fix: add all origin secrets (#190)

Co-authored-by: Jordan Brockopp <jordan.brockopp@target.com>

compiler/native/expand.go

@@ -125,7 +125,7 @@ func (c *client) ExpandSteps(s *yaml.Build, tmpls map[string]*yaml.Template) (ya
 			}
 
 			// only append template secret if it does not exist within base configuration
-			if !found {
+			if !secret.Origin.Empty() || !found {
 				secrets = append(secrets, secret)
 			}
 		}

compiler/native/expand_test.go

@@ -285,6 +285,234 @@ func TestNative_ExpandSteps(t *testing.T) {
 	}
 }
 
+func TestNative_ExpandStepsMulti(t *testing.T) {
+	// setup context
+	gin.SetMode(gin.TestMode)
+
+	resp := httptest.NewRecorder()
+	_, engine := gin.CreateTestContext(resp)
+
+	// setup mock server
+	engine.GET("/api/v3/repos/foo/bar/contents/:path", func(c *gin.Context) {
+		c.Header("Content-Type", "application/json")
+		c.Status(http.StatusOK)
+		c.File("testdata/template-gradle.json")
+	})
+	engine.GET("/api/v3/repos/bar/foo/contents/:path", func(c *gin.Context) {
+		c.Header("Content-Type", "application/json")
+		c.Status(http.StatusOK)
+		c.File("testdata/template-maven.json")
+	})
+
+	s := httptest.NewServer(engine)
+	defer s.Close()
+
+	// setup types
+	set := flag.NewFlagSet("test", 0)
+	set.Bool("github-driver", true, "doc")
+	set.String("github-url", s.URL, "doc")
+	set.String("github-token", "", "doc")
+	c := cli.NewContext(nil, set, nil)
+
+	tmpls := map[string]*yaml.Template{
+		"gradle": {
+			Name:   "gradle",
+			Source: "github.example.com/foo/bar/gradle.yml",
+			Type:   "github",
+		},
+		"maven": {
+			Name:   "maven",
+			Source: "github.example.com/bar/foo/maven.yml",
+			Type:   "github",
+		},
+	}
+
+	steps := yaml.StepSlice{
+		&yaml.Step{
+			Name: "sample",
+			Template: yaml.StepTemplate{
+				Name: "gradle",
+				Variables: map[string]interface{}{
+					"image":       "openjdk:latest",
+					"environment": "{ GRADLE_USER_HOME: .gradle, GRADLE_OPTS: -Dorg.gradle.daemon=false -Dorg.gradle.workers.max=1 -Dorg.gradle.parallel=false }",
+					"pull_policy": "pull: true",
+				},
+			},
+		},
+		&yaml.Step{
+			Name: "sample",
+			Template: yaml.StepTemplate{
+				Name: "maven",
+				Variables: map[string]interface{}{
+					"image":       "openjdk:latest",
+					"environment": "{ GRADLE_USER_HOME: .gradle, GRADLE_OPTS: -Dorg.gradle.daemon=false -Dorg.gradle.workers.max=1 -Dorg.gradle.parallel=false }",
+					"pull_policy": "pull: true",
+				},
+			},
+		},
+	}
+
+	wantSteps := yaml.StepSlice{
+		&yaml.Step{
+			Commands: []string{"./gradlew downloadDependencies"},
+			Environment: raw.StringSliceMap{
+				"GRADLE_OPTS":      "-Dorg.gradle.daemon=false -Dorg.gradle.workers.max=1 -Dorg.gradle.parallel=false",
+				"GRADLE_USER_HOME": ".gradle",
+			},
+			Image: "openjdk:latest",
+			Name:  "sample_install",
+			Pull:  "always",
+		},
+		&yaml.Step{
+			Commands: []string{"./gradlew check"},
+			Environment: raw.StringSliceMap{
+				"GRADLE_OPTS":      "-Dorg.gradle.daemon=false -Dorg.gradle.workers.max=1 -Dorg.gradle.parallel=false",
+				"GRADLE_USER_HOME": ".gradle",
+			},
+			Image: "openjdk:latest",
+			Name:  "sample_test",
+			Pull:  "always",
+		},
+		&yaml.Step{
+			Commands: []string{"./gradlew build"},
+			Environment: raw.StringSliceMap{
+				"GRADLE_OPTS":      "-Dorg.gradle.daemon=false -Dorg.gradle.workers.max=1 -Dorg.gradle.parallel=false",
+				"GRADLE_USER_HOME": ".gradle",
+			},
+			Image: "openjdk:latest",
+			Name:  "sample_build",
+			Pull:  "always",
+		},
+		&yaml.Step{
+			Commands: []string{"mvn downloadDependencies"},
+			Environment: raw.StringSliceMap{
+				"GRADLE_OPTS":      "-Dorg.gradle.daemon=false -Dorg.gradle.workers.max=1 -Dorg.gradle.parallel=false",
+				"GRADLE_USER_HOME": ".gradle",
+			},
+			Image: "openjdk:latest",
+			Name:  "sample_install",
+			Pull:  "always",
+		},
+		&yaml.Step{
+			Commands: []string{"mvn check"},
+			Environment: raw.StringSliceMap{
+				"GRADLE_OPTS":      "-Dorg.gradle.daemon=false -Dorg.gradle.workers.max=1 -Dorg.gradle.parallel=false",
+				"GRADLE_USER_HOME": ".gradle",
+			},
+			Image: "openjdk:latest",
+			Name:  "sample_test",
+			Pull:  "always",
+		},
+		&yaml.Step{
+			Commands: []string{"mvn build"},
+			Environment: raw.StringSliceMap{
+				"GRADLE_OPTS":      "-Dorg.gradle.daemon=false -Dorg.gradle.workers.max=1 -Dorg.gradle.parallel=false",
+				"GRADLE_USER_HOME": ".gradle",
+			},
+			Image: "openjdk:latest",
+			Name:  "sample_build",
+			Pull:  "always",
+		},
+	}
+
+	wantSecrets := yaml.SecretSlice{
+		&yaml.Secret{
+			Name:   "docker_username",
+			Key:    "org/repo/foo/bar",
+			Engine: "native",
+			Type:   "repo",
+			Origin: yaml.Origin{},
+		},
+		&yaml.Secret{
+			Name:   "foo_password",
+			Key:    "org/repo/foo/password",
+			Engine: "vault",
+			Type:   "repo",
+			Origin: yaml.Origin{},
+		},
+		&yaml.Secret{
+			Name:   "vault_token",
+			Key:    "vault_token",
+			Engine: "native",
+			Type:   "repo",
+			Origin: yaml.Origin{},
+		},
+		&yaml.Secret{
+			Origin: yaml.Origin{
+				Name:  "private vault",
+				Image: "target/secret-vault:latest",
+				Pull:  "always",
+				Secrets: yaml.StepSecretSlice{
+					{
+						Source: "vault_token",
+						Target: "vault_token",
+					},
+				},
+				Parameters: map[string]interface{}{
+					"addr":        "vault.example.com",
+					"auth_method": "token",
+					"username":    "octocat",
+					"items": []interface{}{
+						map[interface{}]interface{}{string("path"): string("docker"), string("source"): string("secret/docker")},
+					},
+				},
+			},
+		},
+		&yaml.Secret{
+			Origin: yaml.Origin{
+				Name:  "private vault",
+				Image: "target/secret-vault:latest",
+				Pull:  "always",
+				Secrets: yaml.StepSecretSlice{
+					{
+						Source: "vault_token",
+						Target: "vault_token",
+					},
+				},
+				Parameters: map[string]interface{}{
+					"addr":        "vault.example.com",
+					"auth_method": "token",
+					"username":    "octocat",
+					"items": []interface{}{
+						map[interface{}]interface{}{string("path"): string("docker"), string("source"): string("secret/docker")},
+					},
+				},
+			},
+		},
+	}
+
+	wantServices := yaml.ServiceSlice{
+		&yaml.Service{
+			Image: "postgres:12",
+			Name:  "postgres",
+			Pull:  "not_present",
+		},
+	}
+
+	// run test
+	compiler, err := New(c)
+	if err != nil {
+		t.Errorf("Creating new compiler returned err: %v", err)
+	}
+
+	steps, secrets, services, err := compiler.ExpandSteps(&yaml.Build{Steps: steps, Services: yaml.ServiceSlice{}}, tmpls)
+	if err != nil {
+		t.Errorf("ExpandSteps returned err: %v", err)
+	}
+
+	if diff := cmp.Diff(steps, wantSteps); diff != "" {
+		t.Errorf("ExpandSteps() mismatch (-want +got):\n%s", diff)
+	}
+
+	if diff := cmp.Diff(secrets, wantSecrets); diff != "" {
+		t.Errorf("ExpandSteps() mismatch (-want +got):\n%s", diff)
+	}
+
+	if diff := cmp.Diff(services, wantServices); diff != "" {
+		t.Errorf("ExpandSteps() mismatch (-want +got):\n%s", diff)
+	}
+}
+
 func TestNative_ExpandStepsStarlark(t *testing.T) {
 	// setup context
 	gin.SetMode(gin.TestMode)

compiler/native/testdata/template-gradle.json

@@ -0,0 +1,18 @@
+{
+  "type": "file",
+  "encoding": "base64",
+  "size": 5362,
+  "name": "gradle.yml",
+  "path": "gradle.yml",
+  "content": "bWV0YWRhdGE6CiAgdGVtcGxhdGU6IHRydWUKCnN0ZXBzOgogIC0gbmFtZTogaW5zdGFsbAogICAgY29tbWFuZHM6CiAgICAgIC0gLi9ncmFkbGV3IGRvd25sb2FkRGVwZW5kZW5jaWVzCiAgICBlbnZpcm9ubWVudDoge3sgLmVudmlyb25tZW50IH19CiAgICBpbWFnZToge3sgLmltYWdlIH19CiAgICB7eyAucHVsbF9wb2xpY3kgfX0KCiAgLSBuYW1lOiB0ZXN0CiAgICBjb21tYW5kczoKICAgICAgLSAuL2dyYWRsZXcgY2hlY2sKICAgIGVudmlyb25tZW50OiB7eyAuZW52aXJvbm1lbnQgfX0KICAgIGltYWdlOiB7eyAuaW1hZ2UgfX0KICAgIHt7IC5wdWxsX3BvbGljeSB9fQoKICAtIG5hbWU6IGJ1aWxkCiAgICBjb21tYW5kczoKICAgICAgLSAuL2dyYWRsZXcgYnVpbGQKICAgIGVudmlyb25tZW50OiB7eyAuZW52aXJvbm1lbnQgfX0KICAgIGltYWdlOiB7eyAuaW1hZ2UgfX0KICAgIHt7IC5wdWxsX3BvbGljeSB9fQoKc2VjcmV0czoKICAtIG5hbWU6IGRvY2tlcl91c2VybmFtZQogICAga2V5OiBvcmcvcmVwby9mb28vYmFyCiAgICBlbmdpbmU6IG5hdGl2ZQogICAgdHlwZTogcmVwbwoKICAtIG5hbWU6IGZvb19wYXNzd29yZAogICAga2V5OiBvcmcvcmVwby9mb28vcGFzc3dvcmQKICAgIGVuZ2luZTogdmF1bHQKICAgIHR5cGU6IHJlcG8KCiAgLSBuYW1lOiB2YXVsdF90b2tlbgoKICAtIG9yaWdpbjoKICAgICAgbmFtZTogcHJpdmF0ZSB2YXVsdAogICAgICBpbWFnZTogdGFyZ2V0L3NlY3JldC12YXVsdDpsYXRlc3QKICAgICAgcHVsbDogYWx3YXlzCiAgICAgIHNlY3JldHM6IFsgdmF1bHRfdG9rZW4gXQogICAgICBwYXJhbWV0ZXJzOgogICAgICAgIGFkZHI6IHZhdWx0LmV4YW1wbGUuY29tCiAgICAgICAgYXV0aF9tZXRob2Q6IHRva2VuCiAgICAgICAgdXNlcm5hbWU6IG9jdG9jYXQKICAgICAgICBpdGVtczoKICAgICAgICAgIC0gc291cmNlOiBzZWNyZXQvZG9ja2VyCiAgICAgICAgICAgIHBhdGg6IGRvY2tlcgoKe3sgaWYgLnNlY3JldCB9fQoKICAtIG5hbWU6IGJhcl9wYXNzd29yZAogICAga2V5OiBvcmcvcmVwby9iYXIvcGFzc3dvcmQKICAgIGVuZ2luZTogdmF1bHQKICAgIHR5cGU6IHJlcG8KCnt7IGVuZCB9fQoKc2VydmljZXM6CiAgIC0gbmFtZTogcG9zdGdyZXMKICAgICBpbWFnZTogcG9zdGdyZXM6MTIKCiB7eyBpZiAuc2VydmljZSB9fQoKICAgLSBuYW1lOiByZWRpcwogICAgIGtleTogcmVkaXM6NgoKIHt7IGVuZCB9fQo=",
+  "sha": "3d21ec53a331a6f037a91c368710b99387d012c1",
+  "url": "https://api.github.com/repos/octokit/octokit.rb/contents/gradle.yml",
+  "git_url": "https://api.github.com/repos/octokit/octokit.rb/git/blobs/3d21ec53a331a6f037a91c368710b99387d012c1",
+  "html_url": "https://github.com/octokit/octokit.rb/blob/master/gradle.yml",
+  "download_url": "https://raw.githubusercontent.com/octokit/octokit.rb/master/gradle.yml",
+  "_links": {
+    "git": "https://api.github.com/repos/octokit/octokit.rb/git/blobs/3d21ec53a331a6f037a91c368710b99387d012c1",
+    "self": "https://api.github.com/repos/octokit/octokit.rb/contents/gradle.yml",
+    "html": "https://github.com/octokit/octokit.rb/blob/master/gradle.yml"
+  }
+}

compiler/native/testdata/template-maven.json

@@ -0,0 +1,18 @@
+{
+  "type": "file",
+  "encoding": "base64",
+  "size": 5362,
+  "name": "maven.yml",
+  "path": "maven.yml",
+  "content": "bWV0YWRhdGE6CiAgdGVtcGxhdGU6IHRydWUKCnN0ZXBzOgogIC0gbmFtZTogaW5zdGFsbAogICAgY29tbWFuZHM6CiAgICAgIC0gbXZuIGRvd25sb2FkRGVwZW5kZW5jaWVzCiAgICBlbnZpcm9ubWVudDoge3sgLmVudmlyb25tZW50IH19CiAgICBpbWFnZToge3sgLmltYWdlIH19CiAgICB7eyAucHVsbF9wb2xpY3kgfX0KCiAgLSBuYW1lOiB0ZXN0CiAgICBjb21tYW5kczoKICAgICAgLSBtdm4gY2hlY2sKICAgIGVudmlyb25tZW50OiB7eyAuZW52aXJvbm1lbnQgfX0KICAgIGltYWdlOiB7eyAuaW1hZ2UgfX0KICAgIHt7IC5wdWxsX3BvbGljeSB9fQoKICAtIG5hbWU6IGJ1aWxkCiAgICBjb21tYW5kczoKICAgICAgLSBtdm4gYnVpbGQKICAgIGVudmlyb25tZW50OiB7eyAuZW52aXJvbm1lbnQgfX0KICAgIGltYWdlOiB7eyAuaW1hZ2UgfX0KICAgIHt7IC5wdWxsX3BvbGljeSB9fQoKc2VjcmV0czoKICAtIG5hbWU6IGRvY2tlcl91c2VybmFtZQogICAga2V5OiBvcmcvcmVwby9mb28vYmFyCiAgICBlbmdpbmU6IG5hdGl2ZQogICAgdHlwZTogcmVwbwoKICAtIG5hbWU6IGZvb19wYXNzd29yZAogICAga2V5OiBvcmcvcmVwby9mb28vcGFzc3dvcmQKICAgIGVuZ2luZTogdmF1bHQKICAgIHR5cGU6IHJlcG8KCiAgLSBuYW1lOiB2YXVsdF90b2tlbgoKICAtIG9yaWdpbjoKICAgICAgbmFtZTogcHJpdmF0ZSB2YXVsdAogICAgICBpbWFnZTogdGFyZ2V0L3NlY3JldC12YXVsdDpsYXRlc3QKICAgICAgcHVsbDogYWx3YXlzCiAgICAgIHNlY3JldHM6IFsgdmF1bHRfdG9rZW4gXQogICAgICBwYXJhbWV0ZXJzOgogICAgICAgIGFkZHI6IHZhdWx0LmV4YW1wbGUuY29tCiAgICAgICAgYXV0aF9tZXRob2Q6IHRva2VuCiAgICAgICAgdXNlcm5hbWU6IG9jdG9jYXQKICAgICAgICBpdGVtczoKICAgICAgICAgIC0gc291cmNlOiBzZWNyZXQvZG9ja2VyCiAgICAgICAgICAgIHBhdGg6IGRvY2tlcgoKe3sgaWYgLnNlY3JldCB9fQoKICAtIG5hbWU6IGJhcl9wYXNzd29yZAogICAga2V5OiBvcmcvcmVwby9iYXIvcGFzc3dvcmQKICAgIGVuZ2luZTogdmF1bHQKICAgIHR5cGU6IHJlcG8KCnt7IGVuZCB9fQoKc2VydmljZXM6CiAgIC0gbmFtZTogcG9zdGdyZXMKICAgICBpbWFnZTogcG9zdGdyZXM6MTIKCiB7eyBpZiAuc2VydmljZSB9fQoKICAgLSBuYW1lOiByZWRpcwogICAgIGtleTogcmVkaXM6NgoKIHt7IGVuZCB9fQo=",
+  "sha": "3d21ec53a331a6f037a91c368710b99387d012c1",
+  "url": "https://api.github.com/repos/octokit/octokit.rb/contents/maven.yml",
+  "git_url": "https://api.github.com/repos/octokit/octokit.rb/git/blobs/3d21ec53a331a6f037a91c368710b99387d012c1",
+  "html_url": "https://github.com/octokit/octokit.rb/blob/master/maven.yml",
+  "download_url": "https://raw.githubusercontent.com/octokit/octokit.rb/master/maven.yml",
+  "_links": {
+    "git": "https://api.github.com/repos/octokit/octokit.rb/git/blobs/3d21ec53a331a6f037a91c368710b99387d012c1",
+    "self": "https://api.github.com/repos/octokit/octokit.rb/contents/maven.yml",
+    "html": "https://github.com/octokit/octokit.rb/blob/master/maven.yml"
+  }
+}