Trigger downstream

Regarding topic of Trigger downstream, I got several options:

which one I should use?

Second queustion, why drone itself need drone token to trigger downstream?

there are two reasons.

  1. without a token, someone could send a malicious pull request that changes the .drone.yml and triggers builds, deployments, etc. This would be a security issue.
  2. drone does not know what an individual plugin is or does. It treats all plugins equally, and only concerns itself with starting the container and collecting the logs and exit code.
1 Like

Thanks, @bradrydzewski . Seems this is only in drone related with its own design.

Could drone team think to include trigger downstream job as its core services, which shouldn’t ask for any tokon.

And can you confirm my first question?

A new question. How to transfer the new generated environment variables to downstream job?

export a source file doesn’t work in this scenario, because new job will has its own workspace, and maybe run on different agent.

Please use

There are no plans to include this as a core feature in the 1.0 release at this time. The reason is that, for me, it is not clear how we decide when a repository has permission to trigger a downstream build for another repository. Any solution we implement in drone core would need to be rock solid with strong security guarantees, and at this time I do not have a solution for this problem.

The drone API supports passing build arguments to downstream builds, which are exposed to the pipeline as environment variables.

BuildStart(string, string, int, map[string]string) (*Build, error)

I do not think the downstream plugin provides the ability to set the parameters. So you would have to work with the plugin maintainers to add that capability. Alternatively, you can simply curl the drone endpoint in your pipeline script:

curl -X POST -H "Authorization: Bearer {token}"{owner}/{repo}/builds/{build}?ENV_VAR_1={value}&ENV_VAR_2={value}&...
1 Like

Thanks, I think the way to deal with Drone API is more suitable than plugins/downstream in our case. I can simply write a script to transfer the new variables.