feat: add Rundeck Runner support, repo-named subdirectories, and SSH key cleanup#45
Open
elioe wants to merge 9 commits into
Open
feat: add Rundeck Runner support, repo-named subdirectories, and SSH key cleanup#45elioe wants to merge 9 commits into
elioe wants to merge 9 commits into
Conversation
- Implement ProxyRunnerPlugin and ProxySecretBundleCreator for secure distributed execution. - Add gitUseRepoNameSubdirectory option to clone under base directory using the git repo name. - Clean up temporary SSH keys on factory close and fix hard reset behavior in GitManager. - Add Spock unit tests for secret bundling and repo name extraction.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
…sing stack trace in prepareSecretBundleForStep Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR extends the Rundeck Git plugin to better support distributed execution via Rundeck Runners (including secret bundling), improves repo checkout directory layout (optional repo-name subdirectory), and addresses SSH session/key cleanup by making PluginSshSessionFactory closeable and ensuring callers close it.
Changes:
- Add Proxy Runner support for workflow steps by implementing
ProxyRunnerPlugin/ProxySecretBundleCreatorand introducing server-side secret bundling utilities. - Add
gitUseRepoNameSubdirectoryoption and URL-to-repo-name extraction with path traversal protections. - Fix SSH session/key resource lifecycle by making
PluginSshSessionFactoryreusable + closeable and closing it inGitManageroperations; add reset/clean before pull and improve push result handling logic.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/main/groovy/com/rundeck/plugin/util/GitPluginUtil.groovy | Adds repo-name extraction and secret-path/bundle helpers for Runner execution. |
| src/main/groovy/com/rundeck/plugin/util/PluginSshSessionFactory.groovy | Makes SSH session factory closeable; adds temp key deletion and factory reuse. |
| src/main/groovy/com/rundeck/plugin/GitManager.groovy | Ensures SSH factories are closed; resets/cleans before pull; improves push status evaluation. |
| src/main/groovy/com/rundeck/plugin/GitCloneWorkflowStep.groovy | Adds Runner secret interfaces, repo-name subdir option, and secret bundle/path methods. |
| src/main/groovy/com/rundeck/plugin/GitCommitWorkflowStep.groovy | Adds Runner secret interfaces, repo-name subdir option, and secret bundle/path methods. |
| src/main/groovy/com/rundeck/plugin/GitPushWorkflowStep.groovy | Adds Runner secret interfaces, repo-name subdir option, and secret bundle/path methods. |
| src/test/groovy/com/rundeck/plugin/WorkflowStepSecretBundleSpec.groovy | New tests verifying workflow steps implement Runner secret interfaces and bundle paths/values. |
| src/test/groovy/com/rundeck/plugin/util/PluginSshSessionFactorySpec.groovy | Updates/adds tests for factory reuse, idempotent close, and temp key deletion. |
| src/test/groovy/com/rundeck/plugin/util/GitPluginUtilSecretBundleSpec.groovy | New tests for secret path listing and secret bundle creation behavior. |
| src/test/groovy/com/rundeck/plugin/util/GitPluginUtilExtractRepoNameSpec.groovy | New tests for Git URL repo-name extraction. |
Comments suppressed due to low confidence (1)
src/main/groovy/com/rundeck/plugin/GitManager.groovy:209
- The success-path log message is incorrect: when
result.isSuccessful()is true, it currently logs "Pull is not successful.". This makes troubleshooting confusing and also duplicates the failure message.
if (!result.isSuccessful()) {
logger.info("Pull is not successful.")
} else {
logger.debug("Pull is not successful.")
}
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 10 out of 10 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
src/main/groovy/com/rundeck/plugin/GitManager.groovy:209
- The success branch logs the same "Pull is not successful." message as the failure branch, which makes pull outcomes misleading in logs. Update the else branch to log a success message (and optionally tweak the failure wording).
if (!result.isSuccessful()) {
logger.info("Pull is not successful.")
} else {
logger.debug("Pull is not successful.")
}
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 10 out of 10 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
src/main/groovy/com/rundeck/plugin/GitManager.groovy:209
- In
performPull, the success branch logs"Pull is not successful.", which is misleading and makes it hard to diagnose real pull failures. The else branch should log a success message.
if (!result.isSuccessful()) {
logger.info("Pull is not successful.")
} else {
logger.debug("Pull is not successful.")
}
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
ProxyRunnerPluginandProxySecretBundleCreatorfor secure distributed execution via Rundeck Runners.gitUseRepoNameSubdirectoryoption to clone under a subdirectory named after the Git repository.PluginSshSessionFactorynow implementsCloseable; all callers close the factory in afinallyblock.git reset --hard+git cleanbefore pull to prevent failures from dirty working tree.performPushalways logging "Push is not successful" — now checks actualRemoteRefUpdatestatuses.UP_TO_DATEbeing treated as a push failure.extractRepoName: reject.,.., and names containing path separators.prepareSecretBundleForSteperror logging.Test plan
extractRepoNamereturnsnullfor.,.., and names with/or\🤖 Generated with Claude Code