diff options
| author | Elizabeth Hunt <me@liz.coffee> | 2025-07-27 00:06:30 -0700 |
|---|---|---|
| committer | Elizabeth Hunt <me@liz.coffee> | 2025-07-27 01:05:17 -0700 |
| commit | e4df72cd446270cf867ec308995a05e21b3aa601 (patch) | |
| tree | a24ff3b452811b14c656ccfeca43f8e9da61cb07 | |
| parent | df76fa3c266f7f9b22d2bfaf98ad5accebcabd35 (diff) | |
| download | ci-e4df72cd446270cf867ec308995a05e21b3aa601.tar.gz ci-e4df72cd446270cf867ec308995a05e21b3aa601.zip | |
Add search string to bw list.
| -rw-r--r-- | README.md | 2 | ||||
| -rwxr-xr-x | worker/scripts/ansible_playbook.ts | 4 | ||||
| -rw-r--r-- | worker/secret.ts | 25 |
3 files changed, 20 insertions, 11 deletions
@@ -1,6 +1,6 @@ # @emprespresso/ci (⑅˘꒳˘) -this is my ci server, built on top of [laminar](https://laminar.ohwg.net/docs.html), because while the jenkins logo looks hot and classy, i want something to hack on myself +this is my ci server, built on top of [laminar](https://laminar.ohwg.net/docs.html), because while the jenkins logo looks hot and classy, i want something to hack on myself. also! to scrap out pengueno :3 diff --git a/worker/scripts/ansible_playbook.ts b/worker/scripts/ansible_playbook.ts index 2048d44..f7315ab 100755 --- a/worker/scripts/ansible_playbook.ts +++ b/worker/scripts/ansible_playbook.ts @@ -72,7 +72,7 @@ await LogMetricTraceable.ofLogTraceable(_logJob) ) .map(async (tEitherJobAndSecrets) => { const eitherJobAndSecrets = await tEitherJobAndSecrets.get(); - return eitherJobAndSecrets.flatMapAsync(async ({ job, secretFiles }) => { + return eitherJobAndSecrets.flatMapAsync(async ({ job, secretFiles, vault, key }) => { const [src, sshKey, ansibleSecrets] = ( await Promise.all( [join(process.cwd(), job.arguments.path), secretFiles.ssh_key, secretFiles.ansible_secrets].map( @@ -80,6 +80,8 @@ await LogMetricTraceable.ofLogTraceable(_logJob) ), ) ).map((x) => x.right().get()); + (await vault.lock(tEitherJobAndSecrets, key)).right().get(); + const volumes = [ `${src}:/ansible`, `${sshKey}:/root/.ssh/id_ed25519`, diff --git a/worker/secret.ts b/worker/secret.ts index 071b539..34056c2 100644 --- a/worker/secret.ts +++ b/worker/secret.ts @@ -52,13 +52,14 @@ export class Bitwarden implements IVault<TClient, BitwardenKey, TItemId> { .move(this.config) .flatMap(TraceUtil.withMetricTrace(Bitwarden.loginMetric)) .map((tConfig) => - Either.fromFailable<Error, { config: BitwardenConfig; key: Pick<BitwardenKey, 'BITWARDENCLI_APPDATA_DIR'> }>( - () => { - const sessionPath = path.join(this.config.sessionBaseDirectory, randomUUID()); - mkdirSync(sessionPath, { recursive: true }); - return { config: tConfig.get(), key: { BITWARDENCLI_APPDATA_DIR: sessionPath } }; - }, - ), + Either.fromFailable< + Error, + { config: BitwardenConfig; key: Pick<BitwardenKey, 'BITWARDENCLI_APPDATA_DIR'> } + >(() => { + const sessionPath = path.join(this.config.sessionBaseDirectory, randomUUID()); + mkdirSync(sessionPath, { recursive: true }); + return { config: tConfig.get(), key: { BITWARDENCLI_APPDATA_DIR: sessionPath } }; + }), ) .map((tEitherConfig) => tEitherConfig @@ -78,12 +79,18 @@ export class Bitwarden implements IVault<TClient, BitwardenKey, TItemId> { .get(); } - public fetchSecret<T extends SecretItem>(client: TClient, key: BitwardenKey, item: string): Promise<IEither<Error, T>> { + public fetchSecret<T extends SecretItem>( + client: TClient, + key: BitwardenKey, + item: string, + ): Promise<IEither<Error, T>> { return client .move(key) .flatMap(TraceUtil.withMetricTrace(Bitwarden.fetchSecretMetric)) .peek((tSession) => tSession.trace.trace(`looking for your secret ${item} (⑅˘꒳˘)`)) - .flatMap((tSession) => tSession.move('bw list items').map((listCmd) => getStdout(listCmd, { env: key }))) + .flatMap((tSession) => + tSession.move(`bw list items --search ${item}`).map((listCmd) => getStdout(listCmd, { env: key })), + ) .map( TraceUtil.promiseify((tEitherItemsJson) => tEitherItemsJson |