Comments (5)
tboerger
commented on July 3, 2024
If reading env variables gets enabled it's a potential security issue as even the slack webhook gets injected as environment variable.
from drone-slack.
fsouza
commented on July 3, 2024
@tboerger yeah I realized that after playing with a wrapper for a little bit. Perhaps if drone could provide a list of parameters that were passed to the deployment, then the plugin could have that in the context when rendering the template.
from drone-slack.
Morriz
commented on July 3, 2024
/reopen
from drone-slack.
Morriz
commented on July 3, 2024
Can this be reopened? We have multiple drone installations listening to the same repo, and doing CD. We need to report back which instance was successful. This can only be done by parameterizing. Please allow us to use env vars. We are using drone in a controlled environment and no outside meddling with env can happen.
from drone-slack.
tboerger
commented on July 3, 2024
That is just for you the case. I would prefer to integrate the new plugin lib for this plugin, than you would get the system env variables into the template without allowing any env variable as a security issue.
from drone-slack.
Related Issues (20)
- Create a tag and push into my repository. Trigger slack notification, but got 'panic: runtime error: slice bounds out of range' HOT 7
- allow message color override in settings HOT 1
- Commit message with quote ' converted to ' HOT 2
- Helper function datetime does not match documentation HOT 4
- Drone <-> Slack integration errors after latest version released HOT 6
- Newlines not working in message template HOT 2
- build.author not resolving to expected username
- [feature] Allow template to be read from a file HOT 4
- {{ datetime }} => Evaluation error: Helper datetime called with argument 0 with type int64 but it should be float64 HOT 2
- Dependency Dashboard
- Sending attachment
- Only send notifications on if one of a set of specific steps fails
- Drone doesn't link channel name HOT 1
- The plugin sends notifications as successful. HOT 3
- error on custom template with example HOT 1
- Recipient Setting Does Not Work With Display Name HOT 2
- Improvement: commit messages since last successful build HOT 3
- Getting the slack username to tag on an unsuccessful build HOT 2
- link-names update is missing in Config of main.go HOT 1
- How do I use slack plugin within ssh pipeline HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from drone-slack.