Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not alter secret key upper-/lowercase #3375

Merged
merged 10 commits into from
Feb 20, 2024
Merged

Do not alter secret key upper-/lowercase #3375

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
1573deb
Do not alter secret case
qwerty287 Feb 12, 2024
492a5ea
Update docs
qwerty287 Feb 12, 2024
8c0eb38
Merge branch 'main' into secrets-case
qwerty287 Feb 17, 2024
e8ef911
make non-breaking
qwerty287 Feb 17, 2024
cd13bd9
Merge branch 'main' into secrets-case
qwerty287 Feb 17, 2024
70ce30d
fix link
qwerty287 Feb 17, 2024
091fcef
Merge branch 'main' into secrets-case
qwerty287 Feb 17, 2024
41974bb
ci restart
qwerty287 Feb 17, 2024
b7cfff7
Merge branch 'main' into secrets-case
qwerty287 Feb 18, 2024
9093ae7
Merge branch 'main' into secrets-case
qwerty287 Feb 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 7 additions & 5 deletions docs/docs/20-usage/40-secrets.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,13 @@ once their usage is declared in the `secrets` section:
- name: docker
image: docker
commands:
+ - echo $DOCKER_USERNAME
+ - echo $docker_username
+ - echo $DOCKER_PASSWORD
+ secrets: [ docker_username, docker_password ]
+ secrets: [ docker_username, DOCKER_PASSWORD ]
```

The case of the environment variables is not changed, but secret matching is done case-insensitively. In the example above, `DOCKER_PASSWORD` would also match if the secret is called `docker_password`.

### Use secrets in settings

Alternatively, you can get a `setting` from secrets using the `from_secret` syntax.
Expand Down Expand Up @@ -53,11 +55,11 @@ Please note parameter expressions are subject to pre-processing. When using secr
- name: docker
image: docker
commands:
- - echo ${DOCKER_USERNAME}
- - echo ${docker_username}
- - echo ${DOCKER_PASSWORD}
+ - echo $${DOCKER_USERNAME}
+ - echo $${docker_username}
+ - echo $${DOCKER_PASSWORD}
secrets: [ docker_username, docker_password ]
secrets: [ docker_username, DOCKER_PASSWORD ]
```

### Alternate Names
Expand Down
1 change: 1 addition & 0 deletions docs/docs/91-migrations.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ Some versions need some changes to the server configuration or the pipeline conf
- Removed `WOODPECKER_ROOT_PATH` and `WOODPECKER_ROOT_URL` config variables. Use `WOODPECKER_HOST` with a path instead
- Pipelines without a config file will now be skipped instead of failing
- Deprecated `includes` and `excludes` support from **event** filter
- Deprecated uppercasing all secret env vars, instead, the value of the `secrets` property is used. [Read more](./20-usage/40-secrets.md#use-secrets-in-commands)

## 2.0.0

Expand Down
2 changes: 2 additions & 0 deletions pipeline/frontend/yaml/compiler/convert.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,8 @@
return nil, err
}

environment[requested.Target] = secretValue
// TODO deprecated, remove in 3.x

Check warning on line 122 in pipeline/frontend/yaml/compiler/convert.go

View check run for this annotation

Codecov / codecov/patch

pipeline/frontend/yaml/compiler/convert.go#L121-L122 

Added lines #L121 - L122 were not covered by tests
environment[strings.ToUpper(requested.Target)] = secretValue
}

Expand Down
3 changes: 1 addition & 2 deletions server/api/repo_secret.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@

import (
"net/http"
"strings"

"github.com/gin-gonic/gin"

Expand Down Expand Up @@ -68,7 +67,7 @@
}
secret := &model.Secret{
RepoID: repo.ID,
Name: strings.ToLower(in.Name),
Name: in.Name,

Check warning on line 70 in server/api/repo_secret.go

View check run for this annotation

Codecov / codecov/patch

server/api/repo_secret.go#L70 

Added line #L70 was not covered by tests
Value: in.Value,
Events: in.Events,
Images: in.Images,
Expand Down
2 changes: 1 addition & 1 deletion server/pipeline/stepbuilder/stepBuilder.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -240,7 +240,7 @@
func (b *StepBuilder) toInternalRepresentation(parsed *yaml_types.Workflow, environ map[string]string, metadata metadata.Metadata, stepID int64) (*backend_types.Config, error) {
var secrets []compiler.Secret
for _, sec := range b.Secs {
events := []string{}
var events []string

Check warning on line 243 in server/pipeline/stepbuilder/stepBuilder.go

View check run for this annotation

Codecov / codecov/patch

server/pipeline/stepbuilder/stepBuilder.go#L243 

Added line #L243 was not covered by tests
for _, event := range sec.Events {
events = append(events, string(event))
}
Expand Down