Skip to content

Commit

Permalink
Add secure_env_vars_removed to payload
Browse files Browse the repository at this point in the history 
travis-build will look at this information, and warn when PR comes
from a fork and secure environment variables are not available.
  • Loading branch information
@BanzaiMan
BanzaiMan committed Mar 17, 2017
1 parent 40a95f0 commit 1c9f931
Show file tree
Hide file tree
Showing 4 changed files with 37 additions and 1 deletion.
1 change: 1 addition & 0 deletions lib/travis/scheduler/serialize/worker.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ def job_data
pull_request: build.pull_request? ? build.pull_request_number : false,
state: job.state.to_s,
secure_env_enabled: job.secure_env?,
secure_env_vars_removed: job.secure_env_vars_removed?,
debug_options: job.debug_options || {},
queued_at: format_date(job.queued_at),
allow_failure: job.allow_failure,
Expand Down
9 changes: 9 additions & 0 deletions lib/travis/scheduler/serialize/worker/job.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,15 @@ def same_repo_pull_request?
request.same_repo_pull_request?
end

def secure_env_vars_removed?
!secure_env? &&
[:env, :global_env].any? do |key|
config.has_key?(key) &&
config[key].respond_to?(:has_key?) &&
config[key].has_key?(:secure)
end
end

def ssh_key
config[:source_key]
end
Expand Down
25 changes: 24 additions & 1 deletion spec/travis/scheduler/serialize/worker/job_spec.rb
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
describe Travis::Scheduler::Serialize::Worker::Job do
let(:request) { Request.new }
let(:build) { Build.new(request: request) }
let(:job) { Job.new(source: build) }
let(:job) { Job.new(source: build, config: config) }
let(:config) { {} }
subject { described_class.new(job) }

describe 'env_vars' do
Expand Down Expand Up @@ -40,4 +41,26 @@
end
end
end

describe '#secure_env_vars_removed?' do
describe 'with a push event' do
before { build.event_type = 'push' }
it { expect(subject.secure_env_vars_removed?).to eq(false) }
end

describe 'with a pull_request event' do
before { build.event_type = 'pull_request' }

describe 'from the same repository' do
before { request.stubs(:same_repo_pull_request?).returns(true) }
it { expect(subject.secure_env_vars_removed?).to eq(false) }
end

describe 'from a different repository' do
let(:config) { { env: { secure: "secret" } } }
before { request.stubs(:same_repo_pull_request?).returns(false) }
it { expect(subject.secure_env_vars_removed?).to eq(true) }
end
end
end
end
3 changes: 3 additions & 0 deletions spec/travis/scheduler/serialize/worker_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ def encrypted(value)
pull_request: false,
state: 'queued',
secure_env_enabled: true,
secure_env_vars_removed: false,
debug_options: {},
queued_at: '2016-01-01T10:30:00Z',
allow_failure: allow_failure
Expand Down Expand Up @@ -122,6 +123,7 @@ def encrypted(value)
pull_request: false,
state: 'queued',
secure_env_enabled: true,
secure_env_vars_removed: false,
debug_options: {},
queued_at: '2016-01-01T10:30:00Z',
allow_failure: false,
Expand Down Expand Up @@ -213,6 +215,7 @@ def encrypted(value)
pull_request: 180,
state: 'queued',
secure_env_enabled: false,
secure_env_vars_removed: false,
debug_options: {},
queued_at: '2016-01-01T10:30:00Z',
pull_request_head_branch: 'head_branch',
Expand Down

0 comments on commit 1c9f931

Please sign in to comment.