darkkirb/harness-drone
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

only force approval when secrets exposed

Browse source
This commit is contained in:
Brad Rydzewski 2017-03-18 23:40:12 +08:00
parent 736e1bc9b5
commit b100401e29
1 changed files with 20 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
server/hook.go
View file

@ -155,10 +155,28 @@ func PostHook(c *gin.Context) {
} }
} }
// TODO default logic should avoid the approval if all secs, err := store.GetMergedSecretList(c, repo)
// secrets have skip-verify flag if err != nil {
logrus.Debugf("Error getting secrets for %s#%d. %s", repo.FullName, build.Number, err)
}
var mustApprove bool
if build.Event == model.EventPull { if build.Event == model.EventPull {
for _, sec := range secs {
if sec.SkipVerify {
continue
}
if sec.MatchEvent(model.EventPull) {
mustApprove = true
break
}
}
if !mustApprove {
logrus.Debugf("no secrets exposed to pull_request: status: accepted")
}
}
if build.Event == model.EventPull && mustApprove {
old, ferr := remote_.FileRef(user, repo, build.Branch, cfg.Yaml) old, ferr := remote_.FileRef(user, repo, build.Branch, cfg.Yaml)
if ferr != nil { if ferr != nil {
build.Status = model.StatusBlocked build.Status = model.StatusBlocked
@ -219,10 +237,6 @@ func PostHook(c *gin.Context) {
// get the previous build so that we can send // get the previous build so that we can send
// on status change notifications // on status change notifications
last, _ := store.GetBuildLastBefore(c, repo, build.Branch, build.ID) last, _ := store.GetBuildLastBefore(c, repo, build.Branch, build.ID)
secs, err := store.GetMergedSecretList(c, repo)
if err != nil {
logrus.Debugf("Error getting secrets for %s#%d. %s", repo.FullName, build.Number, err)
}
// //
// BELOW: NEW // BELOW: NEW