Repository secrets用于存储密码、秘钥、令牌等机密信息。
在仓库的setting界面可以配置repository secrets
使用方式:
kind: pipeline
name: default
steps:
- name: build
image: alpine
environment:
USERNAME:
from_secret: docker_username
PASSWORD:
from_secret: docker_password
但是在用户所有Repository的secrets都一样的情况下,每次都配置很麻烦,此时就需要Organization secrets。Organization secrets可以由属于Organization的任何Repository使用。
配置Organization secrets需要先安装drone的命令行工具
drone的命令行是提供drone管理用户和repository 设置的重要工具
1、安装drone-cli(linux):
curl -L https://github.com/drone/drone-cli/releases/latest/download/drone_linux_amd64.tar.gz | tar zx
sudo install -t /usr/local/bin drone
其他安装方式:https://docs.drone.io/cli/install/
配置drone_server地址和token:
export DRONE_SERVER=http://drone.mycompany.com
export DRONE_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
在user-setting界面可以获取信息
此时就可以使用drone命令行工具了
2、使用drone-cli
命令行参数
# drone -h
NAME:
drone - command line utility
USAGE:
drone [global options] command [command options] [arguments...]
VERSION:
1.2.0
COMMANDS:
build manage builds
cron manage cron jobs
log manage logs
encrypt encrypt a secret
exec execute a local build
info show information about the current user
repo manage repositories
user manage users
secret manage secrets
server manage servers
queue queue operations
orgsecret manage organization secrets
autoscale manage autoscaling
fmt format the yaml file
convert convert legacy format
lint lint the yaml file
sign sign the yaml file
jsonnet generate .drone.yml from jsonnet
starlark generate .drone.yml from starlark
plugins plugin helper functions
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
-t value, --token value server auth token [$DRONE_TOKEN]
-s value, --server value server address [$DRONE_SERVER]
--autoscaler value autoscaler address [$DRONE_AUTOSCALER]
--help, -h show help
--version, -v print the version
详细命令信息:https://docs.drone.io/cli/commands/
创建通用secrets
$ drone orgsecret add [organization] [name] [data]
//例如
$ drone orgsecret add octocat docker_password pa55word
$ drone orgsecret ls
docker_password
Organization: octocat
Pull Request Read: false
Pull Request Write: false
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。