Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

how to create a drone secret file?

Tags:

drone.io

the docs show how to set a file to a secret envvar http://readme.drone.io/0.5/secrets/

is there a convenient way to do the opposite? e.g. have this ssh key be available in .ssh/id_rsa with all the correct permissions.

And by "convienient" I obviously mean without having to type mkdir, > or chmod

like image 969
fommil Avatar asked Dec 26 '16 12:12

fommil


People also ask

How do I add secrets to my Drone build?

Navigate to your repository in Drone and go to settings. If you scroll down you'll find the secrets panel. We will be adding five secrets for our build. The first four are quite simple, a name followed by the value. They are: deploy_host: The address to the web server which we will rsync to, without prepended protocol.

How to make a drone from scratch?

If you want to make a drone from scratch, selecting the frame size is going to be your first step. There are two main types of motors: brushed and brushless. Your cheaper ready to fly drones will be using brushed motors, and that’s because they are using the cheaper motor. While cheap, they wear down and break much faster than brushless motors.

How do I create a drone app?

Click Register application and your app is created. You will also be able to see the credentials of your app, a Client ID as well as a Client Secret. Because Drone is self-contained it doesn't have any dependencies, how great is that?

What size drone do I need to make?

Small Drone: 150-250 mm Medium Drone: 250-400 mm If you want to make a drone from scratch, selecting the frame size is going to be your first step. There are two main types of motors: brushed and brushless. Your cheaper ready to fly drones will be using brushed motors, and that’s because they are using the cheaper motor.


2 Answers

If you want to use an ssh key as part of your build, you can add the ssh key to the secret store using the following command:

drone secrets add --image=<image> <repo> SSH_KEY @/path/to/.ssh/id_rsa

Note that the @ notation is similar to curl. The reason this feature exists is because creating the secret using cat (or some other sort of pipe) seems to cause a malformed file to upload.

Once the file is added, you can reference in your Yaml:

pipeline:
  image: busybox
  environment:
    - SSH_KEY: ${SSH_KEY}
  commands:
    - mkdir /root/.ssh && echo "$SSH_KEY" > /root/.ssh/id_rsa && chmod 0600 /root/.ssh/id_rsa

Note that it is important to cat SSH_KEY inside quotes in order to preserve new lines.

You may also need to add the host to known_hosts in order to prevent host key issues; change bitbucket.org to whatever host you're pulling from in the following, and add it to commands (after the command shown above, to ensure that the /root/.ssh directory exists):

ssh-keyscan -H bitbucket.org >> /root/.ssh/known_hosts

(You'll also need to install openssh-client or equivalent, if it's not already available in your build image.)

And by "convienient" I obviously mean without having to type mkdir, > or chmod

nope

like image 138
Brad Rydzewski Avatar answered Oct 18 '22 02:10

Brad Rydzewski


In Drone 0.7+ when using Github oAuth2 to authenticate into Drone it automatically adds the Github username and password to the builds .netrc.

The password is actually a token instead of a password. The .netrc will look as such:

machine github.com
  login <SOME_SECRET>
  password x-oauth-basic

This means you can clone private Github repos over HTTPS without having to specify the username/password, i.e. git clone https://github.com/USER/REPO/git.

You can also get the same effect locally by adding a ~/.netrc file and adding something like:

machine github.com
  login <GITHUB_USERNAME>
  password <GITHUB_PERSONAL_TOKEN>

machine api.github.com
  login <GITHUB_USERNAME>
  password <GITHUB_PERSONAL_TOKEN>

You will have to generate a personal token.

For example, if using the Ruby package manger bundler, you can add the following to the Gemfile:

gem 'documas', git: 'https://github.com/Propheris/documas-core.git'

The build can do bundle install successfully since it will clone the above repo via HTTPS using the Github token. The only issue is that when you do bundle install locally it will ask for a username/password. To overcome this add a ~/.netrc file to your development machine as per the above example.

like image 29
Kris Avatar answered Oct 18 '22 02:10

Kris