diff --git a/tools/deployment-cli-tools/ch_cli_tools/codefresh.py b/tools/deployment-cli-tools/ch_cli_tools/codefresh.py index f544da71..4df6cb8e 100644 --- a/tools/deployment-cli-tools/ch_cli_tools/codefresh.py +++ b/tools/deployment-cli-tools/ch_cli_tools/codefresh.py @@ -391,8 +391,9 @@ def adjust_build_steps(index): if app.harness.secrets: for secret in [secret[0] for secret in app.harness.secrets.items() if secret[1] != ""]: secret_name = secret.replace("_", "__") + value_ref = "\"${{%s}}\"" % secret_name.upper() arguments["custom_values"].append( - "apps_%s_harness_secrets_%s=${{%s}}" % (app_name.replace("_", "__"), secret_name, secret_name.upper())) + "apps_%s_harness_secrets_%s=%s" % (app_name.replace("_", "__"), secret_name, value_ref)) cmds = codefresh['steps']['prepare_deployment']['commands'] diff --git a/tools/deployment-cli-tools/ch_cli_tools/configurationgenerator.py b/tools/deployment-cli-tools/ch_cli_tools/configurationgenerator.py index ed521650..f1f6eff6 100644 --- a/tools/deployment-cli-tools/ch_cli_tools/configurationgenerator.py +++ b/tools/deployment-cli-tools/ch_cli_tools/configurationgenerator.py @@ -328,17 +328,17 @@ def image_tag(self, image_name, build_context_path=None, dependencies=()): logging.info(f"Ignoring {ignore}") tag = generate_tag_from_content(build_context_path, ignore) logging.info(f"Content hash: {tag}") - + # Get dependencies from build context if not provided dependencies = dependencies or guess_build_dependencies_from_dockerfile(build_context_path) - + # Combine with dependency tags dep_tags = "".join(self.all_images.get(n, '') for n in dependencies) if dep_tags: logging.info(f"Dependency tags: {[(n, self.all_images.get(n, '')) for n in dependencies]}") tag = sha1((tag + dep_tags).encode("utf-8")).hexdigest() logging.info(f"Generated tag (with dependencies): {tag}") - + app_name = image_name.split("/")[-1] # the image name can have a prefix self.all_images[app_name] = tag return self.registry + image_name + (f':{tag}' if tag else '') diff --git a/tools/deployment-cli-tools/tests/test_codefresh.py b/tools/deployment-cli-tools/tests/test_codefresh.py index a558f7cc..6c091d7b 100644 --- a/tools/deployment-cli-tools/tests/test_codefresh.py +++ b/tools/deployment-cli-tools/tests/test_codefresh.py @@ -328,6 +328,53 @@ def test_create_codefresh_configuration_nobuild(): assert "publish_myapp-mytask" in l1_steps["publish"]["steps"] +def test_codefresh_secret_with_quotes(): + values = create_helm_chart( + [CLOUDHARNESS_ROOT, RESOURCES], + output_path=OUT, + include=['myapp'], + exclude=['events'], + domain="my.local", + namespace='test', + env='dev', + local=False, + tag=1, + registry='reg' + ) + try: + root_paths = preprocess_build_overrides( + root_paths=[CLOUDHARNESS_ROOT, RESOURCES], + helm_values=values, + merge_build_path=BUILD_MERGE_DIR + ) + + build_included = [app['harness']['name'] + for app in values['apps'].values() if 'harness' in app] + + values.apps["myapp"].harness.secrets = { + "settings_secret": "SECRET_KEY='replace-with-strong-shared-secret'" + } + + cf = create_codefresh_deployment_scripts(root_paths, include=build_included, + envs=['dev'], + base_image_name=values['name'], + helm_values=values, save=False) + + custom_values = cf['steps']['deployment']['arguments']['custom_values'] + entry = next( + value for value in custom_values + if value.startswith("apps_myapp_harness_secrets_settings__secret=") + ) + assert entry == 'apps_myapp_harness_secrets_settings__secret="${{SETTINGS__SECRET}}"' + rendered = entry.replace( + "${{SETTINGS__SECRET}}", + values.apps["myapp"].harness.secrets["settings_secret"] + ) + assert rendered == 'apps_myapp_harness_secrets_settings__secret="SECRET_KEY=\'replace-with-strong-shared-secret\'"' + finally: + shutil.rmtree(BUILD_MERGE_DIR) + + def test_app_depends_on_app(): root_paths = [CLOUDHARNESS_ROOT, RESOURCES]