mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-06-03 05:59:30 +00:00
use yaml parameter to restrict local plugin execution
This commit is contained in:
Brad Rydzewski
parent
9df2a43525
commit
def995b164
|
|
@ -29,7 +29,6 @@ type Agent struct {
|
|||
Platform string
|
||||
Namespace string
|
||||
Extension []string
|
||||
Disable []string
|
||||
Escalate []string
|
||||
Netrc []string
|
||||
Local string
|
||||
|
|
@ -187,7 +186,7 @@ func (a *Agent) prep(w *model.Work) (*yaml.Config, error) {
|
|||
transform.PluginParams(conf)
|
||||
|
||||
if a.Local != "" {
|
||||
transform.PluginDisable(conf, a.Disable)
|
||||
transform.PluginDisable(conf, true)
|
||||
transform.ImageVolume(conf, []string{a.Local + ":" + conf.Workspace.Path})
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -33,11 +33,6 @@ var execCmd = cli.Command{
|
|||
Usage: "build from local directory",
|
||||
EnvVar: "DRONE_LOCAL",
|
||||
},
|
||||
cli.StringSliceFlag{
|
||||
Name: "plugin",
|
||||
Usage: "plugin steps to enable",
|
||||
EnvVar: "DRONE_PLUGIN_ENABLE",
|
||||
},
|
||||
cli.StringSliceFlag{
|
||||
Name: "secret",
|
||||
Usage: "build secrets in KEY=VALUE format",
|
||||
|
|
@ -70,12 +65,6 @@ var execCmd = cli.Command{
|
|||
Name: "pull",
|
||||
Usage: "always pull latest plugin images",
|
||||
},
|
||||
cli.StringFlag{
|
||||
EnvVar: "DRONE_PLUGIN_NAMESPACE",
|
||||
Name: "namespace",
|
||||
Value: "plugins",
|
||||
Usage: "default plugin image namespace",
|
||||
},
|
||||
cli.StringSliceFlag{
|
||||
EnvVar: "DRONE_PLUGIN_PRIVILEGED",
|
||||
Name: "privileged",
|
||||
|
|
@ -157,7 +146,7 @@ var execCmd = cli.Command{
|
|||
Usage: "repository is private",
|
||||
EnvVar: "DRONE_REPO_PRIVATE",
|
||||
},
|
||||
cli.BoolFlag{
|
||||
cli.BoolTFlag{
|
||||
Name: "repo.trusted",
|
||||
Usage: "repository is trusted",
|
||||
EnvVar: "DRONE_REPO_TRUSTED",
|
||||
|
|
@ -326,17 +315,15 @@ func exec(c *cli.Context) error {
|
|||
}
|
||||
|
||||
a := agent.Agent{
|
||||
Update: agent.NoopUpdateFunc,
|
||||
Logger: agent.TermLoggerFunc,
|
||||
Engine: engine,
|
||||
Timeout: c.Duration("timeout.inactivity"),
|
||||
Platform: "linux/amd64",
|
||||
Namespace: c.String("namespace"),
|
||||
Disable: c.StringSlice("plugin"),
|
||||
Escalate: c.StringSlice("privileged"),
|
||||
Netrc: []string{},
|
||||
Local: dir,
|
||||
Pull: c.Bool("pull"),
|
||||
Update: agent.NoopUpdateFunc,
|
||||
Logger: agent.TermLoggerFunc,
|
||||
Engine: engine,
|
||||
Timeout: c.Duration("timeout.inactivity"),
|
||||
Platform: "linux/amd64",
|
||||
Escalate: c.StringSlice("privileged"),
|
||||
Netrc: []string{},
|
||||
Local: dir,
|
||||
Pull: c.Bool("pull"),
|
||||
}
|
||||
|
||||
payload := &model.Work{
|
||||
|
|
@ -353,7 +340,7 @@ func exec(c *cli.Context) error {
|
|||
Avatar: c.String("repo.avatar"),
|
||||
Timeout: int64(c.Duration("timeout").Minutes()),
|
||||
IsPrivate: c.Bool("repo.private"),
|
||||
IsTrusted: c.Bool("repo.trusted"),
|
||||
IsTrusted: c.BoolT("repo.trusted"),
|
||||
Clone: c.String("remote.url"),
|
||||
},
|
||||
System: &model.System{
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ import (
|
|||
type Constraints struct {
|
||||
Repo Constraint
|
||||
Ref Constraint
|
||||
Refspec Constraint
|
||||
Runtime Constraint
|
||||
Platform Constraint
|
||||
Environment Constraint
|
||||
Event Constraint
|
||||
|
|
|
|||
|
|
@ -1,27 +1,22 @@
|
|||
package transform
|
||||
|
||||
import (
|
||||
"path/filepath"
|
||||
|
||||
"github.com/drone/drone/yaml"
|
||||
)
|
||||
import "github.com/drone/drone/yaml"
|
||||
|
||||
// PluginDisable is a transform function that alters the Yaml configuration to
|
||||
// disables plugins. This is intended for use when executing the pipeline
|
||||
// locally on your own computer.
|
||||
func PluginDisable(conf *yaml.Config, patterns []string) error {
|
||||
func PluginDisable(conf *yaml.Config, local bool) error {
|
||||
for _, container := range conf.Pipeline {
|
||||
if len(container.Commands) != 0 { // skip build steps
|
||||
if len(container.Commands) != 0 || container.Detached { // skip build steps
|
||||
continue
|
||||
}
|
||||
var match bool
|
||||
for _, pattern := range patterns {
|
||||
if ok, _ := filepath.Match(pattern, container.Name); ok {
|
||||
match = true
|
||||
break
|
||||
}
|
||||
|
||||
if isClone(container) {
|
||||
container.Disabled = true
|
||||
continue
|
||||
}
|
||||
if !match {
|
||||
|
||||
if local && container.Constraints.Runtime.Match("cli") {
|
||||
container.Disabled = true
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,6 +5,10 @@ import (
|
|||
"github.com/drone/drone/yaml"
|
||||
)
|
||||
|
||||
//
|
||||
// TODO remove
|
||||
//
|
||||
|
||||
func ImageSecrets(c *yaml.Config, secrets []*model.Secret, event string) error {
|
||||
var images []*yaml.Container
|
||||
images = append(images, c.Pipeline...)
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package transform
|
|||
|
||||
import "github.com/drone/drone/yaml"
|
||||
|
||||
// ImageVolume mounts a default volume (used for drone exec)
|
||||
func ImageVolume(conf *yaml.Config, volumes []string) error {
|
||||
|
||||
if len(volumes) == 0 {
|
||||
|
|
|
|||
Loading…
Reference in a new issue