Add auth to Git.#Repository

Signed-off-by: Guillaume de Rouville <guillaume.derouville@gmail.com>
This commit is contained in:
Guillaume de Rouville 2021-08-26 16:12:14 +02:00
parent 3b0e3f6919
commit 08f395b70d
9 changed files with 55 additions and 43 deletions

View File

@ -37,6 +37,8 @@ A git repository
|*remote* | `string` |Git remote. Example: `"https://github.com/dagger/dagger"` | |*remote* | `string` |Git remote. Example: `"https://github.com/dagger/dagger"` |
|*ref* | `string` |Git ref: can be a commit, tag or branch. Example: "main" | |*ref* | `string` |Git ref: can be a commit, tag or branch. Example: "main" |
|*subdir* | `*null \| string` |(optional) Subdirectory | |*subdir* | `*null \| string` |(optional) Subdirectory |
|*authToken* | `dagger.#Secret` |(optional) Add Personal Access Token |
|*authHeader* | `dagger.#Secret` |(optional) Add OAuth Token |
### git.#Repository Outputs ### git.#Repository Outputs

View File

@ -816,15 +816,15 @@ func (p *Pipeline) FetchGit(ctx context.Context, op *compiler.Value, st llb.Stat
gitOpts = append(gitOpts, llb.KeepGitDir()) gitOpts = append(gitOpts, llb.KeepGitDir())
} }
// Secret // Secret
if authTokenSecret := op.Lookup("authTokenSecret"); authTokenSecret.Exists() { if authToken := op.Lookup("authToken"); authToken.Exists() {
id, err := getSecretID(authTokenSecret) id, err := getSecretID(authToken)
if err != nil { if err != nil {
return st, err return st, err
} }
gitOpts = append(gitOpts, llb.AuthTokenSecret(id)) gitOpts = append(gitOpts, llb.AuthTokenSecret(id))
} }
if authHeaderSecret := op.Lookup("authHeaderSecret"); authHeaderSecret.Exists() { if authHeader := op.Lookup("authHeader"); authHeader.Exists() {
id, err := getSecretID(authHeaderSecret) id, err := getSecretID(authHeader)
if err != nil { if err != nil {
return st, err return st, err
} }

View File

@ -1,6 +1,9 @@
plan: plan:
package: ./git/tests package: ./git/tests
name: git name: git
inputs:
TestPAT:
secret: ENC[AES256_GCM,data:7s1tSIpIDNBhAFupdjb7KtPbjKrCd5tXupr3RQF2N3Xu5XGuTZMgoQ==,iv:I+SVYLnjgMffvNg6BMB6m1lj+VVH5sDK0aIEAWPcyLY=,tag:TcfJ6LVps8dXVZGZy3T2ew==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -16,8 +19,8 @@ sops:
TmhJNisyamw3d244aGVJSEVFVUVLZGsKvd+nowA0CLXQbdvyI4J0lBjs9vdISWlo TmhJNisyamw3d244aGVJSEVFVUVLZGsKvd+nowA0CLXQbdvyI4J0lBjs9vdISWlo
gGvR49uul3Z8raVWXFUzsyQ8xTvYNg0ovynFG2KdagSKr1DlhKMBEQ== gGvR49uul3Z8raVWXFUzsyQ8xTvYNg0ovynFG2KdagSKr1DlhKMBEQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2021-07-08T09:54:31Z" lastmodified: "2021-08-26T13:44:11Z"
mac: ENC[AES256_GCM,data:pFrhyJQLJ1zQJmXQWQtmkeraiTHCKvOEr+TVgYQ6EZsei+dL+VUVWDgeHLkonxwh9eBPyAtB1cfxPc+1xVnMCqmFPVZMZ0P+CNgaOTcHk38UzOHyCcjw18AjROuEYffat8XbmjwKaSX+XRvMiC53BTrZkXt6os7hfikrySEot3A=,iv:W9S+qlvAB3gXFhUTpE17Fm/lQK6DTo7mmdzL3LjCVWQ=,tag:/fETJit+AXZ/OjIjz0TPhA==,type:str] mac: ENC[AES256_GCM,data:ttmpbzhrVFEGh/oJF4TtMvf99rutPBbzp9cIaqakIl+5nxqOkuAakgvf7IIMBG235zdyMvIXZZh6NLYG51PZA1hKNMg5Pqqba9GOSvFCHasWzNJ3pi5SLBGD02ivDfkSMbEHeOCUhnG1X4LxkYL9j+fb4tQt1Btv1hiIAcIa+eY=,iv:WxuW+0yJYtNqAB0y1nji9c3lzn4Pftir8uZojcdphng=,tag:yvcIJxkuqOmCfXoyEnGWow==,type:str]
pgp: [] pgp: []
encrypted_suffix: secret encrypted_suffix: secret
version: 3.7.1 version: 3.7.1

View File

@ -1,2 +0,0 @@
# dagger state
state/**

View File

@ -1,26 +0,0 @@
plan:
package: ./dagger/op/tests/fetch-git
name: op-fetch-git
inputs:
TestPAT:
secret: ENC[AES256_GCM,data:4rBqMc8jbs0mIl2tqxZZu6xhKWq1zb4Zmdd4eobZxmT5xkeVJM94KA==,iv:xj6wu5amzCACh8vvBbtqYK8MLsFvoFIYe2wsDLhbzhc=,tag:ZCInVlyCr41MfV9W9SK5iw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjYUh0WC8yTEtaK2VlZEU4
c1pCTUNFWWt3WE5GSzZPU1VuWnVQWHMyWTF3CnVRN0ovd2tWUlU0Q1BneEEyQm9s
Rm9TNGVVK3g5aVJUOGNYRzdxbERnNUUKLS0tIDRvTlU2eUozZy9jYzFqOHB6SzNE
NnhoNTZYQVJBV1FKUHI1aWJZTnc0bEkKBNxuA26mtiAznfuGbLcqeIxvgg9kLjBl
ZofKLWu33k7aUQJADAEKoFD7B0B502LtQRMLk94ObzdhdLxl1F3JNA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2021-08-25T15:03:39Z"
mac: ENC[AES256_GCM,data:IwMHAYejWYenT9KCSSBQhQcRMS+6EJBwDlmP1iWBNs41sbFMSvLabRsh1QHfgN8IYMc02XSii3PM8nDW44CG3s2PYaejEbS0/Q4OnqDFWjW3oyaDxS5/4OvJALV5JWSyQYAItepI1B/M6vL8nXS8lUxxuythX5jyEq9LTGfB608=,iv:8ecze6Fz8BSnENS6cXTpZ6s5zAQMsnb3yqvCjDvwhMc=,tag:iHi/g9K8GX9hrJGN2oq7Jg==,type:str]
pgp: []
encrypted_suffix: secret
version: 3.7.1

View File

@ -87,8 +87,8 @@ package op
ref: string ref: string
keepGitDir?: bool keepGitDir?: bool
// FIXME: the two options are currently ignored until we support buildkit secrets // FIXME: the two options are currently ignored until we support buildkit secrets
authTokenSecret?: _ @dagger(secret) authToken?: _ @dagger(secret)
authHeaderSecret?: _ @dagger(secret) authHeader?: _ @dagger(secret)
} }
#FetchHTTP: { #FetchHTTP: {

View File

@ -11,18 +11,24 @@ import (
#Repository: { #Repository: {
// Git remote. // Git remote.
// Example: `"https://github.com/dagger/dagger"` // Example: `"https://github.com/dagger/dagger"`
remote: string & dagger.#Input remote: dagger.#Input & {string}
// Git ref: can be a commit, tag or branch. // Git ref: can be a commit, tag or branch.
// Example: "main" // Example: "main"
ref: string & dagger.#Input ref: dagger.#Input & {string}
// (optional) Subdirectory // (optional) Subdirectory
subdir: *null | string & dagger.#Input subdir: dagger.#Input & {*null | string}
// (optional) Keep .git directory // (optional) Keep .git directory
keepGitDir: *false | bool keepGitDir: *false | bool
// (optional) Add Personal Access Token
authToken: dagger.#Input & {*null | dagger.#Secret}
// (optional) Add OAuth Token
authHeader: dagger.#Input & {*null | dagger.#Secret}
#up: [ #up: [
op.#FetchGit & { op.#FetchGit & {
"remote": remote "remote": remote
@ -30,6 +36,12 @@ import (
if (keepGitDir) { if (keepGitDir) {
keepGitDir: true keepGitDir: true
} }
if (authToken != null) {
"authToken": authToken
}
if (authHeader != null) {
"authHeader": authHeader
}
}, },
if subdir != null { if subdir != null {
op.#Subdir & { op.#Subdir & {

View File

@ -3,8 +3,9 @@ package git
import ( import (
"strings" "strings"
"alpha.dagger.io/git"
"alpha.dagger.io/alpine" "alpha.dagger.io/alpine"
"alpha.dagger.io/dagger"
"alpha.dagger.io/git"
"alpha.dagger.io/os" "alpha.dagger.io/os"
) )
@ -74,3 +75,25 @@ TestCurrentTags: os.#Container & {
[ $TAGS = "0=master" ] [ $TAGS = "0=master" ]
""" """
} }
// Test fetching a private repo
TestPAT: dagger.#Input & {dagger.#Secret}
privateRepo: git.#Repository & {
remote: "https://github.com/dagger/dagger.git"
ref: "main"
keepGitDir: true
authToken: TestPAT
}
TestPrivateRepository: os.#Container & {
image: alpine.#Image & {
package: bash: "=5.1.0-r0"
package: git: true
}
mount: "/repo1": from: privateRepo
dir: "/repo1"
command: """
[ -d .git ]
"""
}

View File

@ -10,9 +10,9 @@ import (
TestPAT: dagger.#Input & {dagger.#Secret} TestPAT: dagger.#Input & {dagger.#Secret}
TestRepo: #up: [op.#FetchGit & { TestRepo: #up: [op.#FetchGit & {
remote: "https://github.com/dagger/dagger.git" remote: "https://github.com/dagger/dagger.git"
ref: "main" ref: "main"
authTokenSecret: TestPAT authToken: TestPAT
}] }]
TestContent: os.#Container & { TestContent: os.#Container & {