yume/act
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make all secrets case insensitive by formatting them to uppercase (#470)

Browse source 
* Uppercase secrets, print error when secret with same name already exists

* Test lower-to-upper case formatting for secrets
This commit is contained in:
Cat™ 2021-01-12 17:54:53 +00:00 committed by GitHub
parent 1b38d5c4d9
commit 2811101dea
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
cmd/secrets.go
View file

@ -15,6 +15,10 @@ func newSecrets(secretList []string) secrets {
s := make(map[string]string) s := make(map[string]string)
for _, secretPair := range secretList { for _, secretPair := range secretList {
secretPairParts := strings.SplitN(secretPair, "=", 2) secretPairParts := strings.SplitN(secretPair, "=", 2)
secretPairParts[0] = strings.ToUpper(secretPairParts[0])
if strings.ToUpper(s[secretPairParts[0]]) == secretPairParts[0] {
log.Fatalf("Secret %s is already defined (secrets are case insensitive)", secretPairParts[0])
}
if len(secretPairParts) == 2 { if len(secretPairParts) == 2 {
s[secretPairParts[0]] = secretPairParts[1] s[secretPairParts[0]] = secretPairParts[1]
} else if env, ok := os.LookupEnv(secretPairParts[0]); ok && env != "" { } else if env, ok := os.LookupEnv(secretPairParts[0]); ok && env != "" {

3
pkg/runner/expression.go
View file

@ -61,6 +61,9 @@ type expressionEvaluator struct {
} }
func (ee *expressionEvaluator) Evaluate(in string) (string, bool, error) { func (ee *expressionEvaluator) Evaluate(in string) (string, bool, error) {
if strings.HasPrefix(in, `secrets.`){
in = `secrets.`+strings.ToUpper(strings.SplitN(in, `.`, 2)[1])
}
re := ee.Rewrite(in) re := ee.Rewrite(in)
if re != in { if re != in {
log.Debugf("Evaluating '%s' instead of '%s'", re, in) log.Debugf("Evaluating '%s' instead of '%s'", re, in)

8
pkg/runner/expression_test.go
View file

@ -14,6 +14,9 @@ func TestEvaluate(t *testing.T) {
rc := &RunContext{ rc := &RunContext{
Config: &Config{ Config: &Config{
Workdir: ".", Workdir: ".",
Secrets: map[string]string{
"LOWER_CASE_SECRET": "value",
},
}, },
Env: map[string]string{ Env: map[string]string{
"key": "value", "key": "value",
@ -102,6 +105,7 @@ func TestEvaluate(t *testing.T) {
{"matrix.os", "Linux", ""}, {"matrix.os", "Linux", ""},
{"matrix.foo", "bar", ""}, {"matrix.foo", "bar", ""},
{"env.key", "value", ""}, {"env.key", "value", ""},
{"secrets.lower_case_secret", "value", ""},
} }
for _, table := range tables { for _, table := range tables {
@ -124,6 +128,9 @@ func TestInterpolate(t *testing.T) {
rc := &RunContext{ rc := &RunContext{
Config: &Config{ Config: &Config{
Workdir: ".", Workdir: ".",
Secrets: map[string]string{
"LOWER_CASE_SECRET": "value",
},
}, },
Env: map[string]string{ Env: map[string]string{
"KEYWITHNOTHING": "valuewithnothing", "KEYWITHNOTHING": "valuewithnothing",
@ -151,6 +158,7 @@ func TestInterpolate(t *testing.T) {
{" ${{ env.KEYWITHNOTHING }} ", " valuewithnothing "}, {" ${{ env.KEYWITHNOTHING }} ", " valuewithnothing "},
{" ${{ env.KEY-WITH-HYPHENS }} ", " value-with-hyphens "}, {" ${{ env.KEY-WITH-HYPHENS }} ", " value-with-hyphens "},
{" ${{ env.KEY_WITH_UNDERSCORES }} ", " value_with_underscores "}, {" ${{ env.KEY_WITH_UNDERSCORES }} ", " value_with_underscores "},
{" ${{ secrets.lower_case_secret }} ", " value "},
{"${{ env.UNKNOWN }}", ""}, {"${{ env.UNKNOWN }}", ""},
{"${{ env.SOMETHING_TRUE }}", "true"}, {"${{ env.SOMETHING_TRUE }}", "true"},
{"${{ env.SOMETHING_FALSE }}", "false"}, {"${{ env.SOMETHING_FALSE }}", "false"},