darkkirb/harness-drone
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

use yaml parameter to restrict local plugin execution

Browse source
This commit is contained in:
Brad Rydzewski 2017-01-20 14:16:15 +07:00
parent 9df2a43525
commit def995b164
6 changed files with 27 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
agent/agent.go
View file

@ -29,7 +29,6 @@ type Agent struct {
Platform string Platform string
Namespace string Namespace string
Extension []string Extension []string
Disable []string
Escalate []string Escalate []string
Netrc []string Netrc []string
Local string Local string
@ -187,7 +186,7 @@ func (a *Agent) prep(w *model.Work) (*yaml.Config, error) {
transform.PluginParams(conf) transform.PluginParams(conf)
if a.Local != "" { if a.Local != "" {
transform.PluginDisable(conf, a.Disable) transform.PluginDisable(conf, true)
transform.ImageVolume(conf, []string{a.Local + ":" + conf.Workspace.Path}) transform.ImageVolume(conf, []string{a.Local + ":" + conf.Workspace.Path})
} }

35
drone/exec.go
View file

@ -33,11 +33,6 @@ var execCmd = cli.Command{
Usage: "build from local directory", Usage: "build from local directory",
EnvVar: "DRONE_LOCAL", EnvVar: "DRONE_LOCAL",
}, },
cli.StringSliceFlag{
Name: "plugin",
Usage: "plugin steps to enable",
EnvVar: "DRONE_PLUGIN_ENABLE",
},
cli.StringSliceFlag{ cli.StringSliceFlag{
Name: "secret", Name: "secret",
Usage: "build secrets in KEY=VALUE format", Usage: "build secrets in KEY=VALUE format",
@ -70,12 +65,6 @@ var execCmd = cli.Command{
Name: "pull", Name: "pull",
Usage: "always pull latest plugin images", Usage: "always pull latest plugin images",
}, },
cli.StringFlag{
EnvVar: "DRONE_PLUGIN_NAMESPACE",
Name: "namespace",
Value: "plugins",
Usage: "default plugin image namespace",
},
cli.StringSliceFlag{ cli.StringSliceFlag{
EnvVar: "DRONE_PLUGIN_PRIVILEGED", EnvVar: "DRONE_PLUGIN_PRIVILEGED",
Name: "privileged", Name: "privileged",
@ -157,7 +146,7 @@ var execCmd = cli.Command{
Usage: "repository is private", Usage: "repository is private",
EnvVar: "DRONE_REPO_PRIVATE", EnvVar: "DRONE_REPO_PRIVATE",
}, },
cli.BoolFlag{ cli.BoolTFlag{
Name: "repo.trusted", Name: "repo.trusted",
Usage: "repository is trusted", Usage: "repository is trusted",
EnvVar: "DRONE_REPO_TRUSTED", EnvVar: "DRONE_REPO_TRUSTED",
@ -326,17 +315,15 @@ func exec(c *cli.Context) error {
} }
a := agent.Agent{ a := agent.Agent{
Update: agent.NoopUpdateFunc, Update: agent.NoopUpdateFunc,
Logger: agent.TermLoggerFunc, Logger: agent.TermLoggerFunc,
Engine: engine, Engine: engine,
Timeout: c.Duration("timeout.inactivity"), Timeout: c.Duration("timeout.inactivity"),
Platform: "linux/amd64", Platform: "linux/amd64",
Namespace: c.String("namespace"), Escalate: c.StringSlice("privileged"),
Disable: c.StringSlice("plugin"), Netrc: []string{},
Escalate: c.StringSlice("privileged"), Local: dir,
Netrc: []string{}, Pull: c.Bool("pull"),
Local: dir,
Pull: c.Bool("pull"),
} }
payload := &model.Work{ payload := &model.Work{
@ -353,7 +340,7 @@ func exec(c *cli.Context) error {
Avatar: c.String("repo.avatar"), Avatar: c.String("repo.avatar"),
Timeout: int64(c.Duration("timeout").Minutes()), Timeout: int64(c.Duration("timeout").Minutes()),
IsPrivate: c.Bool("repo.private"), IsPrivate: c.Bool("repo.private"),
IsTrusted: c.Bool("repo.trusted"), IsTrusted: c.BoolT("repo.trusted"),
Clone: c.String("remote.url"), Clone: c.String("remote.url"),
}, },
System: &model.System{ System: &model.System{

2
yaml/constraint.go
View file

@ -10,7 +10,7 @@ import (
type Constraints struct { type Constraints struct {
Repo Constraint Repo Constraint
Ref Constraint Ref Constraint
Refspec Constraint Runtime Constraint
Platform Constraint Platform Constraint
Environment Constraint Environment Constraint
Event Constraint Event Constraint

23
yaml/transform/plugin.go
View file

@ -1,27 +1,22 @@
package transform package transform
import ( import "github.com/drone/drone/yaml"
"path/filepath"
"github.com/drone/drone/yaml"
)
// PluginDisable is a transform function that alters the Yaml configuration to // PluginDisable is a transform function that alters the Yaml configuration to
// disables plugins. This is intended for use when executing the pipeline // disables plugins. This is intended for use when executing the pipeline
// locally on your own computer. // locally on your own computer.
func PluginDisable(conf *yaml.Config, patterns []string) error { func PluginDisable(conf *yaml.Config, local bool) error {
for _, container := range conf.Pipeline { for _, container := range conf.Pipeline {
if len(container.Commands) != 0 { // skip build steps if len(container.Commands) != 0 || container.Detached { // skip build steps
continue continue
} }
var match bool
for _, pattern := range patterns { if isClone(container) {
if ok, _ := filepath.Match(pattern, container.Name); ok { container.Disabled = true
match = true continue
break
}
} }
if !match {
if local && container.Constraints.Runtime.Match("cli") {
container.Disabled = true container.Disabled = true
} }
} }

4
yaml/transform/secret.go
View file

@ -5,6 +5,10 @@ import (
"github.com/drone/drone/yaml" "github.com/drone/drone/yaml"
) )
//
// TODO remove
//
func ImageSecrets(c *yaml.Config, secrets []*model.Secret, event string) error { func ImageSecrets(c *yaml.Config, secrets []*model.Secret, event string) error {
var images []*yaml.Container var images []*yaml.Container
images = append(images, c.Pipeline...) images = append(images, c.Pipeline...)

1
yaml/transform/volume.go
View file

@ -2,6 +2,7 @@ package transform
import "github.com/drone/drone/yaml" import "github.com/drone/drone/yaml"
// ImageVolume mounts a default volume (used for drone exec)
func ImageVolume(conf *yaml.Config, volumes []string) error { func ImageVolume(conf *yaml.Config, volumes []string) error {
if len(volumes) == 0 { if len(volumes) == 0 {