added support for username:password

Signed-off-by: Richard Jones <richard@dagger.io>
This commit is contained in:
Richard Jones 2021-12-22 11:02:52 -07:00
parent a49d794409
commit 0295dc6340
No known key found for this signature in database
GPG Key ID: CFB3A382EB166F4C
3 changed files with 62 additions and 37 deletions

View File

@ -3,8 +3,10 @@ package task
import ( import (
"context" "context"
"net/url" "net/url"
"strings"
"github.com/moby/buildkit/client/llb" "github.com/moby/buildkit/client/llb"
"github.com/rs/zerolog/log"
"go.dagger.io/dagger/compiler" "go.dagger.io/dagger/compiler"
"go.dagger.io/dagger/plancontext" "go.dagger.io/dagger/plancontext"
"go.dagger.io/dagger/solver" "go.dagger.io/dagger/solver"
@ -18,53 +20,65 @@ type gitPullTask struct {
} }
func (c gitPullTask) Run(ctx context.Context, pctx *plancontext.Context, s solver.Solver, v *compiler.Value) (*compiler.Value, error) { func (c gitPullTask) Run(ctx context.Context, pctx *plancontext.Context, s solver.Solver, v *compiler.Value) (*compiler.Value, error) {
remote, err := v.Lookup("remote").String() var gitPull struct {
if err != nil { Remote string
return nil, err Ref string
} KeepGitDir bool
ref, err := v.Lookup("ref").String() Username string
if err != nil {
return nil, err
} }
remoteRedacted := remote if err := v.Decode(&gitPull); err != nil {
if u, err := url.Parse(remote); err == nil { return nil, err
remoteRedacted = u.Redacted()
} }
gitOpts := []llb.GitOption{} gitOpts := []llb.GitOption{}
var opts struct {
KeepGitDir bool
}
if err := v.Decode(&opts); err != nil { lg := log.Ctx(ctx)
return nil, err
}
if opts.KeepGitDir { if gitPull.KeepGitDir {
lg.Debug().Str("keepGitDir", "true").Msg("adding git option")
gitOpts = append(gitOpts, llb.KeepGitDir()) gitOpts = append(gitOpts, llb.KeepGitDir())
} }
// Secret if gitPull.Username != "" {
if authToken := v.Lookup("authToken"); authToken.Exists() { pwd := v.Lookup("password")
pwdSecret, err := pctx.Secrets.FromValue(pwd)
if err != nil {
return nil, err
}
remote, err := url.Parse(gitPull.Remote)
if err != nil {
return nil, err
}
remote.User = url.UserPassword(gitPull.Username, strings.TrimSpace(pwdSecret.PlainText()))
gitPull.Remote = remote.String()
} else if authToken := v.Lookup("authToken"); plancontext.IsSecretValue(authToken) {
authTokenSecret, err := pctx.Secrets.FromValue(authToken) authTokenSecret, err := pctx.Secrets.FromValue(authToken)
if err != nil { if err != nil {
return nil, err return nil, err
} }
lg.Debug().Str("authToken", "***").Msg("adding git option")
gitOpts = append(gitOpts, llb.AuthTokenSecret(authTokenSecret.ID())) gitOpts = append(gitOpts, llb.AuthTokenSecret(authTokenSecret.ID()))
} } else if authHeader := v.Lookup("authHeader"); plancontext.IsSecretValue(authHeader) {
if authHeader := v.Lookup("authHeader"); authHeader.Exists() {
authHeaderSecret, err := pctx.Secrets.FromValue(authHeader) authHeaderSecret, err := pctx.Secrets.FromValue(authHeader)
if err != nil { if err != nil {
return nil, err return nil, err
} }
lg.Debug().Str("authHeader", "***").Msg("adding git option")
gitOpts = append(gitOpts, llb.AuthHeaderSecret(authHeaderSecret.ID())) gitOpts = append(gitOpts, llb.AuthHeaderSecret(authHeaderSecret.ID()))
} }
gitOpts = append(gitOpts, withCustomName(v, "FetchGit %s@%s", remoteRedacted, ref)) remoteRedacted := gitPull.Remote
if u, err := url.Parse(gitPull.Remote); err == nil {
remoteRedacted = u.Redacted()
}
st := llb.Git(remote, ref, gitOpts...) gitOpts = append(gitOpts, withCustomName(v, "GitPull %s@%s", remoteRedacted, gitPull.Ref))
st := llb.Git(gitPull.Remote, gitPull.Ref, gitOpts...)
result, err := s.Solve(ctx, st, pctx.Platform.Get()) result, err := s.Solve(ctx, st, pctx.Platform.Get())
if err != nil { if err != nil {

View File

@ -11,12 +11,21 @@ package engine
} }
// Pull a directory from a git remote // Pull a directory from a git remote
// Note: do not add credentials to the remote url: e.g: https://username:password@github.com
// as this will expose those in logs. By using username and password (as #Secret) Dagger will
// url encode them for you
#GitPull: { #GitPull: {
$dagger: task: _name: "GitPull" $dagger: task: _name: "GitPull"
remote: string remote: string
ref: string ref: string
authToken?: #Secret keepGitDir: true | *false
authHeader?: #Secret {
keepGitDir: true | *false username: string
output: #FS password: #Secret // can be password or personal access token
} | {
authToken: #Secret
} | {
authHeader: #Secret
}
output: #FS
} }

View File

@ -3,27 +3,29 @@ package main
import "alpha.dagger.io/europa/dagger/engine" import "alpha.dagger.io/europa/dagger/engine"
engine.#Plan & { engine.#Plan & {
inputs: secrets: TestPAT: command: { inputs: secrets: token: command: {
name: "sops" name: "sops"
args: ["exec-env", "./privateRepo.enc.yaml", "echo $data"] args: ["exec-env", "./privateRepo.enc.yaml", "echo $data"]
} }
actions: { actions: {
alpine: engine.#Pull & { alpine: engine.#Pull & {
source: "alpine:3.15.0@sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3" source: "alpine:3.15.0"
} }
testRepo: engine.#GitPull & { testRepo: engine.#GitPull & {
remote: "https://github.com/dagger/dagger.git" remote: "https://github.com/dagger/dagger.git"
ref: "main" ref: "main"
authToken: inputs.secrets.TestPAT.contents username: "dagger-test"
password: inputs.secrets.token.contents
} }
testContent: engine.#Exec & { testContent: engine.#Exec & {
input: alpine.output input: alpine.output
always: true always: true
args: ["ls", "-l", "/input/repo | grep 'universe -> stdlib'"] args: ["ls", "-l", "/repo"]
mounts: inputRepo: { mounts: inputRepo: {
dest: "/input/repo" dest: "/repo"
contents: testRepo.output contents: testRepo.output
} }
} }