Cannot define downstream pipelines with multiple different plugins
Opened this issue · 0 comments
Hello folks,
Thank you for this great plugin. We have a use case where we are using this plugin to trigger downstream pipelines, however, we also need one or some of the downstream pipelines to use another plugin, for example to retrieve secrets from AWS secrets manager.
At first, we worked around it by having the aws plugin listed before the monorepo-diff plugin, store the secret in an environment variable that can then be passed to monorepo-diff
, which in turn would use it in downstream pipelines. The following works, however, it exposes the retrieved secrets into buildkite runner's environment
tab in the pipeline job since monorepo-diff
is creating the job with an environment variable.
plugins:
- seek-oss/aws-sm#v2.3.1:
env:
SECRET_ENV_VAR:
secret-id: "secret/id"
json-key: ".json_key"
- monebag/monorepo-diff#v2.5.8:
diff: "./scripts/ci/changed_files.sh"
env:
- SECRET_ENV_VAR
watch:
- path:
- "foo/**"
config:
label: "Docker images"
key: "docker-images"
...
Therefore we need a feature that can allow for being able to specify plugins per each of the downstream jobs, something like this:
plugins:
- monebag/monorepo-diff#v2.5.8:
diff: "./scripts/ci/changed_files.sh"
watch:
- path:
- "foo/**"
config:
label: "Docker images"
key: "docker-images"
...
plugins:
- seek-oss/aws-sm#v2.3.1:
env:
SECRET_ENV_VAR:
secret-id: "secret/id"
json-key: ".json_key"
I tested a quick fix and this does seem to do the trick and keep the secrets from being exposed. I'm happy to provide the contributing PR to add this