Merge pull request #1413 from TangRufus/composer-auth-principles

roots · Dec 4, 2022 · 169ebc7 · 169ebc7
2 parents b274b01 + 4c2bb35
commit 169ebc7
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 14 deletions.
diff --git a/group_vars/all/helpers.yml b/group_vars/all/helpers.yml
@@ -21,3 +21,7 @@ cron_enabled: "{{ site_env.disable_wp_cron and (not item.value.multisite.enabled
 sites_use_ssl: "{{ wordpress_sites.values() | map(attribute='ssl') | selectattr('enabled') | list | count > 0 }}"
 
 composer_authentications: "{{ vault_wordpress_sites[site].composer_authentications | default([]) }}"
+# Default `type` is `http-basic`.
+composer_authentications_using_basic_auth: "{{ composer_authentications | rejectattr('type', 'defined') | union( composer_authentications | selectattr('type', 'defined') | selectattr('type', 'equalto', 'http-basic') ) }}"
+composer_authentications_using_bitbucket_oauth: "{{ composer_authentications | selectattr('type', 'defined') | selectattr('type', 'equalto', 'bitbucket-oauth') }}"
+composer_authentications_using_other_token: "{{ composer_authentications | selectattr('type', 'defined') | rejectattr('type', 'equalto', 'http-basic') | rejectattr('type', 'equalto', 'bitbucket-oauth') }}"
diff --git a/roles/deploy/hooks/build-after.yml b/roles/deploy/hooks/build-after.yml
@@ -9,20 +9,48 @@
     msg: "Unable to find a `composer.json` file in the root of '{{ deploy_helper.new_release_path }}'. Make sure your repo has a `composer.json` file in its root or edit `repo_subtree_path` for '{{ site }}' in `wordpress_sites.yml` so it points to the directory with a `composer.json` file."
   when: not composer_json.stat.exists
 
-- name: Setup composer authentications
+- name: Setup composer authentications (HTTP Basic)
   composer:
     command: config
-    arguments: --auth http-basic.{{ composer_authentication.hostname | quote }} {{ composer_authentication.username | quote }} {{ composer_authentication.password | default("") | quote }}
+    arguments: --auth http-basic.{{ item.hostname | quote }} {{ item.username | quote }} {{ item.password | default("") | quote }}
     working_dir: "{{ deploy_helper.new_release_path }}"
   no_log: true
   changed_when: false
   when:
-    - composer_authentication.hostname is defined and composer_authentication.hostname != ""
-    - composer_authentication.username is defined and composer_authentication.username != ""
-  loop: "{{ composer_authentications | default([]) }}"
+    - item.hostname is defined and item.hostname != ""
+    - item.username is defined and item.username != ""
+  loop: "{{ composer_authentications_using_basic_auth }}"
   loop_control:
-    loop_var: composer_authentication
-    label: "{{ composer_authentication.hostname }}"
+    label: "{{ item.type | default('default-type') }}.{{ item.hostname }}"
+
+- name: Setup composer authentications (BitBucket OAuth)
+  composer:
+    command: config
+    arguments: --auth bitbucket-oauth.{{ item.hostname | quote }} {{ item.consumer_key | quote }} {{ item.consumer_secret | quote }}
+    working_dir: "{{ deploy_helper.new_release_path }}"
+  no_log: true
+  changed_when: false
+  when:
+    - item.hostname is defined and item.hostname != ""
+    - item.consumer_key is defined and item.consumer_key != ""
+    - item.consumer_secret is defined and item.consumer_secret != ""
+  loop: "{{ composer_authentications_using_bitbucket_oauth }}"
+  loop_control:
+    label: "{{ item.type }}.{{ item.hostname }}"
+
+- name: Setup composer authentications (Other Tokens)
+  composer:
+    command: config
+    arguments: --auth {{ item.type | quote }}.{{ item.hostname | quote }} {{ item.token | quote }}
+    working_dir: "{{ deploy_helper.new_release_path }}"
+  no_log: true
+  changed_when: false
+  when:
+    - item.hostname is defined and item.hostname != ""
+    - item.token is defined and item.token != ""
+  loop: "{{ composer_authentications_using_other_token }}"
+  loop_control:
+    label: "{{ item.type }}.{{ item.hostname }}"
 
 - name: Run composer check
   composer:

diff --git a/roles/wordpress-install/tasks/composer-authentications.yml b/roles/wordpress-install/tasks/composer-authentications.yml
@@ -1,16 +1,44 @@
 ---
-- name: "Setup composer authentications - {{ site }}"
+- name: "Setup composer authentications (HTTP Basic) - {{ site }}"
   composer:
     command: config
-    arguments: --auth http-basic.{{ composer_authentication.hostname | quote }} {{ composer_authentication.username | quote }} {{ composer_authentication.password | default("") | quote }}
+    arguments: --auth http-basic.{{ item.hostname | quote }} {{ item.username | quote }} {{ item.password | default("") | quote }}
     working_dir: "{{ working_dir }}"
   become: no
   no_log: true
   changed_when: false
   when:
-    - composer_authentication.hostname is defined and composer_authentication.hostname != ""
-    - composer_authentication.username is defined and composer_authentication.username != ""
-  loop: "{{ composer_authentications | default([]) }}"
+    - item.hostname is defined and item.hostname != ""
+    - item.username is defined and item.username != ""
+  loop: "{{ composer_authentications_using_basic_auth }}"
   loop_control:
-    loop_var: composer_authentication
-    label: "{{ composer_authentication.hostname }}"
+    label: "{{ item.type | default('default-type') }}.{{ item.hostname }}"
+
+- name: "Setup composer authentications (BitBucket OAuth) - {{ site }}"
+  composer:
+    command: config
+    arguments: --auth bitbucket-oauth.{{ item.hostname | quote }} {{ item.consumer_key | quote }} {{ item.consumer_secret | quote }}
+    working_dir: "{{ working_dir }}"
+  no_log: true
+  changed_when: false
+  when:
+    - item.hostname is defined and item.hostname != ""
+    - item.consumer_key is defined and item.consumer_key != ""
+    - item.consumer_secret is defined and item.consumer_secret != ""
+  loop: "{{ composer_authentications_using_bitbucket_oauth }}"
+  loop_control:
+    label: "{{ item.type }}.{{ item.hostname }}"
+
+- name: "Setup composer authentications (Other Tokens) - {{ site }}"
+  composer:
+    command: config
+    arguments: --auth {{ item.type | quote }}.{{ item.hostname | quote }} {{ item.token | quote }}
+    working_dir: "{{ working_dir }}"
+  no_log: true
+  changed_when: false
+  when:
+    - item.hostname is defined and item.hostname != ""
+    - item.token is defined and item.token != ""
+  loop: "{{ composer_authentications_using_other_token }}"
+  loop_control:
+    label: "{{ item.type }}.{{ item.hostname }}"