the docs show how to set a file to a secret envvar http://readme.drone.io/0.5/secrets/
is there a convenient way to do the opposite? e.g. have this ssh key be available in .ssh/id_rsa with all the correct permissions.
And by "convienient" I obviously mean without having to type mkdir
, >
or chmod
Navigate to your repository in Drone and go to settings. If you scroll down you'll find the secrets panel. We will be adding five secrets for our build. The first four are quite simple, a name followed by the value. They are: deploy_host: The address to the web server which we will rsync to, without prepended protocol.
If you want to make a drone from scratch, selecting the frame size is going to be your first step. There are two main types of motors: brushed and brushless. Your cheaper ready to fly drones will be using brushed motors, and that’s because they are using the cheaper motor. While cheap, they wear down and break much faster than brushless motors.
Click Register application and your app is created. You will also be able to see the credentials of your app, a Client ID as well as a Client Secret. Because Drone is self-contained it doesn't have any dependencies, how great is that?
Small Drone: 150-250 mm Medium Drone: 250-400 mm If you want to make a drone from scratch, selecting the frame size is going to be your first step. There are two main types of motors: brushed and brushless. Your cheaper ready to fly drones will be using brushed motors, and that’s because they are using the cheaper motor.
If you want to use an ssh key as part of your build, you can add the ssh key to the secret store using the following command:
drone secrets add --image=<image> <repo> SSH_KEY @/path/to/.ssh/id_rsa
Note that the @
notation is similar to curl. The reason this feature exists is because creating the secret using cat
(or some other sort of pipe) seems to cause a malformed file to upload.
Once the file is added, you can reference in your Yaml:
pipeline:
image: busybox
environment:
- SSH_KEY: ${SSH_KEY}
commands:
- mkdir /root/.ssh && echo "$SSH_KEY" > /root/.ssh/id_rsa && chmod 0600 /root/.ssh/id_rsa
Note that it is important to cat SSH_KEY
inside quotes in order to preserve new lines.
You may also need to add the host to known_hosts
in order to prevent host key issues; change bitbucket.org
to whatever host you're pulling from in the following, and add it to commands
(after the command shown above, to ensure that the /root/.ssh
directory exists):
ssh-keyscan -H bitbucket.org >> /root/.ssh/known_hosts
(You'll also need to install openssh-client or equivalent, if it's not already available in your build image.)
And by "convienient" I obviously mean without having to type mkdir, > or chmod
nope
In Drone 0.7+ when using Github oAuth2 to authenticate into Drone it automatically adds the Github username and password to the builds .netrc
.
The password is actually a token instead of a password. The .netrc
will look as such:
machine github.com
login <SOME_SECRET>
password x-oauth-basic
This means you can clone private Github repos over HTTPS without having to specify the username/password, i.e. git clone https://github.com/USER/REPO/git
.
You can also get the same effect locally by adding a ~/.netrc
file and adding something like:
machine github.com
login <GITHUB_USERNAME>
password <GITHUB_PERSONAL_TOKEN>
machine api.github.com
login <GITHUB_USERNAME>
password <GITHUB_PERSONAL_TOKEN>
You will have to generate a personal token.
For example, if using the Ruby package manger bundler, you can add the following to the Gemfile:
gem 'documas', git: 'https://github.com/Propheris/documas-core.git'
The build can do bundle install
successfully since it will clone the above repo via HTTPS using the Github token. The only issue is that when you do bundle install
locally it will ask for a username/password. To overcome this add a ~/.netrc
file to your development machine as per the above example.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With