screwdriver-api 4.1.195 → 4.1.199
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -5,6 +5,7 @@ const schema = require('screwdriver-data-schema');
|
|
|
5
5
|
const urlLib = require('url');
|
|
6
6
|
const { formatCheckoutUrl, sanitizeRootDir } = require('./helper');
|
|
7
7
|
const { getUserPermissions } = require('../helper');
|
|
8
|
+
const ANNOTATION_USE_DEPLOY_KEY = 'screwdriver.cd/useDeployKey';
|
|
8
9
|
|
|
9
10
|
module.exports = () => ({
|
|
10
11
|
method: 'POST',
|
|
@@ -89,7 +90,10 @@ module.exports = () => ({
|
|
|
89
90
|
|
|
90
91
|
await defaultCollection.update();
|
|
91
92
|
}
|
|
92
|
-
if
|
|
93
|
+
// check if pipeline has deploy key annotation then create secrets
|
|
94
|
+
const deployKeyAnnotation = pipeline.annotations && pipeline.annotations[ANNOTATION_USE_DEPLOY_KEY]
|
|
95
|
+
|
|
96
|
+
if (autoKeysGeneration || deployKeyAnnotation) {
|
|
93
97
|
const privateDeployKey = await pipelineFactory.scm.addDeployKey({
|
|
94
98
|
scmContext,
|
|
95
99
|
checkoutUrl,
|
|
@@ -6,6 +6,7 @@ const schema = require('screwdriver-data-schema');
|
|
|
6
6
|
const idSchema = schema.models.pipeline.base.extract('id');
|
|
7
7
|
const { formatCheckoutUrl, sanitizeRootDir } = require('./helper');
|
|
8
8
|
const { getUserPermissions } = require('../helper');
|
|
9
|
+
const ANNOTATION_USE_DEPLOY_KEY = 'screwdriver.cd/useDeployKey';
|
|
9
10
|
|
|
10
11
|
/**
|
|
11
12
|
* Get user permissions on old pipeline
|
|
@@ -45,10 +46,11 @@ module.exports = () => ({
|
|
|
45
46
|
handler: async (request, h) => {
|
|
46
47
|
const { checkoutUrl, rootDir, settings } = request.payload;
|
|
47
48
|
const { id } = request.params;
|
|
48
|
-
const { pipelineFactory, userFactory } = request.server.app;
|
|
49
|
+
const { pipelineFactory, userFactory, secretFactory } = request.server.app;
|
|
49
50
|
const { scmContext, username } = request.auth.credentials;
|
|
50
51
|
const scmContexts = pipelineFactory.scm.getScmContexts();
|
|
51
52
|
const { isValidToken } = request.server.plugins.pipelines;
|
|
53
|
+
const deployKeySecret = 'SD_SCM_DEPLOY_KEY';
|
|
52
54
|
|
|
53
55
|
if (!isValidToken(id, request.auth.credentials)) {
|
|
54
56
|
return boom.unauthorized('Token does not have permission to this pipeline');
|
|
@@ -83,12 +85,15 @@ module.exports = () => ({
|
|
|
83
85
|
throw boom.forbidden(`User ${user.getFullDisplayName()} does not have admin permission for this repo`);
|
|
84
86
|
}
|
|
85
87
|
|
|
88
|
+
let token;
|
|
89
|
+
let formattedCheckoutUrl;
|
|
90
|
+
|
|
86
91
|
if (checkoutUrl || rootDir) {
|
|
87
|
-
|
|
92
|
+
formattedCheckoutUrl = formatCheckoutUrl(request.payload.checkoutUrl);
|
|
88
93
|
const sanitizedRootDir = sanitizeRootDir(request.payload.rootDir);
|
|
89
94
|
|
|
90
95
|
// get the user token
|
|
91
|
-
|
|
96
|
+
token = await user.unsealToken();
|
|
92
97
|
// get the scm URI
|
|
93
98
|
const scmUri = await pipelineFactory.scm.parseUrl({
|
|
94
99
|
scmContext,
|
|
@@ -136,6 +141,32 @@ module.exports = () => ({
|
|
|
136
141
|
// update pipeline
|
|
137
142
|
const updatedPipeline = await oldPipeline.update();
|
|
138
143
|
|
|
144
|
+
// check if pipeline has deploy key annotation then create secrets
|
|
145
|
+
const deployKeyAnnotation = oldPipeline.annotations && oldPipeline.annotations[ANNOTATION_USE_DEPLOY_KEY]
|
|
146
|
+
|
|
147
|
+
if (deployKeyAnnotation) {
|
|
148
|
+
const deploySecret = await secretFactory.get({
|
|
149
|
+
pipelineId: oldPipeline.id,
|
|
150
|
+
name: deployKeySecret,
|
|
151
|
+
})
|
|
152
|
+
|
|
153
|
+
if (!deploySecret) {
|
|
154
|
+
const privateDeployKey = await pipelineFactory.scm.addDeployKey({
|
|
155
|
+
scmContext: oldPipeline.scmContext,
|
|
156
|
+
checkoutUrl: formattedCheckoutUrl,
|
|
157
|
+
token
|
|
158
|
+
});
|
|
159
|
+
const privateDeployKeyB64 = Buffer.from(privateDeployKey).toString('base64');
|
|
160
|
+
|
|
161
|
+
await secretFactory.create({
|
|
162
|
+
pipelineId: oldPipeline.id,
|
|
163
|
+
name: deployKeySecret,
|
|
164
|
+
value: privateDeployKeyB64,
|
|
165
|
+
allowInPR: true
|
|
166
|
+
});
|
|
167
|
+
}
|
|
168
|
+
}
|
|
169
|
+
|
|
139
170
|
await updatedPipeline.addWebhooks(`${request.server.info.uri}/v4/webhooks`);
|
|
140
171
|
|
|
141
172
|
const result = await updatedPipeline.sync();
|