kjuulh/dagger
Archived
1
0
Fork 0
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity

Merge pull request #929 from TomChv/feat/docker-secret

Browse Source 
op.#PushContainer secret management
This commit is contained in:
Sam Alba
2021-09-01 15:27:07 -07:00
committed by GitHub
parent d629569dd4 cf13257b10
commit 28eb785203
16 changed files with 127 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
stdlib/.dagger/env/docker-pull/values.yaml vendored
View File

@@ -3,7 +3,7 @@ plan:
name: docker-pull
inputs:
ref:
text: docker.io/daggerio/ci-test:xtyzsocvpici@sha256:35fc94d52b4fa53c2caa38ff11e13182e6f88c651eb0846728d1007d931f0d3c
text: docker.io/daggerio/ci-test:pncdyzkdemof@sha256:b92cbbfef6b952befc38812cd88cf5c4c1012f6df2891595c226f56cc053334e
sops:
kms: []
gcp_kms: []
@@ -19,8 +19,8 @@ sops:
SG1raUVNTzZIWDltV1pOS3hySHlJeWcKg3blmstOGcxtPww513+mAEA0MWOXwNAT
5ngRvG6MraW3g9dhIuUYOwjuJyz1Z07/DBEocSxnjSyw45ZCkM1/9Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2021-07-08T09:53:37Z"
mac: ENC[AES256_GCM,data:kcONOT/cxu39rCrWtMEwHnSZU0o752WyrLMckPp4AGhkQ0CVb7vnnNQ0lLSzsUQfvf0Ze09kFZYuhlGqZ6EPCJvOw0girrdBi09hU2a7Nm8CZd/ku9gP08YsGV3yx0PgIYFuVQRJ60hwQEIZI5neEGV9x2FPUedy9lYbKvvboSE=,iv:ofZ605QYbEbtWNgGxNkp1QbK/VHtwchpFs4GxBU9rIg=,tag:Mo+0nfe2GaJcXpIOCl/cew==,type:str]
lastmodified: "2021-08-31T10:10:02Z"
mac: ENC[AES256_GCM,data:30qNlAVLJunPEboTzeIxcsZ06LcLiDiXXJLVqHE328hcezcOYGsvhlYTiGEzxtAsv78Mwxw54oSbiFZmCKoew9bTZFUyb6FcFVk4GG8z2I8pn7FkZlcnEknWinVf9Tc/h5R/g4/BBGzsBf2dr4fx4ADewwO2z1Df/8wdup0PD4E=,iv:KJcMdpLCfSU1LvvPMXitSPzm0JPwrDWdLncdvVFngNk=,tag:X2/D+RhEnyizZHXJWYnmmg==,type:str]
pgp: []
encrypted_suffix: secret
version: 3.7.1

6
stdlib/.dagger/env/docker-push-invalid-creds/values.yaml vendored
View File

@@ -3,7 +3,7 @@ plan:
name: docker-push-invalid-creds
inputs:
TestRegistry.secret:
text: ENC[AES256_GCM,data:PckymCtA/Q==,iv:to7XhUUcZrWDga7uT4C067BRzHEzmTPDUNAEb2TpS/I=,tag:jUTk8uGd185hmIvi/IHpww==,type:str]
secret: ENC[AES256_GCM,data:+gCg3g==,iv:TVQBLFvC1T+xNSJdmhEz+0cciIpCbo6D+twwghUU0ik=,tag:R7SoByjnyj6Aupw1/6c+8w==,type:str]
TestRegistry.username:
text: invalid
sops:
@@ -21,8 +21,8 @@ sops:
VC8wSTZvUE5UaDg2WE1CaGMzR3M1TEkK9v83AVI4lvFgjKCg8UmQrcxarlESWTfV
2cDdWgoH7ZqgXo5jFv2tn8qQWHKl8eTTeYUWn8GoNVPKrCroax2fiQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2021-07-08T09:53:54Z"
mac: ENC[AES256_GCM,data:hnVsqFM81iSA/VFPbwqtqw3jOB7H2+67VuXmKfU5fEf15D5WGLZi17HCfRJQ+Db8d0S8ICwFlzqemq+99GB0wf0QVGeOBfrLZ+/AW6Yhd7klhZZxtngXos0lcZreBWduiLkctS2lbx0aiRDBUrsKFcJmu0O9JbMkwC7Hj+nncBk=,iv:2PDO6MTSszlVwmEkAI5lI9cBoJW8JdL3Q+i+sQgtFAk=,tag:nW2OLjAhSot7VyolrXbV5Q==,type:str]
lastmodified: "2021-08-31T10:07:27Z"
mac: ENC[AES256_GCM,data:sdycrW51n0tHL76DroLAUR33Fis5Hixn6dQ7LofNoIcdAj334MTWIf0jxnbzrv4Dkm/MsU90asiGwQyHI56t8mBUqrLJmd8PBE/t6S4RghCAIlM3mcHB4iHsC8Sib2URn3wKztcIuobfU8e9IvZoW4X8R/QWc1jWNmIt8VGdwfw=,iv:g7ri14SRxhsd1SSibYzDig6mZRG7LJ+R6CPDNmNOAfI=,tag:wM1DVa3LL9zFcHKAJJjugg==,type:str]
pgp: []
encrypted_suffix: secret
version: 3.7.1

2
stdlib/dagger/op/op.cue
View File

@@ -68,7 +68,7 @@ package op
target: string
username: string
// FIXME: should be a #Secret (circular import)
secret: string | bytes
secret: _ @dagger(secret)
}
#FetchContainer: {

38
stdlib/docker/docker.cue
View File

@@ -8,7 +8,7 @@ import (
// Build a Docker image from source, using included Dockerfile
#Build: {
source: dagger.#Artifact @dagger(input)
source: dagger.#Input & {dagger.#Artifact}
#up: [
op.#DockerBuild & {
@@ -21,7 +21,7 @@ import (
// Pull a docker container
#Pull: {
// Remote ref (example: "index.docker.io/alpine:latest")
from: string @dagger(input)
from: dagger.#Input & {string}
#up: [
op.#FetchContainer & {ref: from},
@@ -31,18 +31,18 @@ import (
// Push a docker image to a remote registry
#Push: {
// Remote target (example: "index.docker.io/alpine:latest")
target: string @dagger(input)
target: dagger.#Input & {string}
// Image source
source: dagger.#Artifact @dagger(input)
source: dagger.#Input & {dagger.#Artifact}
// Registry auth
auth?: {
// Username
username: string @dagger(input)
username: dagger.#Input & {string}
// Password or secret
secret: string @dagger(input)
secret: dagger.#Input & {dagger.#Secret | string}
}
push: #up: [
@@ -72,7 +72,7 @@ import (
source: "/image_ref"
},
]
} @dagger(output)
} & dagger.#Output
// Image digest
digest: {
@@ -85,43 +85,43 @@ import (
source: "/image_digest"
},
]
} @dagger(output)
} & dagger.#Output
}
#Run: {
// Connect to a remote SSH server
ssh: {
// ssh host
host: string @dagger(input)
host: dagger.#Input & {string}
// ssh user
user: string @dagger(input)
user: dagger.#Input & {string}
// ssh port
port: *22 | int @dagger(input)
port: dagger.#Input & {*22 | int}
// private key
key: dagger.#Secret @dagger(input)
key: dagger.#Input & {dagger.#Secret}
// fingerprint
fingerprint?: string @dagger(input)
fingerprint?: dagger.#Input & {string}
// ssh key passphrase
keyPassphrase?: dagger.#Secret @dagger(input)
keyPassphrase?: dagger.#Input & {dagger.#Secret}
}
// Image reference (e.g: nginx:alpine)
ref: string @dagger(input)
ref: dagger.#Input & {string}
// Container name
name?: string @dagger(input)
name?: dagger.#Input & {string}
// Image registry
registry?: {
target: string
username: string
secret: dagger.#Secret
} @dagger(input)
} & dagger.#Input
#command: #"""
# Run detach container
@@ -150,10 +150,10 @@ import (
// FIXME: incorporate into #Build
#ImageFromDockerfile: {
// Dockerfile passed as a string
dockerfile: string @dagger(input)
dockerfile: dagger.#Input & {string}
// Build context
context: dagger.#Artifact @dagger(input)
context: dagger.#Input & {dagger.#Artifact}
#up: [
op.#DockerBuild & {

5
stdlib/docker/tests/push-invalid-creds/push.cue
View File

@@ -1,12 +1,13 @@
package docker
import (
"alpha.dagger.io/dagger"
"alpha.dagger.io/random"
)
TestRegistry: {
username: string @dagger(input)
secret: string @dagger(input)
username: dagger.#Input & {string}
secret: dagger.#Input & {dagger.#Secret}
}
TestPush: {

34
stdlib/docker/tests/push-multi-registry/push.cue
View File

@@ -4,9 +4,7 @@ import (
"alpha.dagger.io/aws"
"alpha.dagger.io/aws/ecr"
"alpha.dagger.io/dagger"
"alpha.dagger.io/dagger/op"
"alpha.dagger.io/random"
"alpha.dagger.io/alpine"
)
//
@@ -48,36 +46,10 @@ TestRemoteAWS: {
}
}
#TestGetSecret: {
secret: dagger.#Artifact
out: {
string
#up: [
op.#Load & {from: alpine.#Image},
op.#Exec & {
always: true
args: ["sh", "-c", "cp /input/secret /secret"]
mount: "/input/secret": "secret": secret
},
op.#Export & {
source: "/secret"
},
]
}
}
TestRemoteDocker: {
dockerConfig: {
username: string & dagger.#Input
secret: dagger.#Secret & dagger.#Input
}
secret: #TestGetSecret & {
secret: dockerConfig.secret
username: dagger.#Input & {string}
secret: dagger.#Input & {dagger.#Secret}
}
target: "daggerio/ci-test:test-docker-\(TestResources.suffix.out)"
@@ -87,7 +59,7 @@ TestRemoteDocker: {
source: TestResources.image
auth: {
username: dockerConfig.username
"secret": secret.out
secret: dockerConfig.secret
}
}
}

34
stdlib/docker/tests/push/push.cue
View File

@@ -1,37 +1,13 @@
package docker
import (
"alpha.dagger.io/dagger/op"
"alpha.dagger.io/dagger"
"alpha.dagger.io/alpine"
"alpha.dagger.io/random"
)
TestRegistry: {
username: string @dagger(input)
secret: dagger.#Secret @dagger(input)
}
#TestGetSecret: {
secret: dagger.#Artifact
out: {
string
#up: [
op.#Load & {from: alpine.#Image},
op.#Exec & {
always: true
args: ["sh", "-c", "cp /input/secret /secret"]
mount: "/input/secret": "secret": secret
},
op.#Export & {
source: "/secret"
},
]
}
username: dagger.#Input & {string}
secret: dagger.#Input & {dagger.#Secret}
}
TestPush: {
@@ -41,10 +17,6 @@ TestPush: {
target: "daggerio/ci-test:\(tag.out)"
secret: #TestGetSecret & {
secret: TestRegistry.secret
}
image: #ImageFromDockerfile & {
dockerfile: """
FROM alpine
@@ -58,7 +30,7 @@ TestPush: {
source: image
auth: {
username: TestRegistry.username
"secret": secret.out
secret: TestRegistry.secret
}
}
}