From 19101a5b1346caaeb675fb5f7e5a100277381a88 Mon Sep 17 00:00:00 2001 From: claire1618 <55173466+claire1618@users.noreply.github.com> Date: Tue, 24 Oct 2023 15:11:26 -0500 Subject: [PATCH 1/6] feat(yaml/secret): adding pull tag to secrets to create a lazy secrets ability (#312) * feat: adding pull tag to secrets to create a lazy secrets ability * fixing testing errors * fixing testing errors * changing pull tag options * fixing tests * fixing linter errors * fixing some errors * fixing formatting * fixing errors --------- Co-authored-by: Claire.Nicholas Co-authored-by: Tim Huynh Co-authored-by: David May <49894298+wass3rw3rk@users.noreply.github.com> Co-authored-by: Easton Crupper <65553218+ecrupper@users.noreply.github.com> --- constants/secret.go | 6 ++++++ pipeline/secret.go | 1 + pipeline/secret_test.go | 30 ++++++++++++++++++++++++++++++ yaml/build_test.go | 6 ++++++ yaml/secret.go | 7 +++++++ yaml/secret_test.go | 11 +++++++++++ yaml/testdata/secret.yml | 1 + 7 files changed, 62 insertions(+) diff --git a/constants/secret.go b/constants/secret.go index 13628e95..bb794f02 100644 --- a/constants/secret.go +++ b/constants/secret.go @@ -4,6 +4,12 @@ package constants // Secret types. const ( + // SecretPullBuild defines the pull policy type for a secret. + SecretPullBuild = "build_start" + + // SecretPullStep defines the pull policy type for a secret. + SecretPullStep = "step_start" + // SecretOrg defines the secret type for a secret scoped to a specific org. SecretOrg = "org" diff --git a/pipeline/secret.go b/pipeline/secret.go index 94250afe..bbc5e260 100644 --- a/pipeline/secret.go +++ b/pipeline/secret.go @@ -28,6 +28,7 @@ type ( Engine string `json:"engine,omitempty" yaml:"engine,omitempty"` Type string `json:"type,omitempty" yaml:"type,omitempty"` Origin *Container `json:"origin,omitempty" yaml:"origin,omitempty"` + Pull string `json:"pull,omitempty" yaml:"pull,omitempty"` } // StepSecretSlice is the pipeline representation diff --git a/pipeline/secret_test.go b/pipeline/secret_test.go index 8137e757..bf5bfbc4 100644 --- a/pipeline/secret_test.go +++ b/pipeline/secret_test.go @@ -60,6 +60,7 @@ func TestPipeline_Secret_ParseOrg_success(t *testing.T) { Key: "octocat/foo", Engine: "native", Type: "org", + Pull: "build_start", }, org: "octocat", }, @@ -70,6 +71,7 @@ func TestPipeline_Secret_ParseOrg_success(t *testing.T) { Key: "octocat/๐Ÿ‘‹/๐Ÿงช/๐Ÿ”‘", Engine: "native", Type: "org", + Pull: "build_start", }, org: "octocat", }, @@ -108,6 +110,7 @@ func TestPipeline_Secret_ParseOrg_failure(t *testing.T) { Key: "octocat/foo", Engine: "native", Type: "org", + Pull: "build_start", }, org: "wrongorg", wantErr: ErrInvalidOrg, @@ -119,6 +122,7 @@ func TestPipeline_Secret_ParseOrg_failure(t *testing.T) { Key: "octocat", Engine: "native", Type: "org", + Pull: "build_start", }, org: "octocat", wantErr: ErrInvalidPath, @@ -130,6 +134,7 @@ func TestPipeline_Secret_ParseOrg_failure(t *testing.T) { Key: "octocat/", Engine: "native", Type: "org", + Pull: "build_start", }, org: "octocat", wantErr: ErrInvalidPath, @@ -140,6 +145,7 @@ func TestPipeline_Secret_ParseOrg_failure(t *testing.T) { Key: "octocat/foo/bar", Engine: "native", Type: "org", + Pull: "build_start", }, org: "octocat", wantErr: ErrInvalidName, @@ -151,6 +157,7 @@ func TestPipeline_Secret_ParseOrg_failure(t *testing.T) { Key: "octocat/foo/bar", Engine: "native", Type: "org", + Pull: "build_start", }, org: "octocat", wantErr: ErrInvalidName, @@ -162,6 +169,7 @@ func TestPipeline_Secret_ParseOrg_failure(t *testing.T) { Key: "octocat/foo", Engine: "invalid", Type: "org", + Pull: "build_start", }, org: "octocat", wantErr: ErrInvalidEngine, @@ -195,6 +203,7 @@ func TestPipeline_Secret_ParseRepo_success(t *testing.T) { Key: "octocat/helloworld/foo", Engine: "native", Type: "repo", + Pull: "build_start", }, org: "octocat", repo: "helloworld", @@ -206,6 +215,7 @@ func TestPipeline_Secret_ParseRepo_success(t *testing.T) { Key: "octocat/๐Ÿ‘‹/๐Ÿงช/๐Ÿ”‘", Engine: "native", Type: "repo", + Pull: "build_start", }, org: "octocat", repo: "๐Ÿ‘‹", @@ -253,6 +263,7 @@ func TestPipeline_Secret_ParseRepo_failure(t *testing.T) { Key: "octocat/helloworld/foo", Engine: "native", Type: "repo", + Pull: "build_start", }, org: "wrongorg", repo: "helloworld", @@ -265,6 +276,7 @@ func TestPipeline_Secret_ParseRepo_failure(t *testing.T) { Key: "octocat/helloworld/foo", Engine: "native", Type: "repo", + Pull: "build_start", }, org: "octocat", repo: "badrepo", @@ -277,6 +289,7 @@ func TestPipeline_Secret_ParseRepo_failure(t *testing.T) { Key: "octocat", Engine: "native", Type: "repo", + Pull: "build_start", }, org: "octocat", wantErr: ErrInvalidPath, @@ -288,6 +301,7 @@ func TestPipeline_Secret_ParseRepo_failure(t *testing.T) { Key: "octocat/helloworld", Engine: "native", Type: "org", + Pull: "build_start", }, repo: "helloworld", org: "octocat", @@ -300,6 +314,7 @@ func TestPipeline_Secret_ParseRepo_failure(t *testing.T) { Key: "octocat/helloworld/", Engine: "native", Type: "org", + Pull: "build_start", }, repo: "helloworld", org: "octocat", @@ -311,6 +326,7 @@ func TestPipeline_Secret_ParseRepo_failure(t *testing.T) { Key: "octocat/helloworld/foo/bar", Engine: "native", Type: "repo", + Pull: "build_start", }, org: "octocat", repo: "helloworld", @@ -323,6 +339,7 @@ func TestPipeline_Secret_ParseRepo_failure(t *testing.T) { Key: "octocat/helloworld/foo/bar", Engine: "native", Type: "repo", + Pull: "build_start", }, org: "octocat", repo: "helloworld", @@ -335,6 +352,7 @@ func TestPipeline_Secret_ParseRepo_failure(t *testing.T) { Key: "octocat", Engine: "invalid", Type: "org", + Pull: "build_start", }, org: "octocat", wantErr: ErrInvalidEngine, @@ -346,6 +364,7 @@ func TestPipeline_Secret_ParseRepo_failure(t *testing.T) { Key: "foo", Engine: "native", Type: "repo", + Pull: "build_start", }, org: "octocat", repo: "helloworld", @@ -379,6 +398,7 @@ func TestPipeline_Secret_ParseShared_success(t *testing.T) { Key: "octocat/helloworld/foo", Engine: "native", Type: "repo", + Pull: "build_start", }, org: "octocat", }, @@ -389,6 +409,7 @@ func TestPipeline_Secret_ParseShared_success(t *testing.T) { Key: "octocat/๐Ÿ‘‹/๐Ÿงช/๐Ÿ”‘", Engine: "native", Type: "repo", + Pull: "build_start", }, org: "octocat", }, @@ -431,6 +452,7 @@ func TestPipeline_Secret_ParseShared_failure(t *testing.T) { Key: "octocat", Engine: "native", Type: "repo", + Pull: "build_start", }, org: "octocat", wantErr: ErrInvalidPath, @@ -442,6 +464,7 @@ func TestPipeline_Secret_ParseShared_failure(t *testing.T) { Key: "octocat", Engine: "invalid", Type: "org", + Pull: "build_start", }, org: "octocat", wantErr: ErrInvalidEngine, @@ -453,6 +476,7 @@ func TestPipeline_Secret_ParseShared_failure(t *testing.T) { Key: "octocat/foo", Engine: "native", Type: "org", + Pull: "build_start", }, org: "octocat", wantErr: ErrInvalidPath, @@ -464,6 +488,7 @@ func TestPipeline_Secret_ParseShared_failure(t *testing.T) { Key: "octocat/foo/", Engine: "native", Type: "org", + Pull: "build_start", }, org: "octocat", wantErr: ErrInvalidPath, @@ -474,6 +499,7 @@ func TestPipeline_Secret_ParseShared_failure(t *testing.T) { Key: "octocat/foo/bar", Engine: "native", Type: "org", + Pull: "build_start", }, org: "octocat", wantErr: ErrInvalidName, @@ -485,6 +511,7 @@ func TestPipeline_Secret_ParseShared_failure(t *testing.T) { Key: "octocat/foo/bar", Engine: "native", Type: "org", + Pull: "build_start", }, org: "octocat", wantErr: ErrInvalidName, @@ -512,6 +539,7 @@ func testSecrets() *SecretSlice { Name: "foobar", Type: "repo", Origin: &Container{}, + Pull: "build_start", }, { Engine: "native", @@ -519,6 +547,7 @@ func testSecrets() *SecretSlice { Name: "foobar", Type: "org", Origin: &Container{}, + Pull: "build_start", }, { Engine: "native", @@ -526,6 +555,7 @@ func testSecrets() *SecretSlice { Name: "foobar", Type: "shared", Origin: &Container{}, + Pull: "build_start", }, { Name: "", diff --git a/yaml/build_test.go b/yaml/build_test.go index 4b652e98..f3576327 100644 --- a/yaml/build_test.go +++ b/yaml/build_test.go @@ -260,36 +260,42 @@ func TestYaml_Build_UnmarshalYAML(t *testing.T) { Key: "org/repo/docker/username", Engine: "native", Type: "repo", + Pull: "build_start", }, { Name: "docker_password", Key: "org/repo/docker/password", Engine: "vault", Type: "repo", + Pull: "build_start", }, { Name: "docker_username", Key: "org/docker/username", Engine: "native", Type: "org", + Pull: "build_start", }, { Name: "docker_password", Key: "org/docker/password", Engine: "vault", Type: "org", + Pull: "build_start", }, { Name: "docker_username", Key: "org/team/docker/username", Engine: "native", Type: "shared", + Pull: "build_start", }, { Name: "docker_password", Key: "org/team/docker/password", Engine: "vault", Type: "shared", + Pull: "build_start", }, { Origin: Origin{ diff --git a/yaml/secret.go b/yaml/secret.go index a211a245..2c44e5ab 100644 --- a/yaml/secret.go +++ b/yaml/secret.go @@ -25,6 +25,7 @@ type ( Engine string `yaml:"engine,omitempty" json:"engine,omitempty" jsonschema:"enum=native,enum=vault,default=native,description=Name of storage backend to fetch secret from.\nReference: https://go-vela.github.io/docs/reference/yaml/secrets/#the-engine-tag"` Type string `yaml:"type,omitempty" json:"type,omitempty" jsonschema:"enum=repo,enum=org,enum=shared,default=repo,description=Type of secret to fetch from storage backend.\nReference: https://go-vela.github.io/docs/reference/yaml/secrets/#the-type-tag"` Origin Origin `yaml:"origin,omitempty" json:"origin,omitempty" jsonschema:"description=Declaration to pull secrets from non-internal secret providers.\nReference: https://go-vela.github.io/docs/reference/yaml/secrets/#the-origin-tag"` + Pull string `yaml:"pull,omitempty" json:"pull,omitempty" jsonschema:"default=build_start,description=When to pull in secrets from storage backend."` } // Origin is the yaml representation of a method @@ -55,6 +56,7 @@ func (s *SecretSlice) ToPipeline() *pipeline.SecretSlice { Engine: secret.Engine, Type: secret.Type, Origin: secret.Origin.ToPipeline(), + Pull: secret.Pull, }) } @@ -94,6 +96,11 @@ func (s *SecretSlice) UnmarshalYAML(unmarshal func(interface{}) error) error { secret.Type = constants.SecretRepo } + // implicitly set `type` field if empty + if secret.Origin.Empty() && len(secret.Pull) == 0 { + secret.Pull = constants.SecretPullBuild + } + // implicitly set `pull` field if empty if !secret.Origin.Empty() && len(secret.Origin.Pull) == 0 { secret.Origin.Pull = constants.PullNotPresent diff --git a/yaml/secret_test.go b/yaml/secret_test.go index 9cb4dae6..f70637e6 100644 --- a/yaml/secret_test.go +++ b/yaml/secret_test.go @@ -108,6 +108,7 @@ func TestYaml_SecretSlice_ToPipeline(t *testing.T) { Engine: "native", Type: "repo", Origin: Origin{}, + Pull: "build_start", }, { Name: "docker_username", @@ -139,6 +140,7 @@ func TestYaml_SecretSlice_ToPipeline(t *testing.T) { }, }, }, + Pull: "build_start", }, }, want: &pipeline.SecretSlice{ @@ -148,6 +150,7 @@ func TestYaml_SecretSlice_ToPipeline(t *testing.T) { Engine: "native", Type: "repo", Origin: &pipeline.Container{}, + Pull: "build_start", }, { Name: "docker_username", @@ -176,6 +179,7 @@ func TestYaml_SecretSlice_ToPipeline(t *testing.T) { }, }, }, + Pull: "build_start", }, }, }, @@ -207,30 +211,35 @@ func TestYaml_SecretSlice_UnmarshalYAML(t *testing.T) { Key: "bar", Engine: "native", Type: "repo", + Pull: "build_start", }, { Name: "noKey", Key: "noKey", Engine: "native", Type: "repo", + Pull: "build_start", }, { Name: "noType", Key: "bar", Engine: "native", Type: "repo", + Pull: "build_start", }, { Name: "noEngine", Key: "bar", Engine: "native", Type: "repo", + Pull: "build_start", }, { Name: "noKeyEngineAndType", Key: "noKeyEngineAndType", Engine: "native", Type: "repo", + Pull: "build_start", }, { Name: "externalSecret", @@ -262,6 +271,7 @@ func TestYaml_SecretSlice_UnmarshalYAML(t *testing.T) { }, }, }, + Pull: "", }, { Name: "", @@ -293,6 +303,7 @@ func TestYaml_SecretSlice_UnmarshalYAML(t *testing.T) { }, }, }, + Pull: "", }, }, }, diff --git a/yaml/testdata/secret.yml b/yaml/testdata/secret.yml index 72a56cb0..c432eb29 100644 --- a/yaml/testdata/secret.yml +++ b/yaml/testdata/secret.yml @@ -5,6 +5,7 @@ key: bar engine: native type: repo + pull: build_start - name: noKey engine: native type: repo From ffb16ee0deac7e265f68e28942c1bc867c050e08 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 3 Nov 2023 08:51:44 -0500 Subject: [PATCH 2/6] chore(deps): update all non-major dependencies (#325) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/reviewdog.yml | 8 ++++---- .github/workflows/schema.yml | 2 +- .github/workflows/test.yml | 2 +- .github/workflows/validate.yml | 2 +- go.mod | 4 ++-- go.sum | 8 ++++---- 7 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 77f7afb3..3dd5aac1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -35,11 +35,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2 + uses: github/codeql-action/init@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -50,7 +50,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2 + uses: github/codeql-action/autobuild@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2 # โ„น๏ธ Command-line programs to run using the OS shell. # ๐Ÿ“š https://git.io/JvXDl @@ -64,4 +64,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2 + uses: github/codeql-action/analyze@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2 diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml index 3476011c..475efe79 100644 --- a/.github/workflows/reviewdog.yml +++ b/.github/workflows/reviewdog.yml @@ -12,7 +12,7 @@ jobs: steps: - name: clone - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: install go uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 @@ -23,7 +23,7 @@ jobs: check-latest: true - name: golangci-lint - uses: reviewdog/action-golangci-lint@24d4af2fc93f5b2b296229e8b0c0f658d25707af # v2 + uses: reviewdog/action-golangci-lint@94d61e3205b61acf4ddabfeb13c5f8a13eb4167b # v2 with: github_token: ${{ secrets.github_token }} golangci_lint_flags: "--config=.golangci.yml" @@ -36,7 +36,7 @@ jobs: steps: - name: clone - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: install go uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 @@ -47,7 +47,7 @@ jobs: check-latest: true - name: golangci-lint - uses: reviewdog/action-golangci-lint@24d4af2fc93f5b2b296229e8b0c0f658d25707af # v2 + uses: reviewdog/action-golangci-lint@94d61e3205b61acf4ddabfeb13c5f8a13eb4167b # v2 with: github_token: ${{ secrets.github_token }} golangci_lint_flags: "--config=.golangci.yml" diff --git a/.github/workflows/schema.yml b/.github/workflows/schema.yml index 43ce298b..cdeb0b1f 100644 --- a/.github/workflows/schema.yml +++ b/.github/workflows/schema.yml @@ -13,7 +13,7 @@ jobs: steps: - name: clone - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: install go uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index bb2f4d6d..8e0021db 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,7 +14,7 @@ jobs: steps: - name: clone - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: install go uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 99aa56f0..72ad5d8a 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -14,7 +14,7 @@ jobs: steps: - name: clone - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: install go uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 diff --git a/go.mod b/go.mod index 9f9eabf2..764f3775 100644 --- a/go.mod +++ b/go.mod @@ -8,14 +8,14 @@ require ( github.com/drone/envsubst v1.0.3 github.com/ghodss/yaml v1.0.0 github.com/lib/pq v1.10.9 - github.com/microcosm-cc/bluemonday v1.0.25 + github.com/microcosm-cc/bluemonday v1.0.26 ) require ( github.com/aymerick/douceur v0.2.0 // indirect github.com/gorilla/css v1.0.0 // indirect github.com/kr/pretty v0.2.0 // indirect - golang.org/x/net v0.12.0 // indirect + golang.org/x/net v0.17.0 // indirect gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect gopkg.in/yaml.v2 v2.3.0 // indirect ) diff --git a/go.sum b/go.sum index 455c1602..30a8143f 100644 --- a/go.sum +++ b/go.sum @@ -19,10 +19,10 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= -github.com/microcosm-cc/bluemonday v1.0.25 h1:4NEwSfiJ+Wva0VxN5B8OwMicaJvD8r9tlJWm9rtloEg= -github.com/microcosm-cc/bluemonday v1.0.25/go.mod h1:ZIOjCQp1OrzBBPIJmfX4qDYFuhU02nx4bn030ixfHLE= -golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50= -golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= +github.com/microcosm-cc/bluemonday v1.0.26 h1:xbqSvqzQMeEHCqMi64VAs4d8uy6Mequs3rQ0k/Khz58= +github.com/microcosm-cc/bluemonday v1.0.26/go.mod h1:JyzOCs9gkyQyjs+6h10UEVSe02CGwkhd72Xdqh78TWs= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From c4fc61aa76198f45944f29a596d0db521cf1d4dc Mon Sep 17 00:00:00 2001 From: Easton Crupper <65553218+ecrupper@users.noreply.github.com> Date: Fri, 3 Nov 2023 13:42:11 -0400 Subject: [PATCH 3/6] fix(schema): add schedule to the event options (#330) --- cmd/schema/main.go | 1 + 1 file changed, 1 insertion(+) diff --git a/cmd/schema/main.go b/cmd/schema/main.go index af57b060..4adc0e70 100644 --- a/cmd/schema/main.go +++ b/cmd/schema/main.go @@ -98,6 +98,7 @@ func main() { "pull_request:opened", "pull_request:synchronize", "push", + "schedule", "tag", }, "path": {}, From ba41348d0fa9446f6b2d388130c8a114d841d386 Mon Sep 17 00:00:00 2001 From: Easton Crupper <65553218+ecrupper@users.noreply.github.com> Date: Tue, 7 Nov 2023 10:55:04 -0500 Subject: [PATCH 4/6] fix(yaml): add reopened action to default pull_request unmarshal (#332) * fix(yaml): add reopened action to default pull_request unmarshal * fix build_test --- constants/action.go | 3 +++ yaml/build_test.go | 20 ++++++++++---------- yaml/ruleset.go | 3 ++- yaml/ruleset_test.go | 2 +- 4 files changed, 16 insertions(+), 12 deletions(-) diff --git a/constants/action.go b/constants/action.go index 9d4502e9..bcff84b7 100644 --- a/constants/action.go +++ b/constants/action.go @@ -16,6 +16,9 @@ const ( // ActionRenamed defines the action for renaming a repository. ActionRenamed = "renamed" + // ActionReopened defines the action for re-opening a pull request (or issue). + ActionReopened = "reopened" + // ActionSynchronize defines the action for the synchronizing of pull requests. ActionSynchronize = "synchronize" diff --git a/yaml/build_test.go b/yaml/build_test.go index f3576327..8da97c90 100644 --- a/yaml/build_test.go +++ b/yaml/build_test.go @@ -164,7 +164,7 @@ func TestYaml_Build_UnmarshalYAML(t *testing.T) { Image: "openjdk:latest", Pull: "always", Ruleset: Ruleset{ - If: Rules{Event: []string{"push", "pull_request:opened", "pull_request:synchronize"}}, + If: Rules{Event: []string{"push", "pull_request:opened", "pull_request:synchronize", "pull_request:reopened"}}, Matcher: "filepath", Operator: "and", }, @@ -193,7 +193,7 @@ func TestYaml_Build_UnmarshalYAML(t *testing.T) { Image: "openjdk:latest", Pull: "always", Ruleset: Ruleset{ - If: Rules{Event: []string{"push", "pull_request:opened", "pull_request:synchronize"}}, + If: Rules{Event: []string{"push", "pull_request:opened", "pull_request:synchronize", "pull_request:reopened"}}, Matcher: "filepath", Operator: "and", }, @@ -223,7 +223,7 @@ func TestYaml_Build_UnmarshalYAML(t *testing.T) { Image: "plugins/docker:18.09", Pull: "always", Ruleset: Ruleset{ - If: Rules{Event: []string{"push", "pull_request:opened", "pull_request:synchronize"}}, + If: Rules{Event: []string{"push", "pull_request:opened", "pull_request:synchronize", "pull_request:reopened"}}, Matcher: "filepath", Operator: "and", }, @@ -351,7 +351,7 @@ func TestYaml_Build_UnmarshalYAML(t *testing.T) { Name: "install", Pull: "always", Ruleset: Ruleset{ - If: Rules{Event: []string{"push", "pull_request:opened", "pull_request:synchronize"}}, + If: Rules{Event: []string{"push", "pull_request:opened", "pull_request:synchronize", "pull_request:reopened"}}, Matcher: "filepath", Operator: "and", }, @@ -387,7 +387,7 @@ func TestYaml_Build_UnmarshalYAML(t *testing.T) { Image: "openjdk:latest", Pull: "always", Ruleset: Ruleset{ - If: Rules{Event: []string{"push", "pull_request:opened", "pull_request:synchronize"}}, + If: Rules{Event: []string{"push", "pull_request:opened", "pull_request:synchronize", "pull_request:reopened"}}, Matcher: "filepath", Operator: "and", }, @@ -423,7 +423,7 @@ func TestYaml_Build_UnmarshalYAML(t *testing.T) { Image: "openjdk:latest", Pull: "always", Ruleset: Ruleset{ - If: Rules{Event: []string{"push", "pull_request:opened", "pull_request:synchronize"}}, + If: Rules{Event: []string{"push", "pull_request:opened", "pull_request:synchronize", "pull_request:reopened"}}, Matcher: "filepath", Operator: "and", }, @@ -467,7 +467,7 @@ func TestYaml_Build_UnmarshalYAML(t *testing.T) { Name: "install", Pull: "always", Ruleset: Ruleset{ - If: Rules{Event: []string{"push", "pull_request:opened", "pull_request:synchronize"}}, + If: Rules{Event: []string{"push", "pull_request:opened", "pull_request:synchronize", "pull_request:reopened"}}, Matcher: "filepath", Operator: "and", }, @@ -496,7 +496,7 @@ func TestYaml_Build_UnmarshalYAML(t *testing.T) { Image: "openjdk:latest", Pull: "always", Ruleset: Ruleset{ - If: Rules{Event: []string{"push", "pull_request:opened", "pull_request:synchronize"}}, + If: Rules{Event: []string{"push", "pull_request:opened", "pull_request:synchronize", "pull_request:reopened"}}, Matcher: "filepath", Operator: "and", }, @@ -525,7 +525,7 @@ func TestYaml_Build_UnmarshalYAML(t *testing.T) { Image: "openjdk:latest", Pull: "always", Ruleset: Ruleset{ - If: Rules{Event: []string{"push", "pull_request:opened", "pull_request:synchronize"}}, + If: Rules{Event: []string{"push", "pull_request:opened", "pull_request:synchronize", "pull_request:reopened"}}, Matcher: "filepath", Operator: "and", }, @@ -573,7 +573,7 @@ func TestYaml_Build_UnmarshalYAML(t *testing.T) { Name: "install", Pull: "always", Ruleset: Ruleset{ - If: Rules{Event: []string{"push", "pull_request:opened", "pull_request:synchronize"}}, + If: Rules{Event: []string{"push", "pull_request:opened", "pull_request:synchronize", "pull_request:reopened"}}, Matcher: "filepath", Operator: "and", }, diff --git a/yaml/ruleset.go b/yaml/ruleset.go index 0d29b0b1..b62ebe28 100644 --- a/yaml/ruleset.go +++ b/yaml/ruleset.go @@ -151,7 +151,8 @@ func (r *Rules) UnmarshalYAML(unmarshal func(interface{}) error) error { case constants.EventPull: events = append(events, constants.EventPull+":"+constants.ActionOpened, - constants.EventPull+":"+constants.ActionSynchronize) + constants.EventPull+":"+constants.ActionSynchronize, + constants.EventPull+":"+constants.ActionReopened) case constants.EventComment: events = append(events, constants.EventComment+":"+constants.ActionCreated, diff --git a/yaml/ruleset_test.go b/yaml/ruleset_test.go index 31ce53a0..762bb904 100644 --- a/yaml/ruleset_test.go +++ b/yaml/ruleset_test.go @@ -114,7 +114,7 @@ func TestYaml_Ruleset_UnmarshalYAML(t *testing.T) { Tag: []string{"^refs/tags/(\\d+\\.)+\\d+$"}, }, Unless: Rules{ - Event: []string{"deployment", "pull_request:opened", "pull_request:synchronize", "comment:created", "comment:edited", "schedule"}, + Event: []string{"deployment", "pull_request:opened", "pull_request:synchronize", "pull_request:reopened", "comment:created", "comment:edited", "schedule"}, Path: []string{"foo.txt", "/foo/bar.txt"}, }, Matcher: "regexp", From 94c29dbe3fc74be842f3d9ae7f264b051804caf9 Mon Sep 17 00:00:00 2001 From: David May <49894298+wass3rw3rk@users.noreply.github.com> Date: Wed, 8 Nov 2023 09:32:40 -0600 Subject: [PATCH 5/6] fix(schema): use enum for secret pull policy (#331) --- yaml/secret.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yaml/secret.go b/yaml/secret.go index 2c44e5ab..7867eca9 100644 --- a/yaml/secret.go +++ b/yaml/secret.go @@ -25,7 +25,7 @@ type ( Engine string `yaml:"engine,omitempty" json:"engine,omitempty" jsonschema:"enum=native,enum=vault,default=native,description=Name of storage backend to fetch secret from.\nReference: https://go-vela.github.io/docs/reference/yaml/secrets/#the-engine-tag"` Type string `yaml:"type,omitempty" json:"type,omitempty" jsonschema:"enum=repo,enum=org,enum=shared,default=repo,description=Type of secret to fetch from storage backend.\nReference: https://go-vela.github.io/docs/reference/yaml/secrets/#the-type-tag"` Origin Origin `yaml:"origin,omitempty" json:"origin,omitempty" jsonschema:"description=Declaration to pull secrets from non-internal secret providers.\nReference: https://go-vela.github.io/docs/reference/yaml/secrets/#the-origin-tag"` - Pull string `yaml:"pull,omitempty" json:"pull,omitempty" jsonschema:"default=build_start,description=When to pull in secrets from storage backend."` + Pull string `yaml:"pull,omitempty" json:"pull,omitempty" jsonschema:"enum=step_start,enum=build_start,default=build_start,description=When to pull in secrets from storage backend.\nReference: https://go-vela.github.io/docs/reference/yaml/secrets/#the-pull-tag"` } // Origin is the yaml representation of a method From e7d501937f4696a43769c6f9322381baf0a7ff44 Mon Sep 17 00:00:00 2001 From: Easton Crupper <65553218+ecrupper@users.noreply.github.com> Date: Wed, 8 Nov 2023 10:38:39 -0500 Subject: [PATCH 6/6] fix(log): add brackets to secret mask (#333) Co-authored-by: dave vader <48764154+plyr4@users.noreply.github.com> --- library/log.go | 2 +- library/log_test.go | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/library/log.go b/library/log.go index cd7d39f9..9c2ce146 100644 --- a/library/log.go +++ b/library/log.go @@ -54,7 +54,7 @@ func (l *Log) MaskData(secrets []string) { // create regexp to match secrets in the log data surrounded by regexp metacharacters // // https://pkg.go.dev/regexp#MustCompile - buffer := `(\s|^|=|"|\?|:|'|\.|,|&|$|;)` + buffer := `(\s|^|=|"|\?|:|'|\.|,|&|$|;|\[|\])` re := regexp.MustCompile((buffer + escaped + buffer)) // create a mask for the secret diff --git a/library/log_test.go b/library/log_test.go index c3f796c8..5ea64669 100644 --- a/library/log_test.go +++ b/library/log_test.go @@ -54,6 +54,8 @@ func TestLibrary_Log_MaskData(t *testing.T) { s4Masked := "SOME_SECRET=***" s5 := "www.example.com?username=secret&password=extrasecret" s5Masked := "www.example.com?username=***&password=***" + s6 := "[token: extrasecret]" + s6Masked := "[token: ***]" tests := []struct { want []byte @@ -85,6 +87,11 @@ func TestLibrary_Log_MaskData(t *testing.T) { log: []byte(s5), secrets: sVals, }, + { // secret in verbose brackets + want: []byte(s6Masked), + log: []byte(s6), + secrets: sVals, + }, { // empty secrets slice want: []byte(s3), log: []byte(s3),