Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Resolve ¶
func Resolve(ast *rbast.RunbookAST, targetEnv string, cliVars map[string]string, envFilePath string, opts Options) error
Resolve resolves all template variables in the AST, filters blocks by target environment, stores both original and resolved commands on each node, and scans every resolved variable value for dangerous shell metacharacters.
Types ¶
type DotEnvProvider ¶
type DotEnvProvider struct {
// contains filtered or unexported fields
}
DotEnvProvider resolves secrets from a .env file.
func NewDotEnvProvider ¶
func NewDotEnvProvider(path string) (*DotEnvProvider, error)
NewDotEnvProvider creates a DotEnvProvider by reading the given .env file.
func (*DotEnvProvider) Name ¶
func (p *DotEnvProvider) Name() string
Name returns the provider name.
type EnvProvider ¶
type EnvProvider struct{}
EnvProvider resolves secrets from environment variables with a RUNBOOK_ prefix.
type MetacharError ¶
type MetacharError struct {
Warnings []MetacharWarning
}
MetacharError is returned by Resolve when --strict mode is enabled and dangerous metacharacters are detected in resolved variable values, or when the user declines to continue in interactive mode.
func (*MetacharError) Error ¶
func (e *MetacharError) Error() string
type MetacharWarning ¶
type MetacharWarning struct {
VarName string // template variable name, e.g. "version"
Value string // resolved value, e.g. "1.0.0; rm -rf /"
Metachar string // detected metacharacter display label, e.g. ";"
BlockType string // "step", "check", "rollback", or "wait"
BlockName string // block name attribute, e.g. "deploy"
FilePath string // source .runbook file path
Line int // source line number
}
MetacharWarning describes a dangerous metacharacter found in a resolved variable value.
type Options ¶
type Options struct {
// NonInteractive skips interactive prompts; metacharacter warnings are
// printed but execution continues.
NonInteractive bool
// DryRun shows metacharacter warnings but does not prompt.
DryRun bool
// Strict treats any metacharacter warning as a hard error and returns a
// *MetacharError without prompting (intended for CI pipelines).
Strict bool
// Stderr is the writer for warning output. Defaults to os.Stderr.
Stderr io.Writer
// PromptInput is the reader for interactive prompts. Defaults to os.Stdin.
PromptInput io.Reader
}
Options configures shell metacharacter scanning behaviour during resolution.
Source Files