From 1573debc73e7cb72ee659ff6449fc5192dbd8e33 Mon Sep 17 00:00:00 2001 From: qwerty287 Date: Mon, 12 Feb 2024 08:50:48 +0100 Subject: [PATCH 1/5] Do not alter secret case --- pipeline/frontend/yaml/compiler/convert.go | 2 +- server/api/repo_secret.go | 3 +-- server/pipeline/stepbuilder/stepBuilder.go | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/pipeline/frontend/yaml/compiler/convert.go b/pipeline/frontend/yaml/compiler/convert.go index 84acd332e8..ec0e722479 100644 --- a/pipeline/frontend/yaml/compiler/convert.go +++ b/pipeline/frontend/yaml/compiler/convert.go @@ -118,7 +118,7 @@ func (c *Compiler) createProcess(container *yaml_types.Container, stepType backe return nil, err } - environment[strings.ToUpper(requested.Target)] = secretValue + environment[requested.Target] = secretValue } if utils.MatchImage(container.Image, c.escalated...) && container.IsPlugin() { diff --git a/server/api/repo_secret.go b/server/api/repo_secret.go index 2a1b963483..7557dfb9a6 100644 --- a/server/api/repo_secret.go +++ b/server/api/repo_secret.go @@ -16,7 +16,6 @@ package api import ( "net/http" - "strings" "github.com/gin-gonic/gin" @@ -68,7 +67,7 @@ func PostSecret(c *gin.Context) { } secret := &model.Secret{ RepoID: repo.ID, - Name: strings.ToLower(in.Name), + Name: in.Name, Value: in.Value, Events: in.Events, Images: in.Images, diff --git a/server/pipeline/stepbuilder/stepBuilder.go b/server/pipeline/stepbuilder/stepBuilder.go index f0bdadb6ae..281c78b91c 100644 --- a/server/pipeline/stepbuilder/stepBuilder.go +++ b/server/pipeline/stepbuilder/stepBuilder.go @@ -240,7 +240,7 @@ func (b *StepBuilder) environmentVariables(metadata metadata.Metadata, axis matr func (b *StepBuilder) toInternalRepresentation(parsed *yaml_types.Workflow, environ map[string]string, metadata metadata.Metadata, stepID int64) (*backend_types.Config, error) { var secrets []compiler.Secret for _, sec := range b.Secs { - events := []string{} + var events []string for _, event := range sec.Events { events = append(events, string(event)) } From 492a5eaa708c89ade6844443e5a030a590990fc0 Mon Sep 17 00:00:00 2001 From: qwerty287 Date: Mon, 12 Feb 2024 08:59:20 +0100 Subject: [PATCH 2/5] Update docs --- docs/docs/20-usage/40-secrets.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/docs/docs/20-usage/40-secrets.md b/docs/docs/20-usage/40-secrets.md index 4c814fae51..a62924498b 100644 --- a/docs/docs/20-usage/40-secrets.md +++ b/docs/docs/20-usage/40-secrets.md @@ -21,11 +21,13 @@ once their usage is declared in the `secrets` section: - name: docker image: docker commands: -+ - echo $DOCKER_USERNAME ++ - echo $docker_username + - echo $DOCKER_PASSWORD -+ secrets: [ docker_username, docker_password ] ++ secrets: [ docker_username, DOCKER_PASSWORD ] ``` +The case of the environment variables is not changed, but secret matching is done case-insensitively. In the example above, `DOCKER_PASSWORD` would also match if the secret is called `docker_password`. + ### Use secrets in settings Alternatively, you can get a `setting` from secrets using the `from_secret` syntax. @@ -53,11 +55,11 @@ Please note parameter expressions are subject to pre-processing. When using secr - name: docker image: docker commands: -- - echo ${DOCKER_USERNAME} +- - echo ${docker_username} - - echo ${DOCKER_PASSWORD} -+ - echo $${DOCKER_USERNAME} ++ - echo $${docker_username} + - echo $${DOCKER_PASSWORD} - secrets: [ docker_username, docker_password ] + secrets: [ docker_username, DOCKER_PASSWORD ] ``` ### Alternate Names From e8ef911f58c6ce22b88569c07caa13be9bc45a12 Mon Sep 17 00:00:00 2001 From: qwerty287 Date: Sat, 17 Feb 2024 10:24:19 +0100 Subject: [PATCH 3/5] make non-breaking --- docs/docs/91-migrations.md | 1 + pipeline/frontend/yaml/compiler/convert.go | 2 ++ 2 files changed, 3 insertions(+) diff --git a/docs/docs/91-migrations.md b/docs/docs/91-migrations.md index 8d4cc08bb2..8bdd26e9d5 100644 --- a/docs/docs/91-migrations.md +++ b/docs/docs/91-migrations.md @@ -8,6 +8,7 @@ Some versions need some changes to the server configuration or the pipeline conf - Removed `WOODPECKER_ROOT_PATH` and `WOODPECKER_ROOT_URL` config variables. Use `WOODPECKER_HOST` with a path instead - Pipelines without a config file will now be skipped instead of failing - Deprecated `includes` and `excludes` support from **event** filter +- Deprecated uppercasing all secret env vars, instead, the value of the `secrets` property is used. [Read more](../20-usage/40-secrets.md#use-secrets-in-commands) ## 2.0.0 diff --git a/pipeline/frontend/yaml/compiler/convert.go b/pipeline/frontend/yaml/compiler/convert.go index ec0e722479..415a4f3ef5 100644 --- a/pipeline/frontend/yaml/compiler/convert.go +++ b/pipeline/frontend/yaml/compiler/convert.go @@ -119,6 +119,8 @@ func (c *Compiler) createProcess(container *yaml_types.Container, stepType backe } environment[requested.Target] = secretValue + // TODO deprecated, remove in 3.x + environment[strings.ToUpper(requested.Target)] = secretValue } if utils.MatchImage(container.Image, c.escalated...) && container.IsPlugin() { From 70ce30d2a2d62af655ece7560362b5b5eb6d5f62 Mon Sep 17 00:00:00 2001 From: qwerty287 Date: Sat, 17 Feb 2024 10:33:47 +0100 Subject: [PATCH 4/5] fix link --- docs/docs/91-migrations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/91-migrations.md b/docs/docs/91-migrations.md index 8bdd26e9d5..bfc899a957 100644 --- a/docs/docs/91-migrations.md +++ b/docs/docs/91-migrations.md @@ -8,7 +8,7 @@ Some versions need some changes to the server configuration or the pipeline conf - Removed `WOODPECKER_ROOT_PATH` and `WOODPECKER_ROOT_URL` config variables. Use `WOODPECKER_HOST` with a path instead - Pipelines without a config file will now be skipped instead of failing - Deprecated `includes` and `excludes` support from **event** filter -- Deprecated uppercasing all secret env vars, instead, the value of the `secrets` property is used. [Read more](../20-usage/40-secrets.md#use-secrets-in-commands) +- Deprecated uppercasing all secret env vars, instead, the value of the `secrets` property is used. [Read more](./20-usage/40-secrets.md#use-secrets-in-commands) ## 2.0.0 From 41974bb367d25b8f5b281ef44fccf04901997b49 Mon Sep 17 00:00:00 2001 From: qwerty287 Date: Sat, 17 Feb 2024 10:36:56 +0100 Subject: [PATCH 5/5] ci restart