From 896b883dd78d616f06be310fea5707d376361d87 Mon Sep 17 00:00:00 2001 From: Giles Gaskell Date: Thu, 17 Oct 2024 14:16:22 +1100 Subject: [PATCH 1/4] Add more info regarding 'environment propagation' for JWKS files. --- clicommand/agent_start.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clicommand/agent_start.go b/clicommand/agent_start.go index 6ff12c1e7e..84c017b340 100644 --- a/clicommand/agent_start.go +++ b/clicommand/agent_start.go @@ -658,7 +658,7 @@ var AgentStartCommand = cli.Command{ }, cli.StringFlag{ Name: "signing-jwks-file", - Usage: "Path to a file containing a signing key. Passing this flag enables pipeline signing for all pipelines uploaded by this agent. For hmac-sha256, the raw file content is used as the shared key", + Usage: "Path to a file containing a signing key. Passing this flag enables pipeline signing for all pipelines uploaded by this agent. For hmac-sha256, the raw file content is used as the shared key. If using Docker containers to upload pipeline steps dynamically, turn on environment propagation to allow signing for the new steps generated.", EnvVar: "BUILDKITE_AGENT_SIGNING_JWKS_FILE", }, cli.StringFlag{ From bc49bec259e2e822091d104d65d925cd5220050f Mon Sep 17 00:00:00 2001 From: Giles Gaskell Date: Thu, 17 Oct 2024 16:36:29 +1100 Subject: [PATCH 2/4] Reformat redactor CLI description for Buildkite Docs. --- clicommand/redactor_add.go | 23 ++++++++++++++++++++--- clicommand/secret_get.go | 2 +- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/clicommand/redactor_add.go b/clicommand/redactor_add.go index 750315f407..b9034bfc85 100644 --- a/clicommand/redactor_add.go +++ b/clicommand/redactor_add.go @@ -52,9 +52,26 @@ type RedactorAddConfig struct { } var RedactorAddCommand = cli.Command{ - Name: "add", - Usage: "Add values to redact from a job's log output", - Description: "This may be used to parse a file for values to redact from a running job's log output. If you dynamically fetch secrets during a job, it is recommended that you use this command to ensure they will be redacted from subsequent logs. Secrets fetched with the builtin ′secret get′ command do not require the use of this command, they will be redacted automatically.", + Name: "add", + Usage: "Add values to redact from a job's log output", + Description: `Usage: + + buildkite-agent redactor add [options...] + + Description: + + This command may be used to parse a file for values to redact from a + running job's log output. If you dynamically fetch secrets during a job, + it is recommended that you use this command to ensure they will be + redacted from subsequent logs. Secrets fetched with the builtin + ′secret get′ command do not require the use of this command, they will + be redacted automatically. + + Example: + + $ buildkite-agent redactor add ... + + Redacts something.`, Flags: []cli.Flag{ cli.StringFlag{ Name: "format", diff --git a/clicommand/secret_get.go b/clicommand/secret_get.go index 1e53d725a1..16b8fa6060 100644 --- a/clicommand/secret_get.go +++ b/clicommand/secret_get.go @@ -47,7 +47,7 @@ Examples: The following examples reference the same Buildkite secret ′key′: $ buildkite-agent secret get deploy_key - $ buildkite-agent secret get DEPLOY_KEY`, + $ buildkite-agent secret get DEPLOY_KEY`, Flags: []cli.Flag{ cli.StringFlag{ Name: "job", From 3d38eba1f98407c22f1d776145f67efe2e9da05b Mon Sep 17 00:00:00 2001 From: Giles Gaskell Date: Fri, 18 Oct 2024 15:04:02 +1100 Subject: [PATCH 3/4] Clarify wording for environment variable propagation using Docker containers. --- clicommand/agent_start.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clicommand/agent_start.go b/clicommand/agent_start.go index 84c017b340..e2d27a56a0 100644 --- a/clicommand/agent_start.go +++ b/clicommand/agent_start.go @@ -658,7 +658,7 @@ var AgentStartCommand = cli.Command{ }, cli.StringFlag{ Name: "signing-jwks-file", - Usage: "Path to a file containing a signing key. Passing this flag enables pipeline signing for all pipelines uploaded by this agent. For hmac-sha256, the raw file content is used as the shared key. If using Docker containers to upload pipeline steps dynamically, turn on environment propagation to allow signing for the new steps generated.", + Usage: `Path to a file containing a signing key. Passing this flag enables pipeline signing for all pipelines uploaded by this agent. For hmac-sha256, the raw file content is used as the shared key. When using Docker containers to upload pipeline steps dynamically, use environment variable propagation (for example, "docker run -e MYVAR") to allow all steps within the pipeline to be signed.`, EnvVar: "BUILDKITE_AGENT_SIGNING_JWKS_FILE", }, cli.StringFlag{ From 144518b3b6454627681af20a86986f204f8fbade Mon Sep 17 00:00:00 2001 From: Giles Gaskell Date: Fri, 18 Oct 2024 15:07:41 +1100 Subject: [PATCH 4/4] Fix spacing on redactor add CLI command description text. --- clicommand/redactor_add.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/clicommand/redactor_add.go b/clicommand/redactor_add.go index b9034bfc85..3dc1c1f6fa 100644 --- a/clicommand/redactor_add.go +++ b/clicommand/redactor_add.go @@ -58,20 +58,20 @@ var RedactorAddCommand = cli.Command{ buildkite-agent redactor add [options...] - Description: +Description: - This command may be used to parse a file for values to redact from a - running job's log output. If you dynamically fetch secrets during a job, - it is recommended that you use this command to ensure they will be - redacted from subsequent logs. Secrets fetched with the builtin - ′secret get′ command do not require the use of this command, they will - be redacted automatically. +This command may be used to parse a file for values to redact from a +running job's log output. If you dynamically fetch secrets during a job, +it is recommended that you use this command to ensure they will be +redacted from subsequent logs. Secrets fetched with the builtin +′secret get′ command do not require the use of this command, they will +be redacted automatically. - Example: +Example: $ buildkite-agent redactor add ... - Redacts something.`, +Redacts something.`, Flags: []cli.Flag{ cli.StringFlag{ Name: "format",