7 @@ var (
|
|||
Counter: 42,
|
||||
Secret: "g9dMChy22QutQM5lrpbe0yCR3f15t1gv",
|
||||
Signer: "g9dMChy22QutQM5lrpbe0yCR3f15t1gv",
|
||||
Config: ".core.yml",
|
||||
Config: ".drone.yml",
|
||||
}
|
||||
|
||||
dummyStage = &core.Stage{
|
||||
|
|
Loading…
Reference in a new issue