Toolkit: fixes for security and publishing (#23749)

* Fixes and security patches: 1. Always keep the source directory, just don't package the source 2. Do not publish the SSH key for common plugin tasks. Changed to environment variable * env variable renamed. * Re-added the src remove * touch config.yml for rebuild

Toolkit: fixes for security and publishing (#23749)
* Fixes and security patches: 1. Always keep the source directory, just don't package the source 2. Do not publish the SSH key for common plugin tasks. Changed to environment variable * env variable renamed. * Re-added the src remove * touch config.yml for rebuild
e35f27ea · Stephanie Closson · GitHub · 170a0df1 · e35f27ea · e35f27ea
Commit e35f27ea authored Apr 23, 2020 by Stephanie Closson Committed by GitHub Apr 23, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 5 deletions

packages/grafana-toolkit/config/circleci/config.yml
+11 -5

packages/grafana-toolkit/src/cli/tasks/plugin.utils.ts
+1 -0

No files found.
--- a/packages/grafana-toolkit/config/circleci/config.yml
+++ b/packages/grafana-toolkit/config/circleci/config.yml
@@ -3,7 +3,7 @@ version: 2.1
 parameters:
  ssh-fingerprint:
    type: string
-    default: "dc:60:ab:c7:2d:8c:82:50:2a:2a:97:1a:c0:66:83:14"
+    default: ${GITHUB_SSH_FINGERPRINT}

 aliases:
  # Workflow filters
@@ -177,6 +177,10 @@ jobs:
  provisioning:
    executor: default_exec
    steps:
+    - run:
+      name: Continue if this plugin has a provisioning path
+      command: |
+        [ -z "${PROVISIONING_REPO_PATH}" ] && circleci-agent step halt
    - checkout
    - add_ssh_keys:
        fingerprints:
@@ -189,8 +193,8 @@ jobs:
        command: |
          mkdir ci # Avoid error if not exists
          mkdir ci/jobs # Avoid error if not exists
-          mkdir ci/jobs/provisioning
-          mv plugin-provisioning/plugins/google-sheets/provisioning/* ci/jobs/provisioning
+          mkdir ci/jobs/provisioning  
+          mv plugin-provisioning/${PROVISIONING_REPO_PATH}/* ci/jobs/provisioning
    - persist_to_workspace:
        root: .
        paths:
@@ -199,6 +203,10 @@ jobs:
  e2e_canary:
    executor: e2e_exec
    steps:
+    - run:
+      name: Continue if this plugin has a provisioning path
+      command: |
+        [ -z "${PROVISIONING_REPO_PATH}" ] && circleci-agent step halt
    - checkout
    - attach_workspace:
        at: .
@@ -222,7 +230,6 @@ jobs:
          ## To make sure grafana has started up
          while ! $(netstat -tulpn | grep 3000 >/dev/null 2>&1); do sleep 1; done 
          /opt/grafana/bin/grafana-cli --version
-
    - run:
        name: Copy provisioning files
        command: cp -r ci/jobs/provisioning provisioning/
@@ -286,4 +293,3 @@ jobs:
          name: "Publish Release on GitHub"
          command: |
            ./node_modules/.bin/grafana-toolkit plugin:github-publish
-
--- a/packages/grafana-toolkit/src/cli/tasks/plugin.utils.ts
+++ b/packages/grafana-toolkit/src/cli/tasks/plugin.utils.ts
@@ -102,6 +102,7 @@ const prepareRelease = useSpinner<any>('Preparing release', async ({ dryrun, ver
          line[1].push('--dry-run');
        }

+        // Exit if the plugin is NOT an enterprise plugin
        if (pluginJson.enterprise && !opts['enterprise']) {
          continue;
        }