Fix yaml_extraction_prologue.sh to account for the move to JuliaCI, and fix some other outdated instances of staticfloat-->JuliaCI (#41)

* Fix `yaml_extraction_prologue.sh` to account for the move to JuliaCI

* Fix some other outdated instances of `staticfloat-->JuliaCI`

* Fix a big bug

Author: DilumAluthge

README.md

@@ -34,7 +34,7 @@ steps:
     env:
       BUILDKITE_PLUGIN_CRYPTIC_BASE64_SIGNED_JOB_ID_SECRET: ${BUILDKITE_PLUGIN_CRYPTIC_BASE64_SIGNED_JOB_ID_SECRET?}
     plugins:
-    - staticfloat/cryptic:
+    - JuliaCI/cryptic:
         files:
             # This file is actually only stored as `secret_message.txt.encrypted` in the repo,
             # and `cryptic` will create the `secret_message.txt` file from it, when it decrypts
@@ -75,7 +75,7 @@ steps:
   # In the WebUI, the `cryptic` launch job _must_ be the first job to run
   - label: ":rocket: launch pipelines"
     plugins:
-      - staticfloat/cryptic:
+      - JuliaCI/cryptic:
           # Our list of pipelines that should be launched (but don't require a signature)
           # These pipelines can be modified by any contributor and CI will still run.
           # Build secrets will not be available in these pipelines (or their children)

bin/encrypt_file

@@ -81,7 +81,7 @@ cat <<-EOD
     locking down CI configuration and next steps.
 
     plugins:
-        - staticfloat/cryptic:
+        - JuliaCI/cryptic:
           files:
             - ${FILE_PATH}
 EOD

bin/encrypt_variable

@@ -41,7 +41,7 @@ cat <<-EOD
     locking down CI configuration and next steps.
 
     plugins:
-        - staticfloat/cryptic:
+        - JuliaCI/cryptic:
           variables:
             - ${SECRET_NAME}="${ENCRYPTED_SECRET_VALUE}"
 EOD

example/.buildkite/codesign.yml

@@ -10,7 +10,7 @@ steps:
     env:
       BUILDKITE_PLUGIN_CRYPTIC_BASE64_SIGNED_JOB_ID_SECRET: ${BUILDKITE_PLUGIN_CRYPTIC_BASE64_SIGNED_JOB_ID_SECRET?}
     plugins:
-      - staticfloat/cryptic:
+      - JuliaCI/cryptic:
           files:
             - ".buildkite/secrets/codesign_key.txt"
           signed_pipelines:

example/.buildkite/deploy.yml

@@ -9,7 +9,7 @@ steps:
     env:
       BUILDKITE_PLUGIN_CRYPTIC_BASE64_SIGNED_JOB_ID_SECRET: ${BUILDKITE_PLUGIN_CRYPTIC_BASE64_SIGNED_JOB_ID_SECRET?}
     plugins:
-      - staticfloat/cryptic:
+      - JuliaCI/cryptic:
           variables:
             - S3_ACCESS_KEY="U2FsdGVkX1/CA5U5HCFuKSnLHk3bQBjFwN8VJZtAs5e3+tVs87UoM8A+VR+HC0jPyvx3cdDTyws8V1JDbzWCmRzq8IJ98hGtJNHrMxwWGDs="
     commands: |

example/.buildkite/pipeline.yml

@@ -5,7 +5,7 @@ steps:
     env:
       CRYPTIC_ADHOC_SECRET_SSH_KEY: "FPyxl8XnP4Ye8J1DExyytA3ZM68ff13+wPPtLiSktSHru0uO0oZYNeFhOBi+lT/Wig48iidYaKh+vBzzqBkOp+x5PP8FYqKJaD6Nj+tkIc1kOe94M0Yhn7Ao22+lu6hA5EUC5+0071DXLWkTB9Cmxbzl08KxapHjluUOuPFBnWokzFa2PAiAw0GuS4TXuwWNxfJpMl59W2IUPjLqO6tegZzg7yFhBcG8zKvnD1tVuYPQqA4aYvnQkwblxQDeJ5LMHXSDgpk1LRLJvhq5kbbMFZ42kb/emsFR7uU6Z3tmUVYPF4fCvDbvZHa2e/81P0ZHKWvQe1cSsx9x8AEWxzlT6g==;U2FsdGVkX1+KynLJPlxV7qdZ6KC5MCl55+N+gpnCbkRSJqJJRWwKz550fyI1PB6/"
     plugins:
-      - staticfloat/cryptic:
+      - JuliaCI/cryptic:
           # Our list of pipelines that should be launched (but don't require a signature)
           # These pipelines can be modified by any contributor and CI will still run.
           # Build secrets will not be available in these pipelines (or their children)

lib/yaml_extraction_prologue.sh

@@ -18,7 +18,9 @@ function extract_encrypted_variables() {
             (shyaml -q keys-0 <<<"${PLUGINS}" || true) |
             while IFS='' read -r -d '' PLUGIN_NAME; do
                 # Skip plugins that are not named `cryptic`
-                if [[ "${PLUGIN_NAME}" != staticfloat/cryptic* ]]; then
+                # For now, support both JuliaCI/cryptic* and staticfloat/cryptic*, to make the
+                # transition smoother.
+                if [[ "${PLUGIN_NAME}" != JuliaCI/cryptic* && "${PLUGIN_NAME}" != staticfloat/cryptic* ]]; then
                     continue
                 fi
                 # For each plugin, if its `cryptic`, extract the variables
@@ -65,7 +67,9 @@ function extract_encrypted_files() {
             (shyaml -q keys-0 <<<"${PLUGINS}" || true) |
             while IFS='' read -r -d '' PLUGIN_NAME; do
                 # Skip plugins that are not named `cryptic`
-                if [[ "${PLUGIN_NAME}" != staticfloat/cryptic* ]]; then
+                # For now, support both JuliaCI/cryptic* and staticfloat/cryptic*, to make the
+                # transition smoother.
+                if [[ "${PLUGIN_NAME}" != JuliaCI/cryptic* && "${PLUGIN_NAME}" != staticfloat/cryptic* ]]; then
                     continue
                 fi
                 # For each plugin, if its `cryptic`, extract the files
@@ -76,7 +80,7 @@ function extract_encrypted_files() {
                 done
             done
         done
-    done    
+    done
 }
 
 # Calculate the treehashes of each signed pipeline defined within a launching `.yml` file,
@@ -113,7 +117,9 @@ function extract_plugin_treehashes() {
         (shyaml -q keys-0 <<<"${PLUGINS}" || true) |
         while IFS='' read -r -d '' PLUGIN_NAME; do
             # Skip plugins that are not named `cryptic`
-            if [[ "${PLUGIN_NAME}" != staticfloat/cryptic* ]]; then
+            # For now, support both JuliaCI/cryptic* and staticfloat/cryptic*, to make the
+            # transition smoother.
+            if [[ "${PLUGIN_NAME}" != JuliaCI/cryptic* && "${PLUGIN_NAME}" != staticfloat/cryptic* ]]; then
                 continue
             fi
 

plugin.yml

@@ -1,9 +1,9 @@
 name: Cryptic
 description: Deploy encrypted files to public repositories
-author: https://github.com/staticfloat
+author: https://github.com/JuliaCI
 configuration:
   properties:
-    # base64-encoded, encrypted variables that will be exported to the command block 
+    # base64-encoded, encrypted variables that will be exported to the command block
     # See `bin/encrypt_variable` for how to generate these.
     variables:
       type: array