Populating secrets in CLI and Docker execution

[kminehart]

Example scenario:

package main

func() {
    sw := shipwright.New("example")
    defer sw.Done()

    sw.Run(
        pipeline.NoOpStep.WithName("example step").WithArgs(pipeline.NewSecretArgument("example-secret")
    )
}

In this scenario, you have a single step with a SecretArgument called example-secret.

Locally (CLI & Docker mode)

Locally this secret will not exist on the user's machine. It must be provided in some way.

The user should have a couple of options for providing this secret.

The precedence of how the value is populated should be in this order:

1. Command-line arguments. This can be provided in the command execution in a CI service. This will allow the command to avoid making stdin requests in a remote environment. This can be provided via the existing -arg flag, like -arg-{key}={value}.
2. A config file. .shipwright.conf provides values to local executions if the flag was not provided.
3. If all else fails, then the value can be prompted for. If the -no-stdin flag is provided, then the pipeline will fail with an error instead of prompting for a value.

Drone

In Drone, it is expected that a secret called 'example-secret' will be created in the pipeline, referring to the Drone secret added via the UI or CLI with the same name.

While these secrets will be available in the state with the same name, available via (pipeline.State).Get(key), where key refers to the same name as the argument, they are added to the container's environment variable via secret-{key} because this is the only way Drone can handle secrets.