Templating Defaults and Secrets

Secrets

Users can specify secrets for a workflow via the CLI. These secrets then can be templated into the test files. This is especially handy for things like API-Tokens or similar sensitive data. The Binarly test step requires an API token, which should not be hardcoded directly into the test file. Instead, we can create a test that utilizes templated secrets to securely reference the token.

Adding / Updating Secrets on a Workflow

  • Interactively

    $ fwci secrets update TOKEN MY_TOKEN

Selected workflow: fwci-crystal-core
successfully updated secret for workflow

    Note: If only one workflow is available, it will be automatically selected.

  • Non-interactive

    $ fwci secrets update -w fwci-crystal-core

Selected workflow: fwci-crystal-core
successfully updated secret for workflow

    You can also get a list of all the secrets of the workflow:

    $ fwci secrets get

Selected workflow: fwci-crystal-core
Secrets:
0. ANOTHER-TOKEN
1. TOKEN

Referencing a Secret in a Test File

Once the secrets are added to the workflow, they can be referenced within a test file using the secrets.<secret-name> template.

For a comprehensive explanation, refer to the Templating documentation.

binarly.yaml

name: Binarly Scan
description: Test the firmware with Binarly

#The binarly test works without a DUT, therefore we can leave the pre- & post-stage empty
pre-stage: empty
post-stage: empty

stages:
  - name: Binarly Scan
    steps:
      - cmd: binarly report
        name: Binarly Scan
        parameters:
          url: "[[secrets.BinarlyURL]]"
          token: "[[secrets.BinarlyToken]]"
          file_path: "[[defaults.Binary]]"

Defaults

YAML Anchors can be utilized within tests to minimize redundant statements. These anchors should be defined under the defaults keyword in the test file. Let’s modify the Boot Test from the second tutorial to include two separate echo commands that use the same SSH transport.

# Boot Test Configuration for ARM-based board
name: Boot Test
description: This test verifies that the ARM-based board boots correctly.

defaults:
  transport: &transport
    proto: ssh
    options:
      host: "[[attributes.Host]]"
      user: root
      password: root

stages:
  - name: Boot Stage
    steps:
      - cmd: ping
        name: Wait for SSH service
        options:
          timeout: 2m
        parameters:
          host: "[[attributes.Host]]"

      - cmd: cmd
        name: Run echo "Hello" on the device
        transport: *transport
        parameters:
          executable: echo
          args: ["Hello"]

      - cmd: cmd
        name: Run echo "World!" on the device
        transport: *transport
        parameters:
          executable: echo
          args: ["World!"]