run deploy scripts from within trusted repos

This commit is contained in:
AJ ONeal 2020-10-20 22:44:31 -06:00
parent d9093969f9
commit 0ee8194ac7
6 changed files with 79 additions and 35 deletions

View File

@ -1 +1,3 @@
{}
{
"tabWidth": 2
}

View File

@ -80,6 +80,7 @@ GIT_REF_NAME=master
GIT_REF_TYPE=branch
GIT_REPO_OWNER=my-org
GIT_REPO_NAME=my-project
GIT_REPO_TRUSTED=true
```
## API

View File

@ -3,13 +3,28 @@
# The directory of this bash script
base_dir="$(dirname "$(readlink -f "$0")")"
if [[ -f "${base_dir}/${GIT_REPO_ID}/deploy.sh" ]]
then
function deploy_local() {
echo "Running deplay script for ${GIT_REPO_ID}"
bash "${base_dir}/${GIT_REPO_ID}/deploy.sh"
exit 0
fi
bash -o errexit -o nounset "${base_dir}/${GIT_REPO_ID}/deploy.sh"
}
function deploy_trusted() {
my_tmp="$(mktemp -d -t "tmp.XXXXXXXXXX")"
git clone --depth=1 "${GIT_CLONE_URL}" -b "${GIT_REF_NAME}" "${my_tmp}/${GIT_REPO_NAME}"
pushd "${my_tmp}/${GIT_REPO_NAME}"
if [[ -f ".gitdeploy/deploy.sh" ]]
then
bash -o errexit -o nounset ".gitdeploy/deploy.sh"
else
echo "Missing ${GIT_REPO_ID}/.gitdeploy/deploy.sh"
fi
popd
rm -rf "${my_tmp}/${GIT_REPO_NAME}/"
}
function show_help() {
echo ""
echo "Nothing to do for ${GIT_REPO_ID}"
echo ""
@ -26,14 +41,28 @@ echo ""
echo "You can use any of these ENVs in your deploy script:"
# These environment variables are set by the caller
my_envs='GIT_REF_NAME
GIT_REF_TYPE
GIT_REPO_ID
my_envs='GIT_REPO_ID
GIT_CLONE_URL
GIT_REPO_OWNER
GIT_REPO_NAME
GIT_CLONE_URL'
GIT_REF_TYPE
GIT_REF_NAME
GIT_REPO_TRUSTED
'
for x in $my_envs; do
echo "$x=${!x}"
done
sleep 1
}
if [[ -f "${base_dir}/${GIT_REPO_ID}/deploy.sh" ]]; then
deploy_local
exit 0
elif [[ "true" == "${GIT_REPO_TRUSTED}" ]]; then
deploy_trusted
exit 0
else
show_help
exit 1
fi

View File

@ -1,5 +1,6 @@
#!/bin/bash
set -u
set -e
if [[ "${GIT_REF_NAME}" != "master" ]]
then

View File

@ -1,5 +1,6 @@
#!/bin/bash
set -u
set -e
if [[ "${GIT_REF_NAME}" != "master" ]]
then

12
main.go
View File

@ -150,7 +150,11 @@ func main() {
return
}
if 0 == len(runOpts.RepoList) {
runOpts.RepoList = os.Getenv("REPO_LIST")
runOpts.RepoList = os.Getenv("TRUST_REPOS")
}
if len(runOpts.RepoList) > 0 {
runOpts.RepoList = strings.ReplaceAll(runOpts.RepoList, ",", " ")
runOpts.RepoList = strings.ReplaceAll(runOpts.RepoList, " ", " ")
}
if 0 == len(promotionList) {
promotionList = os.Getenv("PROMOTIONS")
@ -446,6 +450,12 @@ func runHook(hook webhooks.Ref) {
"GIT_REPO_NAME=" + hook.Repo,
"GIT_CLONE_URL=" + hook.HTTPSURL,
}
for _, repo := range strings.Fields(runOpts.RepoList) {
if "*" == repo || repo == repoID {
envs = append(envs, "GIT_REPO_TRUSTED=true")
break
}
}
cmd.Env = append(env, envs...)
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr