fix issue with wrong default .drone.yml file

cmd/drone-server/inject_runner.go

@@ -38,8 +38,8 @@ func provideRunner(
 	registry core.RegistryService,
 	config config.Config,
 ) *runner.Runner {
-	// the local runner is only created when the nomad or
-	// kubernetes scheduler are disabled
+	// the local runner is only created when the nomad scheduler,
+	// kubernetes scheduler, and remote agents are disabled
 	if config.Nomad.Enabled || config.Kube.Enabled || config.Agent.Enabled {
 		return nil
 	}

cmd/drone-server/inject_scheduler.go

@@ -57,7 +57,7 @@ func provideDockerScheduler(config config.Config) core.Scheduler {
 // provideKubernetesScheduler is a Wire provider function that
 // returns a nomad kubernetes from the environment configuration.
 func provideKubernetesScheduler(config config.Config) core.Scheduler {
-	logrus.Info("main: kubernetes runtime enabled")
+	logrus.Info("main: kubernetes scheduler enabled")
 	sched, err := kube.FromConfig(kube.Config{
 		Namespace:       config.Kube.Namespace,
 		ServiceAccount:  config.Kube.ServiceAccountName,
@@ -95,7 +95,7 @@ func provideKubernetesScheduler(config config.Config) core.Scheduler {
 // provideNomadScheduler is a Wire provider function that returns
 // a nomad scheduler from the environment configuration.
 func provideNomadScheduler(config config.Config) core.Scheduler {
-	logrus.Info("main: nomad runtime enabled")
+	logrus.Info("main: nomad scheduler enabled")
 	sched, err := nomad.FromConfig(nomad.Config{
 		Datacenter:      config.Nomad.Datacenters,
 		Namespace:       config.Nomad.Namespace,
@@ -134,6 +134,6 @@ func provideNomadScheduler(config config.Config) core.Scheduler {
 // returns an in-memory scheduler for use by the built-in
 // docker runner, and by remote agents.
 func provideQueueScheduler(store core.StageStore, config config.Config) core.Scheduler {
-	logrus.Info("main: nomad runtime enabled")
+	logrus.Info("main: internal scheduler enabled")
 	return queue.New(store)
 }

core/registry.go

@@ -45,9 +45,10 @@ type (
 	// RegistryArgs provides arguments for requesting
 	// registry credentials from the remote service.
 	RegistryArgs struct {
-		Repo  *Repository    `json:"repo,omitempty"`
-		Build *Build         `json:"build,omitempty"`
-		Conf  *yaml.Manifest `json:"-"`
+		Repo     *Repository    `json:"repo,omitempty"`
+		Build    *Build         `json:"build,omitempty"`
+		Conf     *yaml.Manifest `json:"-"`
+		Pipeline *yaml.Pipeline `json:"-"`
 	}
 
 	// RegistryService provides registry credentials from an

go.mod

@@ -12,13 +12,13 @@ require (
 	github.com/davecgh/go-spew v1.1.1
 	github.com/dchest/authcookie v0.0.0-20120917135355-fbdef6e99866
 	github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9
-	github.com/docker/distribution v0.0.0-20170726174610-edc3ab29cdff
+	github.com/docker/distribution v2.7.1+incompatible
 	github.com/docker/go-connections v0.3.0
 	github.com/docker/go-units v0.3.3
 	github.com/drone/drone-go v0.0.0-20190217024616-3e8b71333e59
-	github.com/drone/drone-runtime v0.0.0-20190123233515-16c002539b15
+	github.com/drone/drone-runtime v0.0.0-20190210191445-ad403a0ca24e
 	github.com/drone/drone-ui v0.0.0-20190212070020-c372640c766f
-	github.com/drone/drone-yaml v0.0.0-20190122234417-98eb77b4c58a
+	github.com/drone/drone-yaml v1.0.1-0.20190222030833-0e9ca9cdb963
 	github.com/drone/envsubst v1.0.1
 	github.com/drone/go-license v1.0.2
 	github.com/drone/go-login v1.0.3

go.sum

@@ -3,6 +3,10 @@ docker.io/go-docker v1.0.0/go.mod h1:7tiAn5a0LFmjbPDbyTPOaTTOuG1ZRNXdPA6RvKY+fpY
 github.com/99designs/httpsignatures-go v0.0.0-20170731043157-88528bf4ca7e h1:rl2Aq4ZODqTDkeSqQBy+fzpZPamacO1Srp8zq7jf2Sc=
 github.com/99designs/httpsignatures-go v0.0.0-20170731043157-88528bf4ca7e/go.mod h1:Xa6lInWHNQnuWoF0YPSsx+INFA9qk7/7pTjwb3PInkY=
 github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc h1:cAKDfWh5VpdgMhJosfJnn5/FoN2SRZ4p7fJNX58YPaU=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf h1:qet1QNfXsQxTZqLG4oE62mJzwPIB8+Tee4RNCL9ulrY=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/asaskevich/govalidator v0.0.0-20180315120708-ccb8e960c48f h1:y2hSFdXeA1y5z5f0vfNO0Dg5qVY036qzlz3Pds0B92o=
 github.com/asaskevich/govalidator v0.0.0-20180315120708-ccb8e960c48f/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/aws/aws-sdk-go v1.15.57 h1:inht07/mRNnvV4uAjjVgTVD7/rF+j0mXllYcNQxDgGA=
@@ -21,6 +25,8 @@ github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9 h1:74lLNRzvsdIlkTgfD
 github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9/go.mod h1:GgB8SF9nRG+GqaDtLcwJZsQFhcogVCJ79j4EdT0c2V4=
 github.com/docker/distribution v0.0.0-20170726174610-edc3ab29cdff h1:FKH02LHYqSmeWd3GBh0KIkM8JBpw3RrShgtcWShdWJg=
 github.com/docker/distribution v0.0.0-20170726174610-edc3ab29cdff/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
+github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/go-connections v0.3.0 h1:3lOnM9cSzgGwx8VfK/NGOW5fLQ0GjIlCkaktF+n1M6o=
 github.com/docker/go-connections v0.3.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-units v0.3.3 h1:Xk8S3Xj5sLGlG5g67hJmYMmUgXv5N4PhkjJHHqrwnTk=
@@ -29,10 +35,16 @@ github.com/drone/drone-go v0.0.0-20190217024616-3e8b71333e59 h1:tH7rJBME3tKWunUm
 github.com/drone/drone-go v0.0.0-20190217024616-3e8b71333e59/go.mod h1:qVb1k1w9X5jgoGyLtbnfWNnd4XZfAwokxBmiutbpGqw=
 github.com/drone/drone-runtime v0.0.0-20190123233515-16c002539b15 h1:uwgJGp/Rsu1I2UdP+ozDJrW33EbMjfO5ILAd4ePoSAw=
 github.com/drone/drone-runtime v0.0.0-20190123233515-16c002539b15/go.mod h1:I+wJO4yvngCUAro6wKjkMbuPPDI/jRynqU0LTW+8J44=
+github.com/drone/drone-runtime v0.0.0-20190210191445-ad403a0ca24e h1:Eq0QI9lKe6T5pziU/Kes1xX6QKAA6ZfnYvaZZeyY5TU=
+github.com/drone/drone-runtime v0.0.0-20190210191445-ad403a0ca24e/go.mod h1:I+wJO4yvngCUAro6wKjkMbuPPDI/jRynqU0LTW+8J44=
 github.com/drone/drone-ui v0.0.0-20190212070020-c372640c766f h1:iNutUxLvlEY9rVB+v/KEefXnYGxz70LcN4PFCYig2F0=
 github.com/drone/drone-ui v0.0.0-20190212070020-c372640c766f/go.mod h1:NBtVWW7NNJpD9+huMD/5TAE1db2nrEh0i35/9Rf1MPI=
 github.com/drone/drone-yaml v0.0.0-20190122234417-98eb77b4c58a h1:lkYg2gkLiuTtVgIUgBj5EX2EMj6sERIYfyM0RN1YzuY=
 github.com/drone/drone-yaml v0.0.0-20190122234417-98eb77b4c58a/go.mod h1:JclcdvMwnrxyy25H3YQRxVrsj2u4GdI6L6NgJpEIp00=
+github.com/drone/drone-yaml v1.0.1-0.20190222011027-9e589be71ad8 h1:Fig8cPBvJu/0jgrnYrG5ciHnlPzAu4Moc+LymIpTa4U=
+github.com/drone/drone-yaml v1.0.1-0.20190222011027-9e589be71ad8/go.mod h1:eM365p3g9M5sroFBTR/najiGrZnd/GiIpWHC2UW8PoI=
+github.com/drone/drone-yaml v1.0.1-0.20190222030833-0e9ca9cdb963 h1:c/xcHqxU4sSjehiWoN91nNDN0QmB0UyHOVINvJJ1GUg=
+github.com/drone/drone-yaml v1.0.1-0.20190222030833-0e9ca9cdb963/go.mod h1:eM365p3g9M5sroFBTR/najiGrZnd/GiIpWHC2UW8PoI=
 github.com/drone/envsubst v1.0.1 h1:NOOStingM2sbBwsIUeQkKUz8ShwCUzmqMxWrpXItfPE=
 github.com/drone/envsubst v1.0.1/go.mod h1:bkZbnc/2vh1M12Ecn7EYScpI4YGYU0etwLJICOWi8Z0=
 github.com/drone/go-license v1.0.2 h1:7OwndfYk+Lp/cGHkxe4HUn/Ysrrw3WYH2pnd99yrkok=
@@ -89,6 +101,8 @@ github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uP
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-retryablehttp v0.0.0-20180718195005-e651d75abec6 h1:qCv4319q2q7XKn0MQbi8p37hsJ+9Xo8e6yojA73JVxk=
 github.com/hashicorp/go-retryablehttp v0.0.0-20180718195005-e651d75abec6/go.mod h1:fXcdFsQoipQa7mwORhKad5jmDCeSy/RCGzWA08PO0lM=
+github.com/hashicorp/go-rootcerts v1.0.0 h1:ueI78wUjYExhCvMLow4icJnayNNFRgy0d9EGs/a1T44=
+github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
 github.com/hashicorp/golang-lru v0.5.0 h1:CL2msUPvZTLb5O648aiLNJw3hnBxN2+1Jq8rCOH9wdo=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/nomad v0.0.0-20190125003214-134391155854 h1:L7WhLZt2ory/kQWxqkMwOiBpIoa4BWoadN7yx8LHEtk=
@@ -146,6 +160,7 @@ github.com/robfig/cron v0.0.0-20180505203441-b41be1df6967 h1:x7xEyJDP7Hv3LVgvWhz
 github.com/robfig/cron v0.0.0-20180505203441-b41be1df6967/go.mod h1:JGuDeoQd7Z6yL4zQhZ3OPEVHB7fL6Ka6skscFHfmt2k=
 github.com/segmentio/ksuid v1.0.2 h1:9yBfKyw4ECGTdALaF09Snw3sLJmYIX6AbPJrAy6MrDc=
 github.com/segmentio/ksuid v1.0.2/go.mod h1:BXuJDr2byAiHuQaQtSKoXh1J0YmUDurywOXgB2w+OSU=
+github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/sirupsen/logrus v0.0.0-20181103062819-44067abb194b h1:dnSVC38LseSWVhj3WWqD3worKZY+EqoWwi+MMAKgPbs=
 github.com/sirupsen/logrus v0.0.0-20181103062819-44067abb194b/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=
@@ -174,6 +189,8 @@ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c h1:fqgJT0MGcGpPgpWU7VRdRjuA
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20181017214349-06f26fdaaa28/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=

handler/api/repos/enable.go

@@ -53,7 +53,7 @@ func HandleEnable(
 		repo.UserID = user.ID
 
 		if repo.Config == "" {
-			repo.Config = ".core.yml"
+			repo.Config = ".drone.yml"
 		}
 		if repo.Signer == "" {
 			repo.Signer = uniuri.NewLen(32)

operator/runner/runner.go

@@ -261,9 +261,10 @@ func (r *Runner) Run(ctx context.Context, id int64) error {
 		transform.WithAuthsFunc(
 			func() []*engine.DockerAuth {
 				in := &core.RegistryArgs{
-					Build: m.Build,
-					Repo:  m.Repo,
-					Conf:  manifest,
+					Build:    m.Build,
+					Repo:     m.Repo,
+					Conf:     manifest,
+					Pipeline: pipeline,
 				}
 				out, err := registryService.List(ctx, in)
 				if err != nil {

plugin/registry/endpoint.go

@@ -9,6 +9,7 @@ import (
 
 	"github.com/drone/drone-go/plugin/registry"
 	"github.com/drone/drone/core"
+	"github.com/drone/drone/logger"
 )
 
 // EndpointSource returns a registry credential provider
@@ -31,6 +32,9 @@ func (c *service) List(ctx context.Context, in *core.RegistryArgs) ([]*core.Regi
 	if c.endpoint == "" {
 		return nil, nil
 	}
+	logger := logger.FromContext(ctx)
+	logger.Trace("registry: plugin: get credentials")
+
 	req := &registry.Request{
 		Repo:  toRepo(in.Repo),
 		Build: toBuild(in.Build),
@@ -38,6 +42,7 @@ func (c *service) List(ctx context.Context, in *core.RegistryArgs) ([]*core.Regi
 	client := registry.Client(c.endpoint, c.secret, c.skipVerify)
 	res, err := client.List(ctx, req)
 	if err != nil {
+		logger.WithError(err).Warn("registry: plugin: cannot get credentials")
 		return nil, err
 	}
 
@@ -48,6 +53,8 @@ func (c *service) List(ctx context.Context, in *core.RegistryArgs) ([]*core.Regi
 			Username: registry.Username,
 			Password: registry.Password,
 		})
+		logger.WithField("address", registry.Address).
+			Trace("registry: plugin: found credentials")
 	}
 	return registries, nil
 }

plugin/registry/external.go

@@ -6,7 +6,6 @@ package registry
 
 import (
 	"context"
-	"strings"
 	"time"
 
 	"github.com/drone/drone-go/plugin/secret"
@@ -29,73 +28,75 @@ type externalController struct {
 }
 
 func (c *externalController) List(ctx context.Context, in *core.RegistryArgs) ([]*core.Registry, error) {
-	// lookup the named secret in the manifest. If the
-	// secret does not exist, return a nil variable,
-	// allowing the next secret controller in the chain
-	// to be invoked.
-	path, name, ok := getExternal(in.Conf)
-	if !ok {
-		return nil, nil
+	var results []*core.Registry
+
+	for _, name := range in.Pipeline.PullSecrets {
+		// lookup the named secret in the manifest. If the
+		// secret does not exist, return a nil variable,
+		// allowing the next secret controller in the chain
+		// to be invoked.
+		path, name, ok := getExternal(in.Conf, name)
+		if !ok {
+			return nil, nil
+		}
+
+		// include a timeout to prevent an API call from
+		// hanging the build process indefinitely. The
+		// external service must return a request within
+		// one minute.
+		ctx, cancel := context.WithTimeout(ctx, time.Minute)
+		defer cancel()
+
+		req := &secret.Request{
+			Name:  name,
+			Path:  path,
+			Repo:  toRepo(in.Repo),
+			Build: toBuild(in.Build),
+		}
+		client := secret.Client(c.endpoint, c.secret, c.skipVerify)
+		res, err := client.Find(ctx, req)
+		if err != nil {
+			return nil, err
+		}
+
+		// if no error is returned and the secret is empty,
+		// this indicates the client returned No Content,
+		// and we should exit with no secret, but no error.
+		if res.Data == "" {
+			return nil, nil
+		}
+
+		// The secret can be restricted to non-pull request
+		// events. If the secret is restricted, return
+		// empty results.
+		if (res.Pull == false && res.PullRequest == false) &&
+			in.Build.Event == core.EventPullRequest {
+			return nil, nil
+		}
+
+		parsed, err := auths.ParseString(res.Data)
+		if err != nil {
+			return nil, err
+		}
+		results = append(results, parsed...)
 	}
 
-	// include a timeout to prevent an API call from
-	// hanging the build process indefinitely. The
-	// external service must return a request within
-	// one minute.
-	ctx, cancel := context.WithTimeout(ctx, time.Minute)
-	defer cancel()
-
-	req := &secret.Request{
-		Name:  name,
-		Path:  path,
-		Repo:  toRepo(in.Repo),
-		Build: toBuild(in.Build),
-	}
-	client := secret.Client(c.endpoint, c.secret, c.skipVerify)
-	res, err := client.Find(ctx, req)
-	if err != nil {
-		return nil, err
-	}
-
-	// if no error is returned and the secret is empty,
-	// this indicates the client returned No Content,
-	// and we should exit with no secret, but no error.
-	if res.Data == "" {
-		return nil, nil
-	}
-
-	// The secret can be restricted to non-pull request
-	// events. If the secret is restricted, return
-	// empty results.
-	if (res.Pull == false && res.PullRequest == false) &&
-		in.Build.Event == core.EventPullRequest {
-		return nil, nil
-	}
-
-	return auths.ParseString(res.Data)
+	return results, nil
 }
 
-func getExternal(manifest *yaml.Manifest) (path, name string, ok bool) {
+func getExternal(manifest *yaml.Manifest, match string) (path, name string, ok bool) {
 	for _, resource := range manifest.Resources {
 		secret, ok := resource.(*yaml.Secret)
 		if !ok {
 			continue
 		}
-		if !strings.EqualFold(secret.Type, "docker") {
+		if secret.Name != match {
 			continue
 		}
-		value, ok := secret.External["docker_auth_config"]
-		if ok {
-			return value.Path, value.Name, ok
-		}
-		value, ok = secret.External[".dockerconfig"]
-		if ok {
-			return value.Path, value.Name, ok
-		}
-		value, ok = secret.External[".dockerconfigjson"]
-		if ok {
-			return value.Path, value.Name, ok
+		if secret.Get.Name == "" && secret.Get.Path == "" {
+			continue
 		}
+		return secret.Get.Path, secret.Get.Name, true
 	}
 	return
 }

plugin/registry/static.go

@@ -6,9 +6,9 @@ package registry
 
 import (
 	"context"
-	"strings"
 
 	"github.com/drone/drone/core"
+	"github.com/drone/drone/logger"
 	"github.com/drone/drone/plugin/registry/auths"
 )
 
@@ -22,25 +22,39 @@ type staticController struct {
 }
 
 func (c *staticController) List(ctx context.Context, in *core.RegistryArgs) ([]*core.Registry, error) {
+	static := map[string]*core.Secret{}
 	for _, secret := range c.secrets {
-		if !isRegistrySecret(secret.Name) {
+		static[secret.Name] = secret
+	}
+
+	var results []*core.Registry
+	for _, name := range in.Pipeline.PullSecrets {
+		logger := logger.FromContext(ctx).WithField("name", name)
+		logger.Trace("registry: image_pull_secret: find secret")
+
+		secret, ok := static[name]
+		if !ok {
+			logger.Warn("registry: image_pull_secret: cannot find secret")
 			continue
 		}
+
 		// The secret can be restricted to non-pull request
 		// events. If the secret is restricted, return
 		// empty results.
 		if secret.PullRequest == false &&
 			in.Build.Event == core.EventPullRequest {
+			logger.Trace("registry: image_pull_secret: pull_request access denied")
 			continue
 		}
-		return auths.ParseString(secret.Data)
-	}
-	return nil, nil
-}
 
-func isRegistrySecret(name string) bool {
-	return strings.EqualFold(name, "docker_auth_config") ||
-		strings.EqualFold(name, ".dockerconfig") ||
-		strings.EqualFold(name, ".dockerconfigjson") ||
-		strings.EqualFold(name, "_docker")
+		logger.Trace("registry: image_pull_secret: secret found")
+		parsed, err := auths.ParseString(secret.Data)
+		if err != nil {
+			logger.WithError(err).Error("registry: image_pull_secret: parsing error")
+			return nil, err
+		}
+
+		results = append(results, parsed...)
+	}
+	return results, nil
 }

plugin/registry/static_test.go

@@ -0,0 +1,121 @@
+// Copyright 2019 Drone.IO Inc. All rights reserved.
+// Use of this source code is governed by the Drone Non-Commercial License
+// that can be found in the LICENSE file.
+
+package registry
+
+import (
+	"testing"
+
+	"github.com/drone/drone-yaml/yaml"
+	"github.com/drone/drone/core"
+	"github.com/google/go-cmp/cmp"
+)
+
+var mockDockerAuthConfig = `{
+	"auths": {
+		"https://index.docker.io/v1/": {
+			"auth": "b2N0b2NhdDpjb3JyZWN0LWhvcnNlLWJhdHRlcnktc3RhcGxl"
+		}
+	}
+}`
+
+func TestStatic(t *testing.T) {
+	secrets := []*core.Secret{
+		{
+			Name: "dockerhub",
+			Data: mockDockerAuthConfig,
+		},
+	}
+
+	manifest, err := yaml.ParseString("kind: pipeline\nimage_pull_secrets: [ dockerhub ]")
+	if err != nil {
+		t.Error(err)
+		return
+	}
+
+	args := &core.RegistryArgs{
+		Build:    &core.Build{Event: core.EventPush},
+		Conf:     manifest,
+		Pipeline: manifest.Resources[0].(*yaml.Pipeline),
+	}
+	service := Static(secrets)
+	got, err := service.List(noContext, args)
+	if err != nil {
+		t.Error(err)
+		return
+	}
+
+	want := []*core.Registry{
+		{
+			Address:  "https://index.docker.io/v1/",
+			Username: "octocat",
+			Password: "correct-horse-battery-staple",
+		},
+	}
+	if diff := cmp.Diff(got, want); diff != "" {
+		t.Errorf(diff)
+		return
+	}
+}
+
+func TestStatic_NoMatch(t *testing.T) {
+	secrets := []*core.Secret{
+		{
+			Name: "dockerhub",
+			Data: mockDockerAuthConfig,
+		},
+	}
+
+	manifest, err := yaml.ParseString("kind: pipeline\nimage_pull_secrets: [ unknown ]")
+	if err != nil {
+		t.Error(err)
+		return
+	}
+
+	args := &core.RegistryArgs{
+		Build:    &core.Build{Event: core.EventPush},
+		Conf:     manifest,
+		Pipeline: manifest.Resources[0].(*yaml.Pipeline),
+	}
+	service := Static(secrets)
+	got, err := service.List(noContext, args)
+	if err != nil {
+		t.Error(err)
+		return
+	}
+	if len(got) != 0 {
+		t.Errorf("Expect no results")
+	}
+}
+
+func TestStatic_DisablePullRequest(t *testing.T) {
+	secrets := []*core.Secret{
+		{
+			Name:        "dockerhub",
+			Data:        mockDockerAuthConfig,
+			PullRequest: false,
+		},
+	}
+
+	manifest, err := yaml.ParseString("kind: pipeline\nimage_pull_secrets: [ dockerhub ]")
+	if err != nil {
+		t.Error(err)
+		return
+	}
+
+	args := &core.RegistryArgs{
+		Build:    &core.Build{Event: core.EventPullRequest},
+		Conf:     manifest,
+		Pipeline: manifest.Resources[0].(*yaml.Pipeline),
+	}
+	service := Static(secrets)
+	got, err := service.List(noContext, args)
+	if err != nil {
+		t.Error(err)
+		return
+	}
+	if len(got) != 0 {
+		t.Errorf("Expect no results")
+	}
+}

plugin/secret/external.go

@@ -6,7 +6,6 @@ package secret
 
 import (
 	"context"
-	"strings"
 	"time"
 
 	"github.com/drone/drone-yaml/yaml"
@@ -86,20 +85,19 @@ func (c *externalController) Find(ctx context.Context, in *core.SecretArgs) (*co
 	}, nil
 }
 
-func getExternal(manifest *yaml.Manifest, named string) (path, name string, ok bool) {
+func getExternal(manifest *yaml.Manifest, match string) (path, name string, ok bool) {
 	for _, resource := range manifest.Resources {
 		secret, ok := resource.(*yaml.Secret)
 		if !ok {
 			continue
 		}
-		if secret.Type != "" &&
-			!strings.EqualFold(secret.Type, "general") {
+		if secret.Name != match {
 			continue
 		}
-		value, ok := secret.External[named]
-		if ok {
-			return value.Path, value.Name, ok
+		if secret.Get.Name == "" && secret.Get.Path == "" {
+			continue
 		}
+		return secret.Get.Path, secret.Get.Name, true
 	}
 	return
 }

service/content/cache/contents_test.go

@@ -30,7 +30,7 @@ func TestFind(t *testing.T) {
 	}
 
 	mockContents := mock.NewMockFileService(controller)
-	mockContents.EXPECT().Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml").Return(mockFile, nil)
+	mockContents.EXPECT().Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml").Return(mockFile, nil)
 
 	service := Contents(mockContents).(*service)
 
@@ -39,7 +39,7 @@ func TestFind(t *testing.T) {
 		Hash: []byte(""),
 	}
 
-	got, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml")
+	got, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml")
 	if err != nil {
 		t.Error(err)
 	}
@@ -59,11 +59,11 @@ func TestFindError(t *testing.T) {
 	mockUser := &core.User{}
 
 	mockContents := mock.NewMockFileService(controller)
-	mockContents.EXPECT().Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml").Return(nil, scm.ErrNotFound)
+	mockContents.EXPECT().Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml").Return(nil, scm.ErrNotFound)
 
 	service := Contents(mockContents).(*service)
 
-	_, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml")
+	_, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml")
 	if err != scm.ErrNotFound {
 		t.Errorf("Expect not found error")
 	}
@@ -79,7 +79,7 @@ func TestFindCache(t *testing.T) {
 		Hash: []byte(""),
 	}
 
-	key := fmt.Sprintf(contentKey, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", ".core.yml")
+	key := fmt.Sprintf(contentKey, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", ".drone.yml")
 	service := Contents(nil).(*service)
 	service.cache.Add(key, mockFile)
 
@@ -88,7 +88,7 @@ func TestFindCache(t *testing.T) {
 		Hash: []byte(""),
 	}
 
-	got, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml")
+	got, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml")
 	if err != nil {
 		t.Error(err)
 	}

service/content/content_test.go

@@ -25,12 +25,12 @@ func TestFind(t *testing.T) {
 
 	mockUser := &core.User{}
 	mockFile := &scm.Content{
-		Path: ".core.yml",
+		Path: ".drone.yml",
 		Data: []byte("hello world"),
 	}
 
 	mockContents := mockscm.NewMockContentService(controller)
-	mockContents.EXPECT().Find(gomock.Any(), "octocat/hello-world", ".core.yml", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa").Return(mockFile, nil, nil)
+	mockContents.EXPECT().Find(gomock.Any(), "octocat/hello-world", ".drone.yml", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa").Return(mockFile, nil, nil)
 
 	mockRenewer := mock.NewMockRenewer(controller)
 	mockRenewer.EXPECT().Renew(gomock.Any(), mockUser, false)
@@ -44,7 +44,7 @@ func TestFind(t *testing.T) {
 	}
 
 	service := New(client, mockRenewer)
-	got, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml")
+	got, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml")
 	if err != nil {
 		t.Error(err)
 	}
@@ -60,7 +60,7 @@ func TestFind_Error(t *testing.T) {
 	mockUser := &core.User{}
 
 	mockContents := mockscm.NewMockContentService(controller)
-	mockContents.EXPECT().Find(gomock.Any(), "octocat/hello-world", ".core.yml", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa").Return(nil, nil, scm.ErrNotFound)
+	mockContents.EXPECT().Find(gomock.Any(), "octocat/hello-world", ".drone.yml", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa").Return(nil, nil, scm.ErrNotFound)
 
 	mockRenewer := mock.NewMockRenewer(controller)
 	mockRenewer.EXPECT().Renew(gomock.Any(), mockUser, false)
@@ -71,7 +71,7 @@ func TestFind_Error(t *testing.T) {
 	s := New(client, mockRenewer)
 	s.(*service).attempts = 1
 	s.(*service).wait = 0
-	_, err := s.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml")
+	_, err := s.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml")
 	if err != scm.ErrNotFound {
 		t.Errorf("Expect not found error, got %s", err)
 	}
@@ -89,7 +89,7 @@ func TestFind_RenewalError(t *testing.T) {
 	client := new(scm.Client)
 
 	service := New(client, mockRenewer)
-	_, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml")
+	_, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml")
 	if err == nil {
 		t.Errorf("Expect error refreshing token")
 	}

trigger/trigger.go

@@ -121,7 +121,7 @@ func (t *triggerer) Trigger(ctx context.Context, repo *core.Repository, base *co
 	}
 
 	// // some tag hooks provide the tag but do not provide the sha.
-	// // this may be important if we want to fetch the .core.yml
+	// // this may be important if we want to fetch the .drone.yml
 	// if base.After == "" && base.Event == core.EventTag {
 	// 	tag, _, err := t.client.Git.FindTag(ctx, repo.Slug, base.Ref)
 	// 	if err != nil {

trigger/trigger_test.go

@@ -445,7 +445,7 @@ var (
 		Counter:    42,
 		Secret:     "g9dMChy22QutQM5lrpbe0yCR3f15t1gv",
 		Signer:     "g9dMChy22QutQM5lrpbe0yCR3f15t1gv",
-		Config:     ".core.yml",
+		Config:     ".drone.yml",
 	}
 
 	dummyStage = &core.Stage{