From def995b164220af7aa9d8a0640e1fe1841b9c307 Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Fri, 20 Jan 2017 14:16:15 +0700 Subject: [PATCH 1/2] use yaml parameter to restrict local plugin execution --- agent/agent.go | 3 +-- drone/exec.go | 35 +++++++++++------------------------ yaml/constraint.go | 2 +- yaml/transform/plugin.go | 23 +++++++++-------------- yaml/transform/secret.go | 4 ++++ yaml/transform/volume.go | 1 + 6 files changed, 27 insertions(+), 41 deletions(-) diff --git a/agent/agent.go b/agent/agent.go index d911c565..93fc0e55 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -29,7 +29,6 @@ type Agent struct { Platform string Namespace string Extension []string - Disable []string Escalate []string Netrc []string Local string @@ -187,7 +186,7 @@ func (a *Agent) prep(w *model.Work) (*yaml.Config, error) { transform.PluginParams(conf) if a.Local != "" { - transform.PluginDisable(conf, a.Disable) + transform.PluginDisable(conf, true) transform.ImageVolume(conf, []string{a.Local + ":" + conf.Workspace.Path}) } diff --git a/drone/exec.go b/drone/exec.go index f061f1bc..6f251043 100644 --- a/drone/exec.go +++ b/drone/exec.go @@ -33,11 +33,6 @@ var execCmd = cli.Command{ Usage: "build from local directory", EnvVar: "DRONE_LOCAL", }, - cli.StringSliceFlag{ - Name: "plugin", - Usage: "plugin steps to enable", - EnvVar: "DRONE_PLUGIN_ENABLE", - }, cli.StringSliceFlag{ Name: "secret", Usage: "build secrets in KEY=VALUE format", @@ -70,12 +65,6 @@ var execCmd = cli.Command{ Name: "pull", Usage: "always pull latest plugin images", }, - cli.StringFlag{ - EnvVar: "DRONE_PLUGIN_NAMESPACE", - Name: "namespace", - Value: "plugins", - Usage: "default plugin image namespace", - }, cli.StringSliceFlag{ EnvVar: "DRONE_PLUGIN_PRIVILEGED", Name: "privileged", @@ -157,7 +146,7 @@ var execCmd = cli.Command{ Usage: "repository is private", EnvVar: "DRONE_REPO_PRIVATE", }, - cli.BoolFlag{ + cli.BoolTFlag{ Name: "repo.trusted", Usage: "repository is trusted", EnvVar: "DRONE_REPO_TRUSTED", @@ -326,17 +315,15 @@ func exec(c *cli.Context) error { } a := agent.Agent{ - Update: agent.NoopUpdateFunc, - Logger: agent.TermLoggerFunc, - Engine: engine, - Timeout: c.Duration("timeout.inactivity"), - Platform: "linux/amd64", - Namespace: c.String("namespace"), - Disable: c.StringSlice("plugin"), - Escalate: c.StringSlice("privileged"), - Netrc: []string{}, - Local: dir, - Pull: c.Bool("pull"), + Update: agent.NoopUpdateFunc, + Logger: agent.TermLoggerFunc, + Engine: engine, + Timeout: c.Duration("timeout.inactivity"), + Platform: "linux/amd64", + Escalate: c.StringSlice("privileged"), + Netrc: []string{}, + Local: dir, + Pull: c.Bool("pull"), } payload := &model.Work{ @@ -353,7 +340,7 @@ func exec(c *cli.Context) error { Avatar: c.String("repo.avatar"), Timeout: int64(c.Duration("timeout").Minutes()), IsPrivate: c.Bool("repo.private"), - IsTrusted: c.Bool("repo.trusted"), + IsTrusted: c.BoolT("repo.trusted"), Clone: c.String("remote.url"), }, System: &model.System{ diff --git a/yaml/constraint.go b/yaml/constraint.go index acf2f060..6c6488ba 100644 --- a/yaml/constraint.go +++ b/yaml/constraint.go @@ -10,7 +10,7 @@ import ( type Constraints struct { Repo Constraint Ref Constraint - Refspec Constraint + Runtime Constraint Platform Constraint Environment Constraint Event Constraint diff --git a/yaml/transform/plugin.go b/yaml/transform/plugin.go index be0557bd..bd84b915 100644 --- a/yaml/transform/plugin.go +++ b/yaml/transform/plugin.go @@ -1,27 +1,22 @@ package transform -import ( - "path/filepath" - - "github.com/drone/drone/yaml" -) +import "github.com/drone/drone/yaml" // PluginDisable is a transform function that alters the Yaml configuration to // disables plugins. This is intended for use when executing the pipeline // locally on your own computer. -func PluginDisable(conf *yaml.Config, patterns []string) error { +func PluginDisable(conf *yaml.Config, local bool) error { for _, container := range conf.Pipeline { - if len(container.Commands) != 0 { // skip build steps + if len(container.Commands) != 0 || container.Detached { // skip build steps continue } - var match bool - for _, pattern := range patterns { - if ok, _ := filepath.Match(pattern, container.Name); ok { - match = true - break - } + + if isClone(container) { + container.Disabled = true + continue } - if !match { + + if local && container.Constraints.Runtime.Match("cli") { container.Disabled = true } } diff --git a/yaml/transform/secret.go b/yaml/transform/secret.go index 69054c6c..fb355f21 100644 --- a/yaml/transform/secret.go +++ b/yaml/transform/secret.go @@ -5,6 +5,10 @@ import ( "github.com/drone/drone/yaml" ) +// +// TODO remove +// + func ImageSecrets(c *yaml.Config, secrets []*model.Secret, event string) error { var images []*yaml.Container images = append(images, c.Pipeline...) diff --git a/yaml/transform/volume.go b/yaml/transform/volume.go index e42a9ee6..39678b10 100644 --- a/yaml/transform/volume.go +++ b/yaml/transform/volume.go @@ -2,6 +2,7 @@ package transform import "github.com/drone/drone/yaml" +// ImageVolume mounts a default volume (used for drone exec) func ImageVolume(conf *yaml.Config, volumes []string) error { if len(volumes) == 0 { From e4740667c063178c648d2f2a288e2069ca06d8c5 Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Fri, 20 Jan 2017 18:06:08 +0700 Subject: [PATCH 2/2] use when.local=false to disable plugin steps locally --- yaml/constraint.go | 2 +- yaml/transform/plugin.go | 8 ++------ yaml/types/bool.go | 8 ++++---- yaml/types/bool_test.go | 2 +- 4 files changed, 8 insertions(+), 12 deletions(-) diff --git a/yaml/constraint.go b/yaml/constraint.go index 6c6488ba..07608a68 100644 --- a/yaml/constraint.go +++ b/yaml/constraint.go @@ -10,13 +10,13 @@ import ( type Constraints struct { Repo Constraint Ref Constraint - Runtime Constraint Platform Constraint Environment Constraint Event Constraint Branch Constraint Status Constraint Matrix ConstraintMap + Local types.BoolTrue } // Match returns true if all constraints match the given input. If a single constraint diff --git a/yaml/transform/plugin.go b/yaml/transform/plugin.go index bd84b915..7bc1463d 100644 --- a/yaml/transform/plugin.go +++ b/yaml/transform/plugin.go @@ -7,18 +7,14 @@ import "github.com/drone/drone/yaml" // locally on your own computer. func PluginDisable(conf *yaml.Config, local bool) error { for _, container := range conf.Pipeline { - if len(container.Commands) != 0 || container.Detached { // skip build steps - continue + if local && !container.Constraints.Local.Bool() { + container.Disabled = true } if isClone(container) { container.Disabled = true continue } - - if local && container.Constraints.Runtime.Match("cli") { - container.Disabled = true - } } return nil } diff --git a/yaml/types/bool.go b/yaml/types/bool.go index ac7d295c..17a7aa9a 100644 --- a/yaml/types/bool.go +++ b/yaml/types/bool.go @@ -15,14 +15,14 @@ func (b *BoolTrue) UnmarshalYAML(unmarshal func(interface{}) error) error { return err } - b.value, err = strconv.ParseBool(s) - if err != nil { - b.value = true + value, err := strconv.ParseBool(s) + if err == nil { + b.value = !value } return nil } // Bool returns the bool value. func (b BoolTrue) Bool() bool { - return b.value + return !b.value } diff --git a/yaml/types/bool_test.go b/yaml/types/bool_test.go index 641b74c0..b864349f 100644 --- a/yaml/types/bool_test.go +++ b/yaml/types/bool_test.go @@ -40,7 +40,7 @@ func TestBoolTrue(t *testing.T) { if err != nil { g.Fail(err) } - g.Assert(out.Bool()).Equal(false) + g.Assert(out.Bool()).Equal(true) }) g.It("should throw error when invalid", func() {