Allow to get secrets from file (#5509)

2025-09-16 08:46:30 +02:00 · 2025-09-14 12:26:56 +02:00
parent f82f0653d6
commit 47a00051e6
2 changed files with 25 additions and 0 deletions
--- a/cli/exec/exec.go
+++ b/cli/exec/exec.go
@@ -25,6 +25,7 @@ import (
 	"runtime"
 	"strings"

+	"codeberg.org/6543/xyaml"
 	"github.com/drone/envsubst"
 	"github.com/oklog/ulid/v2"
 	"github.com/rs/zerolog/log"
@@ -169,6 +170,25 @@ func execWithAxis(ctx context.Context, c *cli.Command, file, repoPath string, ax
 			Value: val,
 		})
 	}
+	if secretsFile := c.String("secrets-file"); secretsFile != "" {
+		fileContent, err := os.ReadFile(secretsFile)
+		if err != nil {
+			return err
+		}
+
+		var m map[string]string
+		err = xyaml.Unmarshal(fileContent, &m)
+		if err != nil {
+			return err
+		}
+
+		for key, val := range m {
+			secrets = append(secrets, compiler.Secret{
+				Name:  key,
+				Value: val,
+			})
+		}
+	}

 	pipelineEnv := make(map[string]string)
 	for _, env := range c.StringSlice("env") {
--- a/cli/exec/flags.go
+++ b/cli/exec/flags.go
@@ -78,6 +78,11 @@ var flags = []cli.Flag{
 		Name:    "secrets",
 		Usage:   "map of secrets, ex. 'secret=\"val\",secret2=\"value2\"'",
 	},
+	&cli.StringFlag{
+		Sources: cli.EnvVars("WOODPECKER_SECRETS_FILE"),
+		Name:    "secrets",
+		Usage:   "path to yaml file with secrets map",
+	},

 	//
 	// backend options for pipeline compiler