fix(secret): update env values for secret origin ctn (#615)

go-vela · Nov 11, 2024 · 3f3b424 · 3f3b424
1 parent 402d3d0
commit 3f3b424
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 3 deletions.
diff --git a/executor/linux/build.go b/executor/linux/build.go
@@ -12,6 +12,7 @@ import (
 
 	"golang.org/x/sync/errgroup"
 
+	"github.com/go-vela/sdk-go/vela"
 	api "github.com/go-vela/server/api/types"
 	"github.com/go-vela/server/compiler/types/pipeline"
 	"github.com/go-vela/server/constants"
@@ -356,8 +357,27 @@ func (c *client) AssembleBuild(ctx context.Context) error {
 		}
 
 		c.Logger.Infof("creating %s secret", s.Origin.Name)
+
+		// fetch request token if id_request used in origin config
+		var requestToken string
+
+		if len(s.Origin.IDRequest) > 0 {
+			opts := &vela.RequestTokenOptions{
+				Image:    s.Origin.Image,
+				Request:  s.Origin.IDRequest,
+				Commands: len(s.Origin.Commands) > 0 || len(s.Origin.Entrypoint) > 0,
+			}
+
+			tkn, _, err := c.Vela.Build.GetIDRequestToken(c.build.GetRepo().GetOrg(), c.build.GetRepo().GetName(), c.build.GetNumber(), opts)
+			if err != nil {
+				return err
+			}
+
+			requestToken = tkn.GetToken()
+		}
+
 		// create the service
-		c.err = c.secret.create(ctx, s.Origin)
+		c.err = c.secret.create(ctx, s.Origin, requestToken)
 		if c.err != nil {
 			return fmt.Errorf("unable to create %s secret: %w", s.Origin.Name, c.err)
 		}

diff --git a/executor/linux/secret.go b/executor/linux/secret.go
@@ -34,7 +34,7 @@ var (
 )
 
 // create configures the secret plugin for execution.
-func (s *secretSvc) create(ctx context.Context, ctn *pipeline.Container) error {
+func (s *secretSvc) create(ctx context.Context, ctn *pipeline.Container, reqToken string) error {
 	// update engine logger with secret metadata
 	//
 	// https://pkg.go.dev/github.com/sirupsen/logrus#Entry.WithField
@@ -45,6 +45,12 @@ func (s *secretSvc) create(ctx context.Context, ctn *pipeline.Container) error {
 	ctn.Environment["VELA_HOST"] = s.client.build.GetHost()
 	ctn.Environment["VELA_RUNTIME"] = s.client.build.GetRuntime()
 	ctn.Environment["VELA_VERSION"] = s.client.Version
+	ctn.Environment["VELA_OUTPUTS"] = "/vela/outputs/.env"
+	ctn.Environment["VELA_MASKED_OUTPUTS"] = "/vela/outputs/masked.env"
+
+	if len(reqToken) > 0 {
+		ctn.Environment["VELA_ID_TOKEN_REQUEST_TOKEN"] = reqToken
+	}
 
 	logger.Debug("setting up container")
 	// setup the runtime container

diff --git a/executor/linux/secret_test.go b/executor/linux/secret_test.go
@@ -128,7 +128,7 @@ func TestLinux_Secret_create(t *testing.T) {
 				t.Errorf("unable to create %s executor engine: %v", test.name, err)
 			}
 
-			err = _engine.secret.create(context.Background(), test.container)
+			err = _engine.secret.create(context.Background(), test.container, "")
 
 			if test.failure {
 				if err == nil {