Allow use of deploy keys for git
All checks were successful
continuous-integration/drone the build was successful
All checks were successful
continuous-integration/drone the build was successful
This commit is contained in:
parent
72eb972bf9
commit
381800d263
@ -16,11 +16,13 @@
|
|||||||
# along with Scone. If not, see <https://www.gnu.org/licenses/>.
|
# along with Scone. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
from typing import List
|
from typing import List, Optional, Tuple
|
||||||
|
|
||||||
from scone.common.modeutils import DEFAULT_MODE_DIR, parse_mode
|
from scone.common.modeutils import DEFAULT_MODE_DIR, parse_mode
|
||||||
|
from scone.default.steps import filesystem_steps, fridge_steps
|
||||||
from scone.default.steps.basic_steps import exec_no_fails
|
from scone.default.steps.basic_steps import exec_no_fails
|
||||||
from scone.default.steps.filesystem_steps import depend_remote_file
|
from scone.default.steps.filesystem_steps import depend_remote_file
|
||||||
|
from scone.default.steps.fridge_steps import FridgeMetadata, load_and_transform
|
||||||
from scone.default.utensils.basic_utensils import (
|
from scone.default.utensils.basic_utensils import (
|
||||||
Chmod,
|
Chmod,
|
||||||
Chown,
|
Chown,
|
||||||
@ -305,6 +307,26 @@ class GitCheckout(Recipe):
|
|||||||
self.expect: List[str] = check_type(args.get("expect", []), list)
|
self.expect: List[str] = check_type(args.get("expect", []), list)
|
||||||
self.submodules = check_type(args.get("submodules", False), bool)
|
self.submodules = check_type(args.get("submodules", False), bool)
|
||||||
|
|
||||||
|
deploy_key = check_type_opt(args.get("deploy_key"), str)
|
||||||
|
if deploy_key is not None:
|
||||||
|
deploy_key_search = fridge_steps.search_in_fridge(head, deploy_key)
|
||||||
|
if deploy_key_search is None:
|
||||||
|
raise ValueError(
|
||||||
|
f"Cannot find deploy key: {deploy_key!r} in the fridge."
|
||||||
|
)
|
||||||
|
|
||||||
|
desugared_src, dk_fullpath = deploy_key_search
|
||||||
|
_unextended_path_str, dk_meta = fridge_steps.decode_fridge_extension(
|
||||||
|
str(dk_fullpath)
|
||||||
|
)
|
||||||
|
|
||||||
|
self.deploy_key: Optional[Tuple[Path, FridgeMetadata]] = (
|
||||||
|
dk_fullpath,
|
||||||
|
dk_meta,
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
self.deploy_key = None
|
||||||
|
|
||||||
def prepare(self, preparation: Preparation, head: Head) -> None:
|
def prepare(self, preparation: Preparation, head: Head) -> None:
|
||||||
super().prepare(preparation, head)
|
super().prepare(preparation, head)
|
||||||
parent = str(Path(self.dest_dir).parent)
|
parent = str(Path(self.dest_dir).parent)
|
||||||
@ -345,7 +367,38 @@ class GitCheckout(Recipe):
|
|||||||
)
|
)
|
||||||
|
|
||||||
# fetch the latest from the remote
|
# fetch the latest from the remote
|
||||||
await exec_no_fails(k, ["git", "fetch", "scone"], self.dest_dir)
|
if self.deploy_key:
|
||||||
|
deploy_key_full_path, deploy_key_fridge_metadata = self.deploy_key
|
||||||
|
remote_deploy_key = self.dest_dir.rstrip("/") + "~deploykey"
|
||||||
|
|
||||||
|
data = await load_and_transform(
|
||||||
|
k,
|
||||||
|
deploy_key_fridge_metadata,
|
||||||
|
deploy_key_full_path,
|
||||||
|
self.recipe_context.variables,
|
||||||
|
)
|
||||||
|
|
||||||
|
await filesystem_steps.write_sous_file(
|
||||||
|
k,
|
||||||
|
remote_deploy_key,
|
||||||
|
# strict user-only access
|
||||||
|
parse_mode("u=rw,go=", directory=False),
|
||||||
|
data,
|
||||||
|
)
|
||||||
|
await exec_no_fails(
|
||||||
|
k,
|
||||||
|
[
|
||||||
|
"git",
|
||||||
|
"-c",
|
||||||
|
f"core.sshCommand=ssh -i {remote_deploy_key}",
|
||||||
|
"fetch",
|
||||||
|
"scone",
|
||||||
|
],
|
||||||
|
self.dest_dir,
|
||||||
|
)
|
||||||
|
await filesystem_steps.delete_sous_file(k, remote_deploy_key)
|
||||||
|
else:
|
||||||
|
await exec_no_fails(k, ["git", "fetch", "scone"], self.dest_dir)
|
||||||
|
|
||||||
# figure out what ref we want to use
|
# figure out what ref we want to use
|
||||||
# TODO(performance): fetch only this ref?
|
# TODO(performance): fetch only this ref?
|
||||||
|
|||||||
@ -19,6 +19,7 @@ from typing import Any, Union
|
|||||||
|
|
||||||
from jinja2 import DictLoader, Environment
|
from jinja2 import DictLoader, Environment
|
||||||
|
|
||||||
|
from scone.default.steps.basic_steps import exec_no_fails
|
||||||
from scone.default.utensils.basic_utensils import WriteFile
|
from scone.default.utensils.basic_utensils import WriteFile
|
||||||
from scone.head.kitchen import Kitchen
|
from scone.head.kitchen import Kitchen
|
||||||
|
|
||||||
@ -54,3 +55,7 @@ async def write_sous_file(
|
|||||||
await chan.send(None)
|
await chan.send(None)
|
||||||
if await chan.recv() != "OK":
|
if await chan.recv() != "OK":
|
||||||
raise RuntimeError(f"WriteFile failed to {path}")
|
raise RuntimeError(f"WriteFile failed to {path}")
|
||||||
|
|
||||||
|
|
||||||
|
async def delete_sous_file(kitchen: Kitchen, path: str):
|
||||||
|
await exec_no_fails(kitchen, ["rm", path], "/")
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user