From e4df72cd446270cf867ec308995a05e21b3aa601 Mon Sep 17 00:00:00 2001 From: Elizabeth Hunt Date: Sun, 27 Jul 2025 00:06:30 -0700 Subject: Add search string to bw list. --- README.md | 2 +- worker/scripts/ansible_playbook.ts | 4 +++- worker/secret.ts | 25 ++++++++++++++++--------- 3 files changed, 20 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 8607d48..d3febc2 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # @emprespresso/ci (⑅˘꒳˘) -this is my ci server, built on top of [laminar](https://laminar.ohwg.net/docs.html), because while the jenkins logo looks hot and classy, i want something to hack on myself +this is my ci server, built on top of [laminar](https://laminar.ohwg.net/docs.html), because while the jenkins logo looks hot and classy, i want something to hack on myself. also! to scrap out pengueno :3 diff --git a/worker/scripts/ansible_playbook.ts b/worker/scripts/ansible_playbook.ts index 2048d44..f7315ab 100755 --- a/worker/scripts/ansible_playbook.ts +++ b/worker/scripts/ansible_playbook.ts @@ -72,7 +72,7 @@ await LogMetricTraceable.ofLogTraceable(_logJob) ) .map(async (tEitherJobAndSecrets) => { const eitherJobAndSecrets = await tEitherJobAndSecrets.get(); - return eitherJobAndSecrets.flatMapAsync(async ({ job, secretFiles }) => { + return eitherJobAndSecrets.flatMapAsync(async ({ job, secretFiles, vault, key }) => { const [src, sshKey, ansibleSecrets] = ( await Promise.all( [join(process.cwd(), job.arguments.path), secretFiles.ssh_key, secretFiles.ansible_secrets].map( @@ -80,6 +80,8 @@ await LogMetricTraceable.ofLogTraceable(_logJob) ), ) ).map((x) => x.right().get()); + (await vault.lock(tEitherJobAndSecrets, key)).right().get(); + const volumes = [ `${src}:/ansible`, `${sshKey}:/root/.ssh/id_ed25519`, diff --git a/worker/secret.ts b/worker/secret.ts index 071b539..34056c2 100644 --- a/worker/secret.ts +++ b/worker/secret.ts @@ -52,13 +52,14 @@ export class Bitwarden implements IVault { .move(this.config) .flatMap(TraceUtil.withMetricTrace(Bitwarden.loginMetric)) .map((tConfig) => - Either.fromFailable }>( - () => { - const sessionPath = path.join(this.config.sessionBaseDirectory, randomUUID()); - mkdirSync(sessionPath, { recursive: true }); - return { config: tConfig.get(), key: { BITWARDENCLI_APPDATA_DIR: sessionPath } }; - }, - ), + Either.fromFailable< + Error, + { config: BitwardenConfig; key: Pick } + >(() => { + const sessionPath = path.join(this.config.sessionBaseDirectory, randomUUID()); + mkdirSync(sessionPath, { recursive: true }); + return { config: tConfig.get(), key: { BITWARDENCLI_APPDATA_DIR: sessionPath } }; + }), ) .map((tEitherConfig) => tEitherConfig @@ -78,12 +79,18 @@ export class Bitwarden implements IVault { .get(); } - public fetchSecret(client: TClient, key: BitwardenKey, item: string): Promise> { + public fetchSecret( + client: TClient, + key: BitwardenKey, + item: string, + ): Promise> { return client .move(key) .flatMap(TraceUtil.withMetricTrace(Bitwarden.fetchSecretMetric)) .peek((tSession) => tSession.trace.trace(`looking for your secret ${item} (⑅˘꒳˘)`)) - .flatMap((tSession) => tSession.move('bw list items').map((listCmd) => getStdout(listCmd, { env: key }))) + .flatMap((tSession) => + tSession.move(`bw list items --search ${item}`).map((listCmd) => getStdout(listCmd, { env: key })), + ) .map( TraceUtil.promiseify((tEitherItemsJson) => tEitherItemsJson -- cgit v1.2.3-70-g09d2