func SecureYamlCmd(c *cli.Context, client drone.Client) error {
var (
repo = c.String("repo")
inFile = c.String("in")
outFile = c.String("out")
ymlFile = c.String("yaml")
checksum = c.BoolT("checksum")
)
owner, name, err := parseRepo(repo)
if err != nil {
return err
}
keypair, err := client.RepoKey(owner, name)
if err != nil {
return err
}
key, err := toPublicKey(keypair.Public)
if err != nil {
return err
}
// read the .drone.sec.yml file (plain text)
plaintext, err := readInput(inFile)
if err != nil {
return err
}
// parse the .drone.sec.yml file
sec := new(secure.Secure)
err = yaml.Unmarshal(plaintext, sec)
if err != nil {
return err
}
// read the .drone.yml file and caclulate the
// checksum. add to the .drone.sec.yml file.
yml, err := ioutil.ReadFile(ymlFile)
if err == nil && checksum {
sec.Checksum = sha256sum(string(yml))
}
// re-marshal the .drone.sec.yml file since we've
// added the checksum
plaintext, err = yaml.Marshal(sec)
if err != nil {
return err
}
// encrypt the .drone.sec.yml file
ciphertext, err := encrypt(plaintext, key)
if err != nil {
return err
}
// write the encrypted .drone.sec.yml file to .drone.sec
return writeOutput(outFile, ciphertext)
}
