From 6e244be920e7371b8b2c23a4436c5e86ebc0d37d Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Mon, 10 Apr 2017 18:27:34 +0200 Subject: [PATCH] improve secret match logic --- drone/secret.go | 12 +++-- server/hook.go | 12 ++--- .../frontend/yaml/compiler/compiler.go | 1 + .../frontend/yaml/compiler/convert.go | 5 ++ .../pipeline/frontend/yaml/compiler/image.go | 2 +- .../pipeline/frontend/yaml/compiler/option.go | 8 ++++ vendor/vendor.json | 46 +++++++++---------- 7 files changed, 50 insertions(+), 36 deletions(-) diff --git a/drone/secret.go b/drone/secret.go index e95ffb6c..0cd864ac 100644 --- a/drone/secret.go +++ b/drone/secret.go @@ -25,11 +25,6 @@ func secretAddFlags() []cli.Flag { cli.StringSliceFlag{ Name: "event", Usage: "inject the secret for these event types", - Value: &cli.StringSlice{ - model.EventPush, - model.EventTag, - model.EventDeploy, - }, }, cli.StringSliceFlag{ Name: "image", @@ -77,6 +72,13 @@ func secretParseCmd(name string, value string, c *cli.Context) (*model.Secret, e secret.Events = c.StringSlice("event") secret.SkipVerify = c.Bool("skip-verify") secret.Conceal = c.Bool("conceal") + if len(secret.Events) == 0 { + secret.Events = []string{ + model.EventPush, + model.EventTag, + model.EventDeploy, + } + } // TODO(bradrydzewski) below we use an @ sybmol to denote that the secret // value should be loaded from a file (inspired by curl). I'd prefer to use diff --git a/server/hook.go b/server/hook.go index 50f45f5f..482f58e6 100644 --- a/server/hook.go +++ b/server/hook.go @@ -463,13 +463,11 @@ func (b *builder) Build() ([]*buildItem, error) { if !sec.MatchEvent(b.Curr.Event) { continue } - if b.Curr.Verified || sec.SkipVerify { - secrets = append(secrets, compiler.Secret{ - Name: sec.Name, - Value: sec.Value, - Match: sec.Images, - }) - } + secrets = append(secrets, compiler.Secret{ + Name: sec.Name, + Value: sec.Value, + Match: sec.Images, + }) } y := b.Yaml diff --git a/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/compiler.go b/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/compiler.go index 7895a588..ab81bad1 100644 --- a/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/compiler.go +++ b/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/compiler.go @@ -32,6 +32,7 @@ type Compiler struct { escalated []string prefix string volumes []string + networks []string env map[string]string base string path string diff --git a/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/convert.go b/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/convert.go index 265c5cae..b63cb2fa 100644 --- a/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/convert.go +++ b/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/convert.go @@ -28,6 +28,11 @@ func (c *Compiler) createProcess(name string, container *yaml.Container) *backen Aliases: c.aliases, }, } + for _, network := range c.networks { + networks = append(networks, backend.Conn{ + Name: network, + }) + } var volumes []string if !c.local { diff --git a/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/image.go b/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/image.go index c0aedd80..939e8d22 100644 --- a/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/image.go +++ b/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/image.go @@ -28,7 +28,7 @@ func expandImage(name string) string { func matchImage(from string, to ...string) bool { from = trimImage(from) for _, match := range to { - if from == match { + if from == trimImage(match) { return true } } diff --git a/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/option.go b/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/option.go index 4ad9f2d4..87579af2 100644 --- a/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/option.go +++ b/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/option.go @@ -161,6 +161,14 @@ func WithProxy() Option { ) } +// WithNetworks configures the compiler with additionnal networks +// to be connected to build containers +func WithNetworks(networks ...string) Option { + return func(compiler *Compiler) { + compiler.networks = networks + } +} + // TODO(bradrydzewski) consider an alternate approach to // WithProxy where the proxy strings are passed directly // to the function as named parameters. diff --git a/vendor/vendor.json b/vendor/vendor.json index cdc6bf29..1aea83b5 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -28,68 +28,68 @@ { "checksumSHA1": "W3AuK8ocqHwlUajGmQLFvnRhTZE=", "path": "github.com/cncd/pipeline/pipeline", - "revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", - "revisionTime": "2017-04-09T09:45:58Z" + "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18", + "revisionTime": "2017-04-10T16:25:49Z" }, { "checksumSHA1": "Qu2FreqaMr8Yx2bW9O0cxAGgjr0=", "path": "github.com/cncd/pipeline/pipeline/backend", - "revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", - "revisionTime": "2017-04-09T09:45:58Z" + "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18", + "revisionTime": "2017-04-10T16:25:49Z" }, { "checksumSHA1": "0CGXRaYwZhJxGIrGhn8WGpkFqPo=", "path": "github.com/cncd/pipeline/pipeline/backend/docker", - "revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", - "revisionTime": "2017-04-09T09:45:58Z" + "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18", + "revisionTime": "2017-04-10T16:25:49Z" }, { "checksumSHA1": "/8wE+cVb7T4PQZgpLNu0DHzKGuE=", "path": "github.com/cncd/pipeline/pipeline/frontend", - "revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", - "revisionTime": "2017-04-09T09:45:58Z" + "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18", + "revisionTime": "2017-04-10T16:25:49Z" }, { "checksumSHA1": "QWs+L3emrt5DDTWvqD6rbMtLKMw=", "path": "github.com/cncd/pipeline/pipeline/frontend/yaml", - "revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", - "revisionTime": "2017-04-09T09:45:58Z" + "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18", + "revisionTime": "2017-04-10T16:25:49Z" }, { - "checksumSHA1": "Bsp5Fq7oc6ZDDX5COo//pajb0kk=", + "checksumSHA1": "ggOpR/vh0Hs6SnaiuiEO/9dUkcA=", "path": "github.com/cncd/pipeline/pipeline/frontend/yaml/compiler", - "revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", - "revisionTime": "2017-04-09T09:45:58Z" + "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18", + "revisionTime": "2017-04-10T16:25:49Z" }, { "checksumSHA1": "Q0GkNUFamVYIA1Fd8r0A5M6Gx54=", "path": "github.com/cncd/pipeline/pipeline/frontend/yaml/linter", - "revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", - "revisionTime": "2017-04-09T09:45:58Z" + "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18", + "revisionTime": "2017-04-10T16:25:49Z" }, { "checksumSHA1": "kx2sPUIMozPC/g6E4w48h3FfH3k=", "path": "github.com/cncd/pipeline/pipeline/frontend/yaml/matrix", - "revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", - "revisionTime": "2017-04-09T09:45:58Z" + "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18", + "revisionTime": "2017-04-10T16:25:49Z" }, { "checksumSHA1": "2/3f3oNmxXy5kcrRLCFa24Oc9O4=", "path": "github.com/cncd/pipeline/pipeline/interrupt", - "revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", - "revisionTime": "2017-04-09T09:45:58Z" + "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18", + "revisionTime": "2017-04-10T16:25:49Z" }, { "checksumSHA1": "uOjTfke7Qxosrivgz/nVTHeIP5g=", "path": "github.com/cncd/pipeline/pipeline/multipart", - "revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", - "revisionTime": "2017-04-09T09:45:58Z" + "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18", + "revisionTime": "2017-04-10T16:25:49Z" }, { "checksumSHA1": "TP5lK1T8cOKv5QjZ2nqdlYczSTo=", "path": "github.com/cncd/pipeline/pipeline/rpc", - "revision": "94d637b94d0439ed4853e8089d8a1b1820b67c65", - "revisionTime": "2017-04-09T09:45:58Z" + "revision": "3592c9ddd294f698e70b8dd855cdd66264f8ae18", + "revisionTime": "2017-04-10T16:25:49Z" }, { "checksumSHA1": "7Qj1DK0ceAXkYztW0l3+L6sn+V8=",