mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-11-24 08:02:18 +02:00
source registry secrets from db
This commit is contained in:
parent
7a98bf5398
commit
4502e5a256
@ -17,7 +17,7 @@ var registryCreateCmd = cli.Command{
|
||||
cli.StringFlag{
|
||||
Name: "hostname",
|
||||
Usage: "registry hostname",
|
||||
Value: "index.docker.io",
|
||||
Value: "docker.io",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "username",
|
||||
|
@ -19,7 +19,7 @@ var registryInfoCmd = cli.Command{
|
||||
cli.StringFlag{
|
||||
Name: "hostname",
|
||||
Usage: "registry hostname",
|
||||
Value: "index.docker.io",
|
||||
Value: "docker.io",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "format",
|
||||
|
@ -14,7 +14,7 @@ var registryDeleteCmd = cli.Command{
|
||||
cli.StringFlag{
|
||||
Name: "hostname",
|
||||
Usage: "registry hostname",
|
||||
Value: "index.docker.io",
|
||||
Value: "docker.io",
|
||||
},
|
||||
},
|
||||
}
|
||||
|
@ -17,7 +17,7 @@ var registryUpdateCmd = cli.Command{
|
||||
cli.StringFlag{
|
||||
Name: "hostname",
|
||||
Usage: "registry hostname",
|
||||
Value: "index.docker.io",
|
||||
Value: "docker.io",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "username",
|
||||
|
@ -201,6 +201,10 @@ func PostApproval(c *gin.Context) {
|
||||
if err != nil {
|
||||
logrus.Debugf("Error getting secrets for %s#%d. %s", repo.FullName, build.Number, err)
|
||||
}
|
||||
regs, err := store.FromContext(c).RegistryList(repo)
|
||||
if err != nil {
|
||||
logrus.Debugf("Error getting registry credentials for %s#%d. %s", repo.FullName, build.Number, err)
|
||||
}
|
||||
|
||||
defer func() {
|
||||
uri := fmt.Sprintf("%s/%s/%d", httputil.GetURL(c.Request), repo.FullName, build.Number)
|
||||
@ -216,6 +220,7 @@ func PostApproval(c *gin.Context) {
|
||||
Last: last,
|
||||
Netrc: netrc,
|
||||
Secs: secs,
|
||||
Regs: regs,
|
||||
Link: httputil.GetURL(c.Request),
|
||||
Yaml: string(raw),
|
||||
}
|
||||
@ -475,6 +480,10 @@ func PostBuild(c *gin.Context) {
|
||||
if err != nil {
|
||||
logrus.Debugf("Error getting secrets for %s#%d. %s", repo.FullName, build.Number, err)
|
||||
}
|
||||
regs, err := store.FromContext(c).RegistryList(repo)
|
||||
if err != nil {
|
||||
logrus.Debugf("Error getting registry credentials for %s#%d. %s", repo.FullName, build.Number, err)
|
||||
}
|
||||
|
||||
b := builder{
|
||||
Repo: repo,
|
||||
@ -482,6 +491,7 @@ func PostBuild(c *gin.Context) {
|
||||
Last: last,
|
||||
Netrc: netrc,
|
||||
Secs: secs,
|
||||
Regs: regs,
|
||||
Link: httputil.GetURL(c.Request),
|
||||
Yaml: string(raw),
|
||||
}
|
||||
|
@ -159,6 +159,11 @@ func PostHook(c *gin.Context) {
|
||||
logrus.Debugf("Error getting secrets for %s#%d. %s", repo.FullName, build.Number, err)
|
||||
}
|
||||
|
||||
regs, err := store.FromContext(c).RegistryList(repo)
|
||||
if err != nil {
|
||||
logrus.Debugf("Error getting registry credentials for %s#%d. %s", repo.FullName, build.Number, err)
|
||||
}
|
||||
|
||||
var mustApprove bool
|
||||
if build.Event == model.EventPull {
|
||||
for _, sec := range secs {
|
||||
@ -255,6 +260,7 @@ func PostHook(c *gin.Context) {
|
||||
Last: last,
|
||||
Netrc: netrc,
|
||||
Secs: secs,
|
||||
Regs: regs,
|
||||
Link: httputil.GetURL(c.Request),
|
||||
Yaml: string(raw),
|
||||
}
|
||||
@ -411,6 +417,7 @@ type builder struct {
|
||||
Last *model.Build
|
||||
Netrc *model.Netrc
|
||||
Secs []*model.Secret
|
||||
Regs []*model.Registry
|
||||
Link string
|
||||
Yaml string
|
||||
}
|
||||
@ -491,6 +498,15 @@ func (b *builder) Build() ([]*buildItem, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var registries []compiler.Registry
|
||||
for _, reg := range b.Regs {
|
||||
registries = append(registries, compiler.Registry{
|
||||
Username: reg.Username,
|
||||
Password: reg.Password,
|
||||
Email: reg.Email,
|
||||
})
|
||||
}
|
||||
|
||||
ir := compiler.New(
|
||||
compiler.WithEnviron(environ),
|
||||
// TODO ability to customize the escalated plugins
|
||||
@ -504,6 +520,7 @@ func (b *builder) Build() ([]*buildItem, error) {
|
||||
),
|
||||
b.Repo.IsPrivate,
|
||||
),
|
||||
compiler.WithRegistry(registries...),
|
||||
compiler.WithPrefix(
|
||||
fmt.Sprintf(
|
||||
"%d_%d",
|
||||
|
27
vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/compiler.go
generated
vendored
27
vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/compiler.go
generated
vendored
@ -12,17 +12,26 @@ import (
|
||||
// TODO(bradrydzewski) compiler should handle user-defined volumes from YAML
|
||||
// TODO(bradrydzewski) compiler should handle user-defined networks from YAML
|
||||
|
||||
type Registry struct {
|
||||
Hostname string
|
||||
Username string
|
||||
Password string
|
||||
Email string
|
||||
Token string
|
||||
}
|
||||
|
||||
// Compiler compiles the yaml
|
||||
type Compiler struct {
|
||||
local bool
|
||||
escalated []string
|
||||
prefix string
|
||||
volumes []string
|
||||
env map[string]string
|
||||
base string
|
||||
path string
|
||||
metadata frontend.Metadata
|
||||
aliases []string
|
||||
local bool
|
||||
escalated []string
|
||||
prefix string
|
||||
volumes []string
|
||||
env map[string]string
|
||||
base string
|
||||
path string
|
||||
metadata frontend.Metadata
|
||||
registries []Registry
|
||||
aliases []string
|
||||
}
|
||||
|
||||
// New creates a new Compiler with options.
|
||||
|
22
vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/convert.go
generated
vendored
22
vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/convert.go
generated
vendored
@ -88,6 +88,20 @@ func (c *Compiler) createProcess(name string, container *yaml.Container) *backen
|
||||
environment["SHELL"] = "/bin/sh"
|
||||
}
|
||||
|
||||
authConfig := backend.Auth{
|
||||
Username: container.AuthConfig.Username,
|
||||
Password: container.AuthConfig.Password,
|
||||
Email: container.AuthConfig.Email,
|
||||
}
|
||||
for _, registry := range c.registries {
|
||||
if matchHostname(image, registry.Hostname) {
|
||||
authConfig.Username = registry.Username
|
||||
authConfig.Password = registry.Password
|
||||
authConfig.Email = registry.Email
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
return &backend.Step{
|
||||
Name: name,
|
||||
Alias: container.Name,
|
||||
@ -112,12 +126,8 @@ func (c *Compiler) createProcess(name string, container *yaml.Container) *backen
|
||||
CPUQuota: int64(container.CPUQuota),
|
||||
CPUShares: int64(container.CPUShares),
|
||||
CPUSet: container.CPUSet,
|
||||
AuthConfig: backend.Auth{
|
||||
Username: container.AuthConfig.Username,
|
||||
Password: container.AuthConfig.Password,
|
||||
Email: container.AuthConfig.Email,
|
||||
},
|
||||
OnSuccess: container.Constraints.Status.Match("success"),
|
||||
AuthConfig: authConfig,
|
||||
OnSuccess: container.Constraints.Status.Match("success"),
|
||||
OnFailure: (len(container.Constraints.Status.Include)+
|
||||
len(container.Constraints.Status.Exclude) != 0) &&
|
||||
container.Constraints.Status.Match("failure"),
|
||||
|
10
vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/image.go
generated
vendored
10
vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/image.go
generated
vendored
@ -34,3 +34,13 @@ func matchImage(from string, to ...string) bool {
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// matchHostname returns true if the image hostname
|
||||
// matches the specified hostname.
|
||||
func matchHostname(image, hostname string) bool {
|
||||
ref, err := reference.ParseNamed(image)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
return ref.Hostname() == hostname
|
||||
}
|
||||
|
8
vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/option.go
generated
vendored
8
vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/option.go
generated
vendored
@ -31,6 +31,14 @@ func WithVolumes(volumes ...string) Option {
|
||||
}
|
||||
}
|
||||
|
||||
// WithRegistry configures the compiler with registry credentials
|
||||
// that should be used to download images.
|
||||
func WithRegistry(registries ...Registry) Option {
|
||||
return func(compiler *Compiler) {
|
||||
compiler.registries = registries
|
||||
}
|
||||
}
|
||||
|
||||
// WithMetadata configutes the compiler with the repostiory, build
|
||||
// and system metadata. The metadata is used to remove steps from
|
||||
// the compiled pipeline configuration that should be skipped. The
|
||||
|
17
vendor/github.com/cncd/queue/fifo.go
generated
vendored
17
vendor/github.com/cncd/queue/fifo.go
generated
vendored
@ -92,6 +92,23 @@ func (q *fifo) Error(c context.Context, id string, err error) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Evict removes a pending task from the queue.
|
||||
func (q *fifo) Evict(c context.Context, id string) error {
|
||||
q.Lock()
|
||||
defer q.Unlock()
|
||||
|
||||
var next *list.Element
|
||||
for e := q.pending.Front(); e != nil; e = next {
|
||||
next = e.Next()
|
||||
task, ok := e.Value.(*Task)
|
||||
if ok && task.ID == id {
|
||||
q.pending.Remove(e)
|
||||
return nil
|
||||
}
|
||||
}
|
||||
return ErrNotFound
|
||||
}
|
||||
|
||||
// Wait waits until the item is done executing.
|
||||
func (q *fifo) Wait(c context.Context, id string) error {
|
||||
q.Lock()
|
||||
|
3
vendor/github.com/cncd/queue/queue.go
generated
vendored
3
vendor/github.com/cncd/queue/queue.go
generated
vendored
@ -59,6 +59,9 @@ type Queue interface {
|
||||
// Error signals the task is complete with errors.
|
||||
Error(c context.Context, id string, err error) error
|
||||
|
||||
// Evict removes a pending task from the queue.
|
||||
Evict(c context.Context, id string) error
|
||||
|
||||
// Wait waits until the task is complete.
|
||||
Wait(c context.Context, id string) error
|
||||
|
||||
|
52
vendor/vendor.json
vendored
52
vendor/vendor.json
vendored
@ -28,68 +28,68 @@
|
||||
{
|
||||
"checksumSHA1": "W3AuK8ocqHwlUajGmQLFvnRhTZE=",
|
||||
"path": "github.com/cncd/pipeline/pipeline",
|
||||
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
|
||||
"revisionTime": "2017-03-29T08:36:18Z"
|
||||
"revision": "087d10834b19bbb8d1665152696ca63883610021",
|
||||
"revisionTime": "2017-04-06T15:46:03Z"
|
||||
},
|
||||
{
|
||||
"checksumSHA1": "Qu2FreqaMr8Yx2bW9O0cxAGgjr0=",
|
||||
"path": "github.com/cncd/pipeline/pipeline/backend",
|
||||
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
|
||||
"revisionTime": "2017-03-29T08:36:18Z"
|
||||
"revision": "087d10834b19bbb8d1665152696ca63883610021",
|
||||
"revisionTime": "2017-04-06T15:46:03Z"
|
||||
},
|
||||
{
|
||||
"checksumSHA1": "0CGXRaYwZhJxGIrGhn8WGpkFqPo=",
|
||||
"path": "github.com/cncd/pipeline/pipeline/backend/docker",
|
||||
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
|
||||
"revisionTime": "2017-03-29T08:36:18Z"
|
||||
"revision": "087d10834b19bbb8d1665152696ca63883610021",
|
||||
"revisionTime": "2017-04-06T15:46:03Z"
|
||||
},
|
||||
{
|
||||
"checksumSHA1": "/8wE+cVb7T4PQZgpLNu0DHzKGuE=",
|
||||
"path": "github.com/cncd/pipeline/pipeline/frontend",
|
||||
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
|
||||
"revisionTime": "2017-03-29T08:36:18Z"
|
||||
"revision": "087d10834b19bbb8d1665152696ca63883610021",
|
||||
"revisionTime": "2017-04-06T15:46:03Z"
|
||||
},
|
||||
{
|
||||
"checksumSHA1": "O0sulBQAHJeNLg3lO38Cq5uf/eg=",
|
||||
"path": "github.com/cncd/pipeline/pipeline/frontend/yaml",
|
||||
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
|
||||
"revisionTime": "2017-03-29T08:36:18Z"
|
||||
"revision": "087d10834b19bbb8d1665152696ca63883610021",
|
||||
"revisionTime": "2017-04-06T15:46:03Z"
|
||||
},
|
||||
{
|
||||
"checksumSHA1": "ftyr9EJQl9D5OvzOcqGBS6stt0g=",
|
||||
"checksumSHA1": "4gmWpW2MkXgWGSSvSoRFu1YjGbQ=",
|
||||
"path": "github.com/cncd/pipeline/pipeline/frontend/yaml/compiler",
|
||||
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
|
||||
"revisionTime": "2017-03-29T08:36:18Z"
|
||||
"revision": "087d10834b19bbb8d1665152696ca63883610021",
|
||||
"revisionTime": "2017-04-06T15:46:03Z"
|
||||
},
|
||||
{
|
||||
"checksumSHA1": "Q0GkNUFamVYIA1Fd8r0A5M6Gx54=",
|
||||
"path": "github.com/cncd/pipeline/pipeline/frontend/yaml/linter",
|
||||
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
|
||||
"revisionTime": "2017-03-29T08:36:18Z"
|
||||
"revision": "087d10834b19bbb8d1665152696ca63883610021",
|
||||
"revisionTime": "2017-04-06T15:46:03Z"
|
||||
},
|
||||
{
|
||||
"checksumSHA1": "kx2sPUIMozPC/g6E4w48h3FfH3k=",
|
||||
"path": "github.com/cncd/pipeline/pipeline/frontend/yaml/matrix",
|
||||
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
|
||||
"revisionTime": "2017-03-29T08:36:18Z"
|
||||
"revision": "087d10834b19bbb8d1665152696ca63883610021",
|
||||
"revisionTime": "2017-04-06T15:46:03Z"
|
||||
},
|
||||
{
|
||||
"checksumSHA1": "2/3f3oNmxXy5kcrRLCFa24Oc9O4=",
|
||||
"path": "github.com/cncd/pipeline/pipeline/interrupt",
|
||||
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
|
||||
"revisionTime": "2017-03-29T08:36:18Z"
|
||||
"revision": "087d10834b19bbb8d1665152696ca63883610021",
|
||||
"revisionTime": "2017-04-06T15:46:03Z"
|
||||
},
|
||||
{
|
||||
"checksumSHA1": "uOjTfke7Qxosrivgz/nVTHeIP5g=",
|
||||
"path": "github.com/cncd/pipeline/pipeline/multipart",
|
||||
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
|
||||
"revisionTime": "2017-03-29T08:36:18Z"
|
||||
"revision": "087d10834b19bbb8d1665152696ca63883610021",
|
||||
"revisionTime": "2017-04-06T15:46:03Z"
|
||||
},
|
||||
{
|
||||
"checksumSHA1": "TP5lK1T8cOKv5QjZ2nqdlYczSTo=",
|
||||
"path": "github.com/cncd/pipeline/pipeline/rpc",
|
||||
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
|
||||
"revisionTime": "2017-03-29T08:36:18Z"
|
||||
"revision": "087d10834b19bbb8d1665152696ca63883610021",
|
||||
"revisionTime": "2017-04-06T15:46:03Z"
|
||||
},
|
||||
{
|
||||
"checksumSHA1": "7Qj1DK0ceAXkYztW0l3+L6sn+V8=",
|
||||
@ -98,10 +98,10 @@
|
||||
"revisionTime": "2017-03-03T07:06:35Z"
|
||||
},
|
||||
{
|
||||
"checksumSHA1": "AG4M07wOZNTnSFHJIfdXT2ymnts=",
|
||||
"checksumSHA1": "7/jDRi3wCIn5jExBspvFRzRQsGE=",
|
||||
"path": "github.com/cncd/queue",
|
||||
"revision": "1ce1ada7160f1eda015a16c1b7f9ea497fa36873",
|
||||
"revisionTime": "2017-03-03T07:04:55Z"
|
||||
"revision": "63b1974bbcc9b4b251ed18f88edc3a643eb64ff7",
|
||||
"revisionTime": "2017-04-06T02:25:48Z"
|
||||
},
|
||||
{
|
||||
"origin": "github.com/stretchr/testify/vendor/github.com/davecgh/go-spew/spew",
|
||||
|
Loading…
Reference in New Issue
Block a user