Skip to content

Commit

Permalink
[Update] Updating buildkite-agent not to fail a job when JWK is mis…
Browse files Browse the repository at this point in the history 
…sing and failure behaviour is set to `warn`.
  • Loading branch information
@CheeseStick @wolfeidau
CheeseStick authored and wolfeidau committed Sep 6, 2024
1 parent 36b3346 commit d4b6d14
Showing 1 changed file with 13 additions and 9 deletions.
22 changes: 13 additions & 9 deletions agent/run_job.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,12 @@ import (
)

const (
SignalReasonAgentRefused = "agent_refused"
SignalReasonAgentStop = "agent_stop"
SignalReasonCancel = "cancel"
SignalReasonSignatureRejected = "signature_rejected"
SignalReasonProcessRunError = "process_run_error"
SignalReasonAgentRefused = "agent_refused"
SignalReasonAgentStop = "agent_stop"
SignalReasonCancel = "cancel"
SignalReasonSignatureRejected = "signature_rejected"
SignalReasonUnableToVerifySignature = "unable_to_verify_signature"
SignalReasonProcessRunError = "process_run_error"
)

type missingKeyError struct {
Expand Down Expand Up @@ -92,11 +93,14 @@ func (r *JobRunner) Run(ctx context.Context) error {
if r.conf.JWKS == nil && job.Step.Signature != nil {
r.verificationFailureLogs(
VerificationBehaviourBlock,
&missingKeyError{signature: job.Step.Signature.Value},
fmt.Errorf("cannot verify signature. JWK for pipeline verification is not configured"),
)
exit.Status = -1
exit.SignalReason = SignalReasonSignatureRejected
return nil

if r.VerificationFailureBehavior == VerificationBehaviourBlock {
exit.Status = -1
exit.SignalReason = SignalReasonUnableToVerifySignature
return nil
}
}

if r.conf.JWKS != nil {
Expand Down

0 comments on commit d4b6d14

Please sign in to comment.