Debug secrets with drone exec

mtrivolli · September 7, 2020, 10:11pm

Is there anyway I could debug how secrets are managed in local builds? I just keep getting “no basic auth” credentials error when pushing to my private registry:

[.drone.yml]
- name: publish
image: plugins/docker:18
settings:
repo: myrepo/${DRONE_REPO_NAME}
registry: myrepo
username:
from_secret: docker_username
password:
from_secret: docker_password
auto_tag: true
insecure: true
debug: true

sh: drone exec --secret-file …/secrets.txt --trusted --include publish --event=tag --ref=refs/tags/1.0.0

[secrets.txt]
DOCKER_USERNAME=nexus-user
DOCKER_PASSWORD=xxxxxx

Thanks!

bradrydzewski · September 7, 2020, 10:45pm

one thing that jumps out is the case mismatch. In your yaml file, the secrets are lowercase but in your secrets file, they are uppercase. But otherwise, yes, you can view source to learn more about how it behaves.

mtrivolli · September 8, 2020, 6:44am

My gosh! I’m awfully sorry, that was obvious. Thanks a lot.

Just a suggestion: drone might raise an error whenever there is a reference to a secret that is not defined.

bradrydzewski · September 8, 2020, 1:16pm

secrets are optional by design and it can be valid for a secret to exist for some events (push events) but not exist for other events (pull request) and a step to execute regardless. We do not want to introduce any breaking changes, however, we have considered providing an expanded syntax that is opt-in and could be used to require the secret exists:

username:
  from_secret: foo

password:
  from_secret:
    name: bar
    required: true