LukasHirt
April 2, 2021, 4:30pm
1
Hi, I’ve created two secrets for a repository. One is available also for PRs, one not. I am not however able to use those secrets in my builds… I tried to check if they exists via command env. That didn’t output them. Checking in the database they actually exists:
sqlite> SELECT * FROM secrets;
1|1|netlify_site_id|**redacted**|1|0
3|1|netlify_token|**redacted**|0|0
sqlite>
This is my docker-compose file to showcase my instance:
version: '3.7'
services:
drone-server:
container_name: drone_server
image: drone/drone:1
ports:
- 80:80
- 443:443
networks:
- drone
volumes:
- /var/lib/drone:/data
- /var/run/docker.sock:/var/run/docker.sock
restart: always
environment:
- DRONE_GITHUB_CLIENT_ID=**redacted**
- DRONE_GITHUB_CLIENT_SECRET=**redacted**
- DRONE_RPC_SECRET=**redacted**
- DRONE_SERVER_HOST=drone.hirt.cz
- DRONE_SERVER_PROTO=https
- DRONE_AGENTS_DISABLED=true
- DRONE_LOGS_DEBUG=true
- DRONE_LOGS_TRACE=true
- DRONE_LOGS_PRETTY=true
- DRONE_LOGS_COLOR=true
- DEBUG=true
drone-agent:
container_name: drone_runner_docker
image: drone/drone-runner-docker:1
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: always
depends_on:
- drone-server
networks:
- drone
ports:
- 3000:3000
environment:
- DRONE_RPC_PROTO=https
- DRONE_RPC_HOST=drone.hirt.cz
- DRONE_RPC_SECRET=**redacted**
- DRONE_RUNNER_CAPACITY=1
- DRONE_RUNNER_NAME=${HOSTNAME}
- DRONE_LOGS_TRACE=true
- DRONE_LOGS_PRETTY=true
- DRONE_LOGS_COLOR=true
- DEBUG=true
networks:
drone:
name: drone_network
Any pointers on how to debug this?
LukasHirt
April 3, 2021, 5:35pm
3
This thread provides some tips to help debug
I have looked into that already but that hasn’t helped me solve the issue. I tried in the meantime to use postgres instead of sqlite to see if that maybe would make any difference but unsuccessfully. I am not sure where to look next. I tried logging those tokens both via - env command and via - echo ${{netlify_token}} but neither outputs that secret. But still even with postgres I can see that secret in the database and it is enabled on PRs. In the logs I haven’t found anything helpful - all info is about starting and finishing pipelines.
happy to advise further, however, per the thread we required additional details
If you have tried all of the above and are sill experiencing issues, please create a discourse thread that includes all of the requested information:
Version of Drone. If using drone exec please make this clear.
Full result of drone repo info <repository> (Do not redact the repository name)
Full result of drone build info <repository> <build>
Full result of drone secret info <repository> <secret> for each secret
Full yaml configuration file
Full logs for the failed pipeline step, copied from the user interface
Runner configuration.
LukasHirt
April 4, 2021, 5:12pm
5
Yes, sorry for not providing it already.
1.10.1
Owner: LukasHirt
Repo: dragonflip-web
Config: .drone.yml
Visibility: private
Private: true
Trusted: false
Protected: false
Remote: https://github.com/LukasHirt/dragonflip-web.git
Number: 4
Status: success
Event: pull_request
Commit: bec94ea16a27a3c0bb5b2524ef63dc538eb07e55
Branch: master
Ref: refs/pull/8/head
Author: LukasHirt
Message: Cd
netlify_token
Pull Request Read: true
Pull Request Write: false
---
kind: pipeline
type: docker
name: Test
steps:
- name: env
image: docker
secrets: [ netlify_site_id ]
commands:
- env
- echo $${netlify_token}
- echo $${NETLIFY_TOKEN}
- name: Install NPM dependencies
image: node:current-alpine3.13
commands:
- yarn install --frozen-lockfile
- name: Lint
image: node:current-alpine3.13
commands:
- yarn lint
trigger:
ref:
- refs/pull/**
---yml
kind: pipeline
type: docker
name: Deploy
- name: Staging
image: lucap/drone-netlify
environment:
TOKEN:
from_secret: netlify_token
SITE_ID:
from_secret: netlify_site_id
trigger:
ref:
- refs/heads/master
STAGE_DEPENDS_ON=
DRONE_COMMIT_AFTER=bec94ea16a27a3c0bb5b2524ef63dc538eb07e55
DRONE_STAGE_VARIANT=
CI_REPO_LINK=https://github.com/LukasHirt/dragonflip-web
CI_COMMIT_AUTHOR=LukasHirt
DRONE_STAGE_STARTED=1617470727
DRONE_STAGE_NUMBER=1
DRONE_COMMIT=bec94ea16a27a3c0bb5b2524ef63dc538eb07e55
CI_REPO_REMOTE=https://github.com/LukasHirt/dragonflip-web.git
CI_COMMIT_BRANCH=master
DRONE_PULL_REQUEST=8
CI_REPO_PRIVATE=true
DRONE_RUNNER_HOST=efa972cb52fb
DOCKER_VERSION=20.10.5
DRONE_BUILD_EVENT=pull_request
DRONE_JOB_STARTED=1617470727
DRONE_WORKSPACE_PATH=
DOCKER_TLS_CERTDIR=/certs
DRONE_BUILD_CREATED=1617470726
DRONE_COMMIT_SHA=bec94ea16a27a3c0bb5b2524ef63dc538eb07e55
DRONE_COMMIT_AUTHOR_EMAIL=
DRONE_REPO_NAME=dragonflip-web
DRONE_STAGE_MACHINE=efa972cb52fb
DRONE_COMMIT_REF=refs/pull/8/head
CI_BUILD_STATUS=success
CI_WORKSPACE_BASE=/drone/src
DRONE_MACHINE=efa972cb52fb
PWD=/drone/src
DRONE_BUILD_FINISHED=1617470730
DRONE_COMMIT_LINK=https://github.com/LukasHirt/dragonflip-web/pull/8
DOCKER_NETWORK_ID=jsza515nvqfih0ghjx4wh3vt26139bc2
CI_COMMIT_MESSAGE=Cd
DRONE_STEP_NAME=env
DRONE_REPO=LukasHirt/dragonflip-web
DRONE_COMMIT_AUTHOR_NAME=
DRONE_SYSTEM_VERSION=1.10.1
DRONE_DOCKER_NETWORK_ID=jsza515nvqfih0ghjx4wh3vt26139bc2
CI_JOB_STATUS=success
CI_REMOTE_URL=https://github.com/LukasHirt/dragonflip-web.git
DRONE_STAGE_FINISHED=1617470730
+ echo ${netlify_token}
+ echo ${NETLIFY_TOKEN}
Not sure what to pass here TBH. Is the docker-compose from the original question enough or need something more?
It looks like a problem with the yaml syntax. You need to use the from_secret
kind: pipeline
type: docker
name: Test
steps:
- name: env
image: docker
environment:
NETLIFY_TOKEN:
from_secret: netlify_token
commands:
- env
LukasHirt
April 5, 2021, 11:12am
7
Ah, didn’t know that I need to pass them there first
Thank a lot for looking into this! It’s working now.