I have a pipeline which consists mostly in:
- build image A & push to registry (working)
- build image B & push to registry (working)
- read a file from git and do a eyaml decrypt <----- (not working)
- deploy image that is now in registry, in kubernetes, with the decrypted file (not yet implemented)
Regarding step 3. , i cannot get this to work. This is the step description:
deploy-decrypt-secrets-dev: image: docker secrets: [ pkcs7_private_key, pkcs7_public_key ] commands: - mkdir -p /drone/eyaml-keys - echo $PKCS7_PRIVATE_KEY > /drone/eyaml-keys/private_key.pkcs7.pem - echo $PKCS7_PUBLIC_KEY > /drone/eyaml-keys/public_key.pkcs7.pem - ls -sal /drone/eyaml-keys - docker run --rm --entrypoint='ls' -v '/drone:/drone:ro' --name eyaml halberom/hiera-eyaml /drone volumes: - /var/run/docker.sock:/var/run/docker.sock when: event: push
ls -sal returns the expected result:
total 16 4 drwxr-xr-x 2 root root 4096 Nov 17 08:29 . 4 drwxr-xr-x 4 root root 4096 Nov 17 08:29 .. 4 -rw-r--r-- 1 root root 1675 Nov 17 08:29 private_key.pkcs7.pem 4 -rw-r--r-- 1 root root 1050 Nov 17 08:29 public_key.pkcs7.pem
docker run command returns only (which ultimately is doing a
Locally, i’m able to have this working locally (ie return not only
src but also the two keys, but somehow drone.ci dislikes it. Is there any workaround ?
Thank you for your time/help !