Closed HerHde closed 2 years ago
did you had a look into https://woodpecker-ci.org/docs/usage/secrets ?
Yes, I tried the docs about secrets, tried to adapt some things from environment docs and checked the Drone docs to get some clues.
It works perfectly in a commands:
block.
I also checked the secret type (it's set for tags).
I forgot to mention that I'm using the latest woodpecker docker images. The code block is just part of a stage from my .woodpecker.yml
, which is only executed for tags.
"Debugging" it with title: ${GITEA_TOKEN} - ${CI}
resolved to - drone
, so the secret remained empty there, too, but I'm mainly guessing how to adress it, anyhow.
@HerHde api_key
should be in the settings block per drone docs (edit: settings block is not supported in woodpecker currently).
Also double check and make sure the secret has been created in the Secrets
tab for your repo in woodpecker.
Yeah, it didn't worked in a settings block, but only on the same layer as image
etc., like the Woodpecker docs states. (Imho that's not the best design change, though. Edit: I just saw #464, where you're considering this).
I gave it another try with a hardcoded token. Using a settings block it fails with `time="[now]" level=fatal msg="You must provide an API key"´, otherwise it works fine.
And I checked the secrets tab, it exists and I can use it in a commands block.
By the way, sorry for not using an issue template, but I felt Q&A was most appropriate. Discord however isn't for me personally.
I will have a look at how the secrets are passed to the config, but I have the feeling that they are just passed as normal environment variables and therefore can not be used outside the step
Yeah, it didn't worked in a settings block, but only on the same layer as
image
etc., like the Woodpecker docs state.
Thanks for pointing that out, I had totally missed it.
May I push and ask for anything new?
Hi, maybe this can help.
Secrets are just environment variables and so are plugin parameters, so with a little bit of trickery you can map them between each other.
Here's an example of the docker
plugin that I've been using.
pipeline:
dockerImage:
image: plugins/docker
dockerfile: "${IMAGE_NAME}/Dockerfile"
repo: "docker.example.org/me/${IMAGE_NAME}"
registry: "docker.example.org"
tags:
- latest
secrets:
- source: docker_registry_username
target: plugin_username
- source: docker_registry_password
target: plugin_password
The key is to use secrets
with the source
and target
mappings.
For your example, specify the secret in the web UI as GITEA_TOKEN
(yes, uppercase!), then use:
release:
image: plugins/gitea-release
secrets:
- source: gitea_token
target: plugin_api_key
(yes, you write them in lowercase in the secrets
block.)
I noticed this because the example plugin shows that plugin parameters are just PLUGIN_XXX
env vars and the secrets documentation shows you how to use alternate names.
I don't think this is a very nice way of doing it, but it works today. It might be sensible for a more 'proper' way of doing this to be added to Woodpecker's YAML syntax but I didn't see one so far.
Edit: if you wouldn't mind, it might be kind to update the issue title so it mentions using secrets in plugins (for the benefit of people searching later).
@reivilibre what title do you propose? & pulls do documentation are always welcome ;)
Thank you @reivilibre, this works indeed!
@6543 and @jolheiser I think #604 closes this? Or you wait for 0.15 to be released?
yes was closed by #604 - way better than to do it atm :)
PS: thanks for the ping!
Hey there,
I'm trying to set up the Drone Gitea plugin, using credentials from secrets, but I can't figure out how to reference a secret as a value correctly. I tried out setting api_key to
$gitea_token
$GITEA_TOKEN
,${GITEA_TOKEN}
and with an attributefrom_secret
, trying to adapt to the different syntax compared to Drone:Could you help me out on this, please? How do I use secrets for api_key?