44 lines
1.1 KiB
YAML
44 lines
1.1 KiB
YAML
apiVersion: tekton.dev/v1
|
|
kind: Task
|
|
metadata:
|
|
name: secret-home
|
|
spec:
|
|
params:
|
|
- name: context
|
|
type: string
|
|
description: context directory
|
|
default: ""
|
|
|
|
- name: keys
|
|
type: string
|
|
description: |
|
|
Comma-separated keys (e.g. ".gitconfig,.git-credentials")
|
|
|
|
workspaces:
|
|
- name: base
|
|
description: Workspace containing the cloned Git repository
|
|
- name: credentials
|
|
description: Secret data from workspace
|
|
|
|
steps:
|
|
- name: extract
|
|
image: python:3.11-slim
|
|
workingDir: /workspace/base/$(params.context)/source
|
|
env:
|
|
- name: HOME
|
|
value: /workspace/base/$(params.context)/home
|
|
script: |
|
|
#!/usr/bin/env bash
|
|
set -e
|
|
apt-get update && apt-get install -y coreutils >/dev/null
|
|
|
|
IFS=',' read -r -a KEY_ARR <<< "$(params.keys)"
|
|
for key in "${KEY_ARR[@]}"; do
|
|
echo "encoding $key"
|
|
key_decoded="${key//__//}"
|
|
echo "decoding $key_decoded"
|
|
target="$HOME/$key_decoded"
|
|
mkdir -p "$(dirname "$target")"
|
|
cp "/workspace/credentials/$key" "$target"
|
|
done
|