added support for username:password

Signed-off-by: Richard Jones <richard@dagger.io>
This commit is contained in:
Richard Jones 2021-12-22 11:02:52 -07:00
parent a49d794409
commit 0295dc6340
No known key found for this signature in database
GPG Key ID: CFB3A382EB166F4C
3 changed files with 62 additions and 37 deletions

View File

@ -3,8 +3,10 @@ package task
import (
"context"
"net/url"
"strings"
"github.com/moby/buildkit/client/llb"
"github.com/rs/zerolog/log"
"go.dagger.io/dagger/compiler"
"go.dagger.io/dagger/plancontext"
"go.dagger.io/dagger/solver"
@ -18,53 +20,65 @@ type gitPullTask struct {
}
func (c gitPullTask) Run(ctx context.Context, pctx *plancontext.Context, s solver.Solver, v *compiler.Value) (*compiler.Value, error) {
remote, err := v.Lookup("remote").String()
if err != nil {
return nil, err
}
ref, err := v.Lookup("ref").String()
if err != nil {
return nil, err
var gitPull struct {
Remote string
Ref string
KeepGitDir bool
Username string
}
remoteRedacted := remote
if u, err := url.Parse(remote); err == nil {
remoteRedacted = u.Redacted()
if err := v.Decode(&gitPull); err != nil {
return nil, err
}
gitOpts := []llb.GitOption{}
var opts struct {
KeepGitDir bool
}
if err := v.Decode(&opts); err != nil {
return nil, err
}
lg := log.Ctx(ctx)
if opts.KeepGitDir {
if gitPull.KeepGitDir {
lg.Debug().Str("keepGitDir", "true").Msg("adding git option")
gitOpts = append(gitOpts, llb.KeepGitDir())
}
// Secret
if authToken := v.Lookup("authToken"); authToken.Exists() {
if gitPull.Username != "" {
pwd := v.Lookup("password")
pwdSecret, err := pctx.Secrets.FromValue(pwd)
if err != nil {
return nil, err
}
remote, err := url.Parse(gitPull.Remote)
if err != nil {
return nil, err
}
remote.User = url.UserPassword(gitPull.Username, strings.TrimSpace(pwdSecret.PlainText()))
gitPull.Remote = remote.String()
} else if authToken := v.Lookup("authToken"); plancontext.IsSecretValue(authToken) {
authTokenSecret, err := pctx.Secrets.FromValue(authToken)
if err != nil {
return nil, err
}
lg.Debug().Str("authToken", "***").Msg("adding git option")
gitOpts = append(gitOpts, llb.AuthTokenSecret(authTokenSecret.ID()))
}
if authHeader := v.Lookup("authHeader"); authHeader.Exists() {
} else if authHeader := v.Lookup("authHeader"); plancontext.IsSecretValue(authHeader) {
authHeaderSecret, err := pctx.Secrets.FromValue(authHeader)
if err != nil {
return nil, err
}
lg.Debug().Str("authHeader", "***").Msg("adding git option")
gitOpts = append(gitOpts, llb.AuthHeaderSecret(authHeaderSecret.ID()))
}
gitOpts = append(gitOpts, withCustomName(v, "FetchGit %s@%s", remoteRedacted, ref))
remoteRedacted := gitPull.Remote
if u, err := url.Parse(gitPull.Remote); err == nil {
remoteRedacted = u.Redacted()
}
st := llb.Git(remote, ref, gitOpts...)
gitOpts = append(gitOpts, withCustomName(v, "GitPull %s@%s", remoteRedacted, gitPull.Ref))
st := llb.Git(gitPull.Remote, gitPull.Ref, gitOpts...)
result, err := s.Solve(ctx, st, pctx.Platform.Get())
if err != nil {

View File

@ -11,12 +11,21 @@ package engine
}
// Pull a directory from a git remote
// Note: do not add credentials to the remote url: e.g: https://username:password@github.com
// as this will expose those in logs. By using username and password (as #Secret) Dagger will
// url encode them for you
#GitPull: {
$dagger: task: _name: "GitPull"
remote: string
ref: string
authToken?: #Secret
authHeader?: #Secret
keepGitDir: true | *false
{
username: string
password: #Secret // can be password or personal access token
} | {
authToken: #Secret
} | {
authHeader: #Secret
}
output: #FS
}

View File

@ -3,27 +3,29 @@ package main
import "alpha.dagger.io/europa/dagger/engine"
engine.#Plan & {
inputs: secrets: TestPAT: command: {
inputs: secrets: token: command: {
name: "sops"
args: ["exec-env", "./privateRepo.enc.yaml", "echo $data"]
}
actions: {
alpine: engine.#Pull & {
source: "alpine:3.15.0@sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3"
source: "alpine:3.15.0"
}
testRepo: engine.#GitPull & {
remote: "https://github.com/dagger/dagger.git"
ref: "main"
authToken: inputs.secrets.TestPAT.contents
username: "dagger-test"
password: inputs.secrets.token.contents
}
testContent: engine.#Exec & {
input: alpine.output
always: true
args: ["ls", "-l", "/input/repo | grep 'universe -> stdlib'"]
args: ["ls", "-l", "/repo"]
mounts: inputRepo: {
dest: "/input/repo"
dest: "/repo"
contents: testRepo.output
}
}