Closed lonix1 closed 8 months ago
I suspect I found a related issue.
It's slightly different, as above example allows use of an alias as a scalar (from_secret: *TOKEN
), whereas below it does not (secrets: *TOKEN
). Maybe the schemas as different, and so it's the same bug, I'm unsure.
variables:
- &TOKEN watchtower_token
steps:
# other steps...
deploy:
image: busybox
commands:
- curl -sSf -H "Authorization: Bearer $WATCHTOWER_TOKEN" https://watchtower.example.com/v1/update
#secrets: ...see various cases below...
Passing case 1: hardcoded literal in list (the only syntax that works)
secrets:
- watchtower_token
Failing case 1: hardcoded literal
secrets: watchtower_token
failed to parse pipeline: yaml: unmarshal errors: line 1: cannot unmarshal !!str
global_...
into []*types.Secret
Failing case 2: alias as scalar
secrets: *TOKEN
failed to parse pipeline: yaml: unmarshal errors: line 1: cannot unmarshal !!str
global_...
into []*types.Secret
Failing case 3: alias in list
secrets:
- *TOKEN
failed to parse pipeline: yaml: unknown anchor 'TOKEN' referenced
All those cases should be valid yaml.
I don't think this is a bug.
All those cases should be valid yaml.
No. We require secrets
to be a list, so it can't be a scalar - yes, we added this option to other fields and we could add it for secrets too, but currently, that's not the case and you must use a list.
To use anchors with secrets, the anchor itself must be a list too:
variables:
- &SECRET [ test_secret ]
...
secrets: *SECRET
If you have multiple secret anchors, you can combine them like this:
variables:
- &SECRET [ test_secret ]
- &SECRET_2 [ test_2 ]
...
secrets:
- << *SECRET
- << *SECRET_2
Both are parsed by woodpecker without errors.
Closing for now. If there's still issue, just comment.
Component
server
Describe the bug
As discussed in discord.
There is an issue with how the parser deals with yaml anchors/aliases when used for secrets.
A minimal repro below:
.woodpecker.yml
Dockerfile
Result:
@6543 Spent some time investigating. Some preliminary results:
System Info
Additional context
No response
Validations
next
version already [https://woodpecker-ci.org/faq#which-version-of-woodpecker-should-i-use]