Pass secrets to pre/post deploy hooks
This commit is contained in:
Donal McBreen
@@ -33,7 +33,7 @@ class Kamal::Cli::Main < Kamal::Cli::Base
|
||||
end
|
||||
|
||||
with_lock do
|
||||
run_hook "pre-deploy"
|
||||
run_hook "pre-deploy", secrets: true
|
||||
|
||||
say "Ensure Traefik is running...", :magenta
|
||||
invoke "kamal:cli:traefik:boot", [], invoke_options
|
||||
@@ -48,7 +48,7 @@ class Kamal::Cli::Main < Kamal::Cli::Base
|
||||
end
|
||||
end
|
||||
|
||||
run_hook "post-deploy", runtime: runtime.round
|
||||
run_hook "post-deploy", secrets: true, runtime: runtime.round
|
||||
end
|
||||
|
||||
desc "redeploy", "Deploy app to servers without bootstrapping servers, starting Traefik, pruning, and registry login"
|
||||
@@ -66,7 +66,7 @@ class Kamal::Cli::Main < Kamal::Cli::Base
|
||||
end
|
||||
|
||||
with_lock do
|
||||
run_hook "pre-deploy"
|
||||
run_hook "pre-deploy", secrets: true
|
||||
|
||||
say "Detect stale containers...", :magenta
|
||||
invoke "kamal:cli:app:stale_containers", [], invoke_options.merge(stop: true)
|
||||
@@ -75,7 +75,7 @@ class Kamal::Cli::Main < Kamal::Cli::Base
|
||||
end
|
||||
end
|
||||
|
||||
run_hook "post-deploy", runtime: runtime.round
|
||||
run_hook "post-deploy", secrets: true, runtime: runtime.round
|
||||
end
|
||||
|
||||
desc "rollback [VERSION]", "Rollback app to VERSION"
|
||||
@@ -89,7 +89,7 @@ class Kamal::Cli::Main < Kamal::Cli::Base
|
||||
old_version = nil
|
||||
|
||||
if container_available?(version)
|
||||
run_hook "pre-deploy"
|
||||
run_hook "pre-deploy", secrets: true
|
||||
|
||||
invoke "kamal:cli:app:boot", [], invoke_options.merge(version: version)
|
||||
rolled_back = true
|
||||
@@ -99,7 +99,7 @@ class Kamal::Cli::Main < Kamal::Cli::Base
|
||||
end
|
||||
end
|
||||
|
||||
run_hook "post-deploy", runtime: runtime.round if rolled_back
|
||||
run_hook "post-deploy", secrets: true, runtime: runtime.round if rolled_back
|
||||
end
|
||||
|
||||
desc "details", "Show details about all containers"
|
||||
|
||||
@@ -1,6 +1,9 @@
|
||||
class Kamal::Commands::Hook < Kamal::Commands::Base
|
||||
def run(hook, **details)
|
||||
[ hook_file(hook), env: tags(**details).env ]
|
||||
def run(hook, secrets: false, **details)
|
||||
env = tags(**details).env
|
||||
env.merge!(config.secrets.to_h) if secrets
|
||||
|
||||
[ hook_file(hook), env: env ]
|
||||
end
|
||||
|
||||
def hook_exists?(hook)
|
||||
|
||||
@@ -6,8 +6,7 @@ class Kamal::Secrets
|
||||
end
|
||||
|
||||
def [](key)
|
||||
@secrets ||= parse_secrets
|
||||
@secrets.fetch(key)
|
||||
secrets.fetch(key)
|
||||
rescue KeyError
|
||||
if secrets_file
|
||||
raise Kamal::ConfigurationError, "Secret '#{key}' not found in #{secrets_file}"
|
||||
@@ -16,7 +15,15 @@ class Kamal::Secrets
|
||||
end
|
||||
end
|
||||
|
||||
def to_h
|
||||
secrets
|
||||
end
|
||||
|
||||
private
|
||||
def secrets
|
||||
@secrets ||= parse_secrets
|
||||
end
|
||||
|
||||
def parse_secrets
|
||||
if secrets_file
|
||||
interrupting_parent_on_error { Dotenv.parse(secrets_file) }
|
||||
|
||||
Reference in New Issue
Block a user