third/plugin-drone-ksm
1
0
Fork 0
mirror of https://github.com/Keeper-Security/harness-integration.git synced 2026-06-04 18:23:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

unit testing

Browse Source
This commit is contained in:
Hitesh Borase
2026-01-15 17:55:52 +05:30
parent 65858f46b4
commit 1462420c40
7 changed files with 961 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files
entrypoint.sh
-23
View File
@@ -9,12 +9,7 @@ SECRETS_FILE=$(mktemp)
node /app/src/index.js > "$SECRETS_FILE"
# 3. Securely process the secrets
# Parse lines in format: ENV:VAR_NAME='value', OUT:VAR_NAME='value', or VAR_NAME='value'
#
# SECURITY NOTE: All secrets are written to /harness/outputs/ and /harness/secrets/
# These directories are mounted volumes scoped ONLY to the current pipeline execution.
# Harness CI automatically cleans up these volumes after pipeline completion.
# Secrets are NOT accessible outside the pipeline execution context.
mkdir -p /harness/outputs /harness/secrets
while IFS= read -r line; do
@@ -53,9 +48,6 @@ while IFS= read -r line; do
export "$name=$value"
# Write to Harness CI Plugin Output (for output variables)
# These are scoped to the pipeline execution and accessible via:
# <+step.output.outputVariables.VAR_NAME> in subsequent steps
# Format: KEY=VALUE (one per line)
printf "%s=%s\n" "$name" "$value" >> /harness/outputs/outputs.txt
# For environment variables, also write to env_vars.txt for Harness to pick up
@@ -65,28 +57,13 @@ while IFS= read -r line; do
fi
# Write to file for direct access (bypasses Harness truncation)
# SECURITY: Files in /harness/secrets/ are scoped to pipeline execution only
# Harness CI automatically cleans up these files after pipeline completion
echo -n "$value" > "/harness/secrets/${name}"
chmod 600 "/harness/secrets/${name}" # Restrict permissions to owner only
# Debug: Log (removed to reduce log noise)
# value_length=${#value}
# if [ "$type" = "env" ]; then
# echo "INFO: Set environment variable: $name (length: $value_length)"
# else
# echo "INFO: Set output variable: $name (length: $value_length)"
# fi
# echo "INFO: Secret also written to /harness/secrets/${name} for direct file access"
done < "$SECRETS_FILE"
# 4. Secure Clean up
# Remove the temporary file to ensure no sensitive data remains on disk
# Note: /harness/outputs/ and /harness/secrets/ are cleaned up by Harness CI
# after pipeline execution completes - they are scoped to the pipeline only
rm -f "$SECRETS_FILE"
# 5. Hand over control to the Docker command (if any)
# This allows the container to be used as a wrapper for other commands
exec "$@"