Hello !
I have a pipeline which consists mostly in:
- build image A & push to registry (working)
- build image B & push to registry (working)
- read a file from git and do a eyaml decrypt <----- (not working)
- deploy image that is now in registry, in kubernetes, with the decrypted file (not yet implemented)
Regarding step 3. , i cannot get this to work. This is the step description:
deploy-decrypt-secrets-dev:
image: docker
secrets: [ pkcs7_private_key, pkcs7_public_key ]
commands:
- mkdir -p /drone/eyaml-keys
- echo $PKCS7_PRIVATE_KEY > /drone/eyaml-keys/private_key.pkcs7.pem
- echo $PKCS7_PUBLIC_KEY > /drone/eyaml-keys/public_key.pkcs7.pem
- ls -sal /drone/eyaml-keys
- docker run --rm --entrypoint='ls' -v '/drone:/drone:ro' --name eyaml halberom/hiera-eyaml /drone
volumes:
- /var/run/docker.sock:/var/run/docker.sock
when:
event: push
ls -sal returns the expected result:
total 16
4 drwxr-xr-x 2 root root 4096 Nov 17 08:29 .
4 drwxr-xr-x 4 root root 4096 Nov 17 08:29 ..
4 -rw-r--r-- 1 root root 1675 Nov 17 08:29 private_key.pkcs7.pem
4 -rw-r--r-- 1 root root 1050 Nov 17 08:29 public_key.pkcs7.pem
however, the docker run command returns only (which ultimately is doing a ls /drone):
src
Locally, i’m able to have this working locally (ie return not only src but also the two keys, but somehow drone.ci dislikes it. Is there any workaround ?
Thank you for your time/help !