diff --git a/engine/compiler/compiler.go b/engine/compiler/compiler.go index 5adb040..4e06123 100644 --- a/engine/compiler/compiler.go +++ b/engine/compiler/compiler.go @@ -166,14 +166,16 @@ func (c *Compiler) Compile(ctx context.Context, args runtime.CompilerArgs) runti } // list the global environment variables - envs, _ := c.Environ.List(ctx, &provider.Request{ + globals, _ := c.Environ.List(ctx, &provider.Request{ Build: args.Build, Repo: args.Repo, }) // create the default environment variables. - envs = environ.Combine( - envs, + envs := environ.Combine( + provider.ToMap( + provider.FilterUnmasked(globals), + ), args.Build.Params, pipeline.Environment, environ.Proxy(), @@ -349,6 +351,21 @@ func (c *Compiler) Compile(ctx context.Context, args runtime.CompilerArgs) runti } } + // HACK: append masked global variables to secrets + // this ensures the environment variable values are + // masked when printed to the console. + masked := provider.FilterMasked(globals) + for _, step := range spec.Steps { + for _, g := range masked { + step.Secrets = append(step.Secrets, &engine.Secret{ + Name: g.Name, + Data: []byte(g.Data), + Mask: g.Mask, + Env: g.Name, + }) + } + } + // append global resource limits to steps for _, step := range spec.Steps { // the resource limits defined in the yaml currently diff --git a/go.mod b/go.mod index 1d34ea4..2bcd298 100644 --- a/go.mod +++ b/go.mod @@ -9,10 +9,10 @@ require ( github.com/buildkite/yaml v2.1.0+incompatible github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9 github.com/docker/distribution v2.7.1+incompatible - github.com/drone/drone-go v1.1.1-0.20191119212130-1d2e07e87e79 + github.com/drone/drone-go v1.2.1-0.20200326064413-195394da1018 github.com/drone/drone-runtime v1.1.0 github.com/drone/envsubst v1.0.2 - github.com/drone/runner-go v1.5.2-0.20200324211225-4453e4fd8d36 + github.com/drone/runner-go v1.6.1-0.20200326064521-a238edf7e8d1 github.com/drone/signal v1.0.0 github.com/ghodss/yaml v1.0.0 github.com/golang/mock v1.3.1 diff --git a/go.sum b/go.sum index 7baa15a..98e73f3 100644 --- a/go.sum +++ b/go.sum @@ -34,6 +34,8 @@ github.com/drone/drone-go v1.0.5-0.20190504210458-4d6116b897ba/go.mod h1:GxyeGCl github.com/drone/drone-go v1.1.0 h1:2mritc5b7PhQWvILNyzaImZMRWVbMmmZ5Q0UDwwO7SI= github.com/drone/drone-go v1.1.1-0.20191119212130-1d2e07e87e79 h1:jW+dJ8HrZ1CbazlsYoriOOCQnVJ2NkfNczLHs6UMU6I= github.com/drone/drone-go v1.1.1-0.20191119212130-1d2e07e87e79/go.mod h1:GxyeGClYohaKNYJv/ZpsmVHtMJ7WhoT+uDaJNcDIrk4= +github.com/drone/drone-go v1.2.1-0.20200326064413-195394da1018 h1:aHRv4GohqzHXZEGks/Qyrd8kI7hkCdLhJO1QoYtQMjU= +github.com/drone/drone-go v1.2.1-0.20200326064413-195394da1018/go.mod h1:GxyeGClYohaKNYJv/ZpsmVHtMJ7WhoT+uDaJNcDIrk4= github.com/drone/drone-runtime v1.1.0 h1:IsKbwiLY6+ViNBzX0F8PERJVZZcEJm9rgxEh3uZP5IE= github.com/drone/drone-runtime v1.1.0/go.mod h1:+osgwGADc/nyl40J0fdsf8Z09bgcBZXvXXnLOY48zYs= github.com/drone/envsubst v1.0.2 h1:dpYLMAspQHW0a8dZpLRKe9jCNvIGZPhCPrycZzIHdqo= @@ -72,6 +74,9 @@ github.com/drone/runner-go v1.5.2-0.20200210231828-ff4507545b59 h1:qIthDvojdhmwo github.com/drone/runner-go v1.5.2-0.20200210231828-ff4507545b59/go.mod h1:ZIhsNU4EHG7R7J+OXeXuwwAxlxOBYLCc0gCkbbhWb/o= github.com/drone/runner-go v1.5.2-0.20200324211225-4453e4fd8d36 h1:I/NQUP9a3jBby4uNATSEQJ70jAoXin57xUIG8pGejko= github.com/drone/runner-go v1.5.2-0.20200324211225-4453e4fd8d36/go.mod h1:ZIhsNU4EHG7R7J+OXeXuwwAxlxOBYLCc0gCkbbhWb/o= +github.com/drone/runner-go v1.6.0 h1:pJYoeC09S0x52o1PtZTtwbiOu0ILt3lMPIcx/Dc0Wpg= +github.com/drone/runner-go v1.6.1-0.20200326064521-a238edf7e8d1 h1:jeZz31BlXzGx+k+wbTMH1V+e29k73Uz+SGSV6/MiQoQ= +github.com/drone/runner-go v1.6.1-0.20200326064521-a238edf7e8d1/go.mod h1:+Zc4z9/xqlqkFkAcqOtuYjYS77d2PeuWh0PxxibHfNs= github.com/drone/signal v1.0.0 h1:NrnM2M/4yAuU/tXs6RP1a1ZfxnaHwYkd0kJurA1p6uI= github.com/drone/signal v1.0.0/go.mod h1:S8t92eFT0g4WUgEc/LxG+LCuiskpMNsG0ajAMGnyZpc= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=