Compare revisions

to be continuous bot · to be continuous bot · Anoop Mazhavancheri · Pierre Smeyers · Pierre Smeyers · to be continuous bot
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -12,11 +12,15 @@ include:
    ref: '3.4'
    file: '/templates/gitlab-ci-bash.yml'
  - project: 'to-be-continuous/semantic-release'
-    ref: '3.8'
+    ref: '3.11'
    file: '/templates/gitlab-ci-semrel.yml'
+  - project: 'to-be-continuous/gitleaks'
+    ref: '2.5'
+    file: '/templates/gitlab-ci-gitleaks.yml'

 stages:
  - build
+  - test
  - publish

 variables:

--- a/.gitleaksignore
+++ b/.gitleaksignore
+67ee980ac5acf69b9bf9cf3c71d7a2d9c1385bd1:README.md:private-key:278
\ No newline at end of file
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
+# [3.10.0](https://gitlab.com/to-be-continuous/maven/compare/3.9.2...3.10.0) (2024-06-30)
+
+
+### Bug Fixes
+
+* add submodule pom files as job artifacts ([e6960e6](https://gitlab.com/to-be-continuous/maven/commit/e6960e6b26be9fecb4ce69d38e12919a886132a0))
+
+
+### Features
+
+* add eval_all_secrets closes [#59](https://gitlab.com/to-be-continuous/maven/issues/59) ([c77193c](https://gitlab.com/to-be-continuous/maven/commit/c77193c447fa897563b07ec0cc5a17ea02e229b8))
+
 ## [3.9.2](https://gitlab.com/to-be-continuous/maven/compare/3.9.1...3.9.2) (2024-05-05)



--- a/README.md
+++ b/README.md
@@ -14,7 +14,7 @@ Add the following to your `gitlab-ci.yml`:
 ```yaml
 include:
  # 1: include the component
-  - component: gitlab.com/to-be-continuous/maven/gitlab-ci-maven@3.9.2
+  - component: gitlab.com/to-be-continuous/maven/gitlab-ci-maven@3.10.0
    # 2: set/override component inputs
    inputs:
      # ⚠ this is only an example
@@ -30,7 +30,7 @@ Add the following to your `gitlab-ci.yml`:
 include:
  # 1: include the template
  - project: 'to-be-continuous/maven'
-    ref: '3.9.2'
+    ref: '3.10.0'
    file: '/templates/gitlab-ci-maven.yml'

 variables:
@@ -526,7 +526,7 @@ All authentication methods should use masked GitLab environment variables.
 ```yaml
 include:
  # main template
-  - component: gitlab.com/to-be-continuous/maven/gitlab-ci-maven@3.9.2
+  - component: gitlab.com/to-be-continuous/maven/gitlab-ci-maven@3.10.0
  # Jib is implemented as an extension to Maven, and uses supporting features of the TBC Maven template
-  - component: gitlab.com/to-be-continuous/maven/gitlab-ci-maven-jib@3.9.2
+  - component: gitlab.com/to-be-continuous/maven/gitlab-ci-maven-jib@3.10.0
 ```
--- a/templates/gitlab-ci-maven.yml
+++ b/templates/gitlab-ci-maven.yml
@@ -445,7 +445,78 @@ stages:
    done
    log_info "... done"
  }
-
+  
+  # evaluate and export a secret
+  # - $1: secret variable name
+  function eval_secret() {
+    name=$1
+    value=$(eval echo "\$${name}")
+    case "$value" in
+    @b64@*)
+      decoded=$(mktemp)
+      errors=$(mktemp)
+      if echo "$value" | cut -c6- | base64 -d > "${decoded}" 2> "${errors}"
+      then
+        # shellcheck disable=SC2086
+        export ${name}="$(cat ${decoded})"
+        log_info "Successfully decoded base64 secret \\e[33;1m${name}\\e[0m"
+      else
+        fail "Failed decoding base64 secret \\e[33;1m${name}\\e[0m:\\n$(sed 's/^/... /g' "${errors}")"
+      fi
+      ;;
+    @hex@*)
+      decoded=$(mktemp)
+      errors=$(mktemp)
+      if echo "$value" | cut -c6- | sed 's/\([0-9A-F]\{2\}\)/\\\\x\1/gI' | xargs printf > "${decoded}" 2> "${errors}"
+      then
+        # shellcheck disable=SC2086
+        export ${name}="$(cat ${decoded})"
+        log_info "Successfully decoded hexadecimal secret \\e[33;1m${name}\\e[0m"
+      else
+        fail "Failed decoding hexadecimal secret \\e[33;1m${name}\\e[0m:\\n$(sed 's/^/... /g' "${errors}")"
+      fi
+      ;;
+    @url@*)
+      url=$(echo "$value" | cut -c6-)
+      if command -v curl > /dev/null
+      then
+        decoded=$(mktemp)
+        errors=$(mktemp)
+        if curl -s -S -f --connect-timeout 5 -o "${decoded}" "$url" 2> "${errors}"
+        then
+          # shellcheck disable=SC2086
+          export ${name}="$(cat ${decoded})"
+          log_info "Successfully curl'd secret \\e[33;1m${name}\\e[0m"
+        else
+          log_warn "Failed getting secret \\e[33;1m${name}\\e[0m:\\n$(sed 's/^/... /g' "${errors}")"
+        fi
+      elif command -v wget > /dev/null
+      then
+        decoded=$(mktemp)
+        errors=$(mktemp)
+        if wget -T 5 -O "${decoded}" "$url" 2> "${errors}"
+        then
+          # shellcheck disable=SC2086
+          export ${name}="$(cat ${decoded})"
+          log_info "Successfully wget'd secret \\e[33;1m${name}\\e[0m"
+        else
+          log_warn "Failed getting secret \\e[33;1m${name}\\e[0m:\\n$(sed 's/^/... /g' "${errors}")"
+        fi
+      else
+        fail "Couldn't get secret \\e[33;1m${name}\\e[0m: no http client found"
+      fi
+      ;;
+    esac
+  }
+  
+  function eval_all_secrets() {
+    encoded_vars=$(env | grep -v '^scoped__' | awk -F '=' '/^[a-zA-Z0-9_]*=@(b64|hex|url)@/ {print $1}')
+    for var in $encoded_vars
+    do
+      eval_secret "$var"
+    done
+  }
+  
  # builds the Java proxy options from Linux env (http_proxy, https_proxy, ftp_proxy and no_proxy)
  function eval_java_proxy_args() {
    # transform no_proxy into Java stype nonProxyHosts
@@ -516,9 +587,10 @@ stages:
      fi
    fi
  }
-
+  
  unscope_variables
-
+  eval_all_secrets
+  
  # ENDSCRIPT

 # Generic maven job
@@ -526,7 +598,7 @@ stages:
  image: $MAVEN_IMAGE
  services:
    - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "maven", "3.9.2"]
+      command: ["--service", "maven", "3.10.0"]
  before_script:
    - !reference [.mvn-scripts]
    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
@@ -559,7 +631,7 @@ mvn-build:
        - "${MAVEN_PROJECT_DIR}/**/target/*-reports/TEST-*.xml"
    paths:
      # version may have been altered
-      - pom.xml
+      - "${MAVEN_PROJECT_DIR}/**/pom.xml"
      - "${MAVEN_PROJECT_DIR}/**/target"

 # Sonar job
No results found