drone-validation

command module

v0.2.0 Latest Latest Go to latest Published: Nov 2, 2023 License: BlueOak-1.0.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kanopy-platform/drone-validation

Links

Open Source Insights

README ¶

Validation extension for Drone

Requires Drone server version 1.4 or higher.

This is a simple validation extension that performs pipeline type validations.

When a user prepared a Drone configuration file using a pipeline that was not supported by our platform, the build used to hang and users did not receive any error or feedback. Whith this validation extension enabled, the same build would instantly fail and an error message returned to the UI informing the reason why the build has failed.

Implementation details

The validation process relies on an OPA policy written in rego and is integrated via OPA Go API.

Although the main purpose of this extension's policy is to validate supported pipeline types, it can be easily modified to check different attributes of the Drone configuration, including secrets.

This application runs a simple rego query that requires the policy to return a boolean value on the path data.drone.validation.deny and an error message on data.drone.validation.out.

The default policy is based on the following workflow:


                 ┌───────────────────┐         ┌──────────────────────┐        ┌───────────────────┐
 Config document │                   │  Yes    │                      │  No    │                   │
      ──────────►│ Is it a pipeline? ├────────►│ Is the type allowed? ├───────►│ Return: deny=true │
                 │                   │         │                      │        │                   │
                 └─────────┬─────────┘         └───────────┬──────────┘        └───────────────────┘
                           │                               │
                           │ No                            │ Yes
                           │                               │
                           ▼                               ▼
                ┌────────────────────┐          ┌────────────────────┐
                │                    │          │                    │
                │ Return: deny=false │          │ Return: deny=false │
                │                    │          │                    │
                └────────────────────┘          └────────────────────┘

Usage

This is for demonstration purposes only and will need to be adapted for real world deployments.

See Drone docs for more info.

docker build -t drone-validation .

SHARED_SECRET=$(openssl rand -hex 16)

docker run \
  --publish=3000:3000 \
  --env=DRONE_DEBUG=true \
  --env=DRONE_VALIDATE_PLUGIN_SECRET=$SHARED_SECRET \
  drone-validation

Update your `drone-server`` environment variables to include the plugin endpoint and shared secret.

DRONE_VALIDATE_PLUGIN_ENDPOINT=http://<service-name>:3000
DRONE_VALIDATE_PLUGIN_SECRET=<your_shared_secret>

Auditing

Drone doesn't offer audit logging at the moment, so we can use this validation extension to generate log entries for both build and promotion job executions.

Log messages are opinionated and don't contain the full list of build attributes by default.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
pkg
plugin

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL