diff --git a/WORKSPACE b/WORKSPACE index 13977f6..1622177 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -1,3 +1,15 @@ +load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") +http_archive( + name = "bazel_skylib", + urls = [ + "https://mirror.bazel.build/github.com/bazelbuild/bazel-skylib/releases/download/1.0.2/bazel-skylib-1.0.2.tar.gz", + "https://github.com/bazelbuild/bazel-skylib/releases/download/1.0.2/bazel-skylib-1.0.2.tar.gz", + ], + sha256 = "97e70364e9249702246c0e9444bccdc4b847bed1eb03c5a3ece4f83dfe6abc44", +) +load("@bazel_skylib//:workspace.bzl", "bazel_skylib_workspace") +bazel_skylib_workspace() + load("//lib:secrets.bzl","environment_secrets") #### @@ -8,5 +20,6 @@ environment_secrets( entries = { "MAVEN_USER": "", "MAVEN_PASS": "", + "DEFAULT": "some_default_value", }, -) \ No newline at end of file +) diff --git a/examples/BUILD.bazel b/examples/BUILD.bazel index 044c0ea..f501831 100644 --- a/examples/BUILD.bazel +++ b/examples/BUILD.bazel @@ -9,3 +9,9 @@ genrule( #cmd = "echo OK > \"$@\"", cmd = "echo 'MAVEN_USER={0} MAVEN_PASS={1}'> \"$@\"".format(MAVEN_USER,MAVEN_PASS), ) + +py_test( + name = "secret_file_test", + srcs = ["secret_file_test.py"], + data = ["@env//:secrets"], +) diff --git a/examples/secret_file_test.py b/examples/secret_file_test.py new file mode 100755 index 0000000..3d183bd --- /dev/null +++ b/examples/secret_file_test.py @@ -0,0 +1,27 @@ +import json + + +def get_bzl_secrets(): + with open("../env/secrets.bzl") as file: + return { + # Remove the leading `"` and trailing `"\n`. + key: value[1:-2] + for (key, value) in ( + line.split("=", 1) + for line in file + if not line.startswith("#") + ) + } + + +def get_json_secrets(): + with open("../env/secrets.json") as file: + return json.load(file) + + +if __name__ == "__main__": + bzl_secrets = get_bzl_secrets() + json_secrets = get_json_secrets() + + assert set(bzl_secrets.keys()) == {"DEFAULT", "MAVEN_USER", "MAVEN_PASS"} + assert json_secrets == bzl_secrets diff --git a/lib/BUILD.bazel b/lib/BUILD.bazel index 4691603..e938031 100644 --- a/lib/BUILD.bazel +++ b/lib/BUILD.bazel @@ -1,9 +1,6 @@ -load("@bazel_skylib//:skylark_library.bzl", "skylark_library") +load("@bazel_skylib//:bzl_library.bzl", "bzl_library") -skylark_library( +bzl_library( name = "secrets", srcs = ["secrets.bzl"], - deps = [ - "//skylib:label", - ], ) diff --git a/lib/secrets.bzl b/lib/secrets.bzl index a503cd5..1771a6d 100644 --- a/lib/secrets.bzl +++ b/lib/secrets.bzl @@ -1,7 +1,7 @@ BUILD_BZL_CONTENTS=''' filegroup( name="secrets", - srcs=["secrets.bzl"], + srcs=["secrets.bzl", "secrets.json"], visibility=["//visibility:public"] ) ''' @@ -15,6 +15,7 @@ def _environment_secrets_impl(repository_ctx): lines = ["# Generated - do not modify"] missing = [] + secrets = {} for key, defaultValue in entries.items(): value = env.get(key, UNSET_VALUE) @@ -27,15 +28,17 @@ def _environment_secrets_impl(repository_ctx): value = value.replace("\\","\\\\") value = value.replace("\"","\\\"") - line = "{0}=\"{1}\"".format(key, value) + secrets[key] = value + line = '{0}="{1}"'.format(key, value) lines.append(line) if len(missing) > 0 : fail("Required Secret environment variables were empty: "+ (",".join(missing)) ) - secrets_file = "\n".join(lines) + secrets_file = "\n".join(lines) + "\n" repository_ctx.file("secrets.bzl", secrets_file) + repository_ctx.file("secrets.json", struct(**secrets).to_json()) repository_ctx.file("BUILD.bazel", BUILD_BZL_CONTENTS) @@ -79,4 +82,4 @@ def environment_secrets(name, entries): }, environ = entries.keys(), ) - the_new_rule(name = name) \ No newline at end of file + the_new_rule(name = name)