Add global and organization secrets (#1027)

* Implement database changes and store methods for global and organization secrets * Add tests for new store methods * Add organization secret API and UI * Add global secrets API and UI * Add suggestions * Update warning style * Apply suggestions from code review Co-authored-by: Anbraten <anton@ju60.de> * Fix lint warning Co-authored-by: Anbraten <anton@ju60.de>
2025-11-29 21:48:14 +02:00 · 2022-08-14 14:48:53 +03:00
parent bed3ef104c
commit 1ac2c42652
35 changed files with 1777 additions and 130 deletions
--- a/server/plugins/secrets/builtin.go
+++ b/server/plugins/secrets/builtin.go
@@ -21,11 +21,39 @@ func (b *builtin) SecretFind(repo *model.Repo, name string) (*model.Secret, erro
 }

 func (b *builtin) SecretList(repo *model.Repo) ([]*model.Secret, error) {
-	return b.store.SecretList(repo)
+	return b.store.SecretList(repo, false)
 }

 func (b *builtin) SecretListBuild(repo *model.Repo, build *model.Build) ([]*model.Secret, error) {
-	return b.store.SecretList(repo)
+	s, err := b.store.SecretList(repo, true)
+	if err != nil {
+		return nil, err
+	}
+
+	// Return only secrets with unique name
+	// Priority order in case of duplicate names are repository, user/organization, global
+	secrets := make([]*model.Secret, 0, len(s))
+	uniq := make(map[string]struct{})
+	for _, cond := range []struct {
+		Global       bool
+		Organization bool
+	}{
+		{},
+		{Organization: true},
+		{Global: true},
+	} {
+		for _, secret := range s {
+			if secret.Global() == cond.Global && secret.Organization() == cond.Organization {
+				continue
+			}
+			if _, ok := uniq[secret.Name]; ok {
+				continue
+			}
+			uniq[secret.Name] = struct{}{}
+			secrets = append(secrets, secret)
+		}
+	}
+	return secrets, nil
 }

 func (b *builtin) SecretCreate(repo *model.Repo, in *model.Secret) error {
@@ -43,3 +71,51 @@ func (b *builtin) SecretDelete(repo *model.Repo, name string) error {
 	}
 	return b.store.SecretDelete(secret)
 }
+
+func (b *builtin) OrgSecretFind(owner, name string) (*model.Secret, error) {
+	return b.store.OrgSecretFind(owner, name)
+}
+
+func (b *builtin) OrgSecretList(owner string) ([]*model.Secret, error) {
+	return b.store.OrgSecretList(owner)
+}
+
+func (b *builtin) OrgSecretCreate(owner string, in *model.Secret) error {
+	return b.store.SecretCreate(in)
+}
+
+func (b *builtin) OrgSecretUpdate(owner string, in *model.Secret) error {
+	return b.store.SecretUpdate(in)
+}
+
+func (b *builtin) OrgSecretDelete(owner, name string) error {
+	secret, err := b.store.OrgSecretFind(owner, name)
+	if err != nil {
+		return err
+	}
+	return b.store.SecretDelete(secret)
+}
+
+func (b *builtin) GlobalSecretFind(owner string) (*model.Secret, error) {
+	return b.store.GlobalSecretFind(owner)
+}
+
+func (b *builtin) GlobalSecretList() ([]*model.Secret, error) {
+	return b.store.GlobalSecretList()
+}
+
+func (b *builtin) GlobalSecretCreate(in *model.Secret) error {
+	return b.store.SecretCreate(in)
+}
+
+func (b *builtin) GlobalSecretUpdate(in *model.Secret) error {
+	return b.store.SecretUpdate(in)
+}
+
+func (b *builtin) GlobalSecretDelete(name string) error {
+	secret, err := b.store.GlobalSecretFind(name)
+	if err != nil {
+		return err
+	}
+	return b.store.SecretDelete(secret)
+}