implemented ability to pass #Secret as env var

Signed-off-by: Richard Jones <richard@dagger.io>
This commit is contained in:
Richard Jones 2022-02-04 16:28:20 -07:00
parent e3131671a7
commit 3c57630b0e
No known key found for this signature in database
GPG Key ID: CFB3A382EB166F4C
8 changed files with 385 additions and 80 deletions

17
go.mod
View File

@ -8,9 +8,9 @@ require (
github.com/KromDaniel/jonson v0.0.0-20180630143114-d2f9c3c389db
github.com/Microsoft/go-winio v0.5.1
github.com/containerd/console v1.0.3
github.com/containerd/containerd v1.5.9
github.com/containerd/containerd v1.6.0-rc.2
github.com/docker/buildx v0.6.2
github.com/docker/distribution v2.7.1+incompatible
github.com/docker/distribution v2.8.0+incompatible
github.com/emicklei/proto v1.9.0 // indirect
github.com/go-git/go-git/v5 v5.4.2
github.com/gofrs/flock v0.8.1
@ -20,7 +20,7 @@ require (
github.com/mattn/go-colorable v0.1.8 // indirect
github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db
github.com/mitchellh/go-homedir v1.1.0
github.com/moby/buildkit v0.9.3
github.com/moby/buildkit v0.10.0-rc1
github.com/morikuni/aec v1.0.0
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.0.2
@ -29,21 +29,18 @@ require (
github.com/spf13/cobra v1.2.1
github.com/spf13/viper v1.8.1
github.com/stretchr/testify v1.7.0
github.com/tonistiigi/fsutil v0.0.0-20210609172227-d72af97c0eaf
github.com/tonistiigi/fsutil v0.0.0-20220115021204-b19f7f9cb274
github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea
github.com/tonistiigi/vt100 v0.0.0-20210615222946-8066bb97264f
go.mozilla.org/sops/v3 v3.7.1
go.opentelemetry.io/otel v1.4.0
go.opentelemetry.io/otel/exporters/jaeger v1.4.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.0.1 // indirect
go.opentelemetry.io/otel/sdk v1.4.0
go.opentelemetry.io/otel/trace v1.4.0
golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
golang.org/x/sys v0.0.0-20220110181412-a018aaa089fe // indirect
golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b
golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
golang.org/x/tools v0.1.8 // indirect
google.golang.org/grpc v1.44.0
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
@ -51,7 +48,5 @@ require (
replace (
cuelang.org/go => github.com/dagger/cue v0.4.1-rc.1.0.20220121023213-66df011a52c2
github.com/hashicorp/go-immutable-radix => github.com/tonistiigi/go-immutable-radix v0.0.0-20170803185627-826af9ccf0fe
// genproto: corresponds to containerd
google.golang.org/genproto => google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63
github.com/docker/docker => github.com/docker/docker v20.10.3-0.20220121014307-40bb9831756f+incompatible
)

400
go.sum

File diff suppressed because it is too large Load Diff

View File

@ -17,7 +17,7 @@ package engine
args: [...string]
// Environment variables
env: [key=string]: string
env: [key=string]: string | #Secret
// Working directory
workdir: string | *"/"

View File

@ -55,7 +55,7 @@ import (
// Environment variables
// Example: {"DEBUG": "1"}
env: [string]: string
env: [string]: string | engine.#Secret
// Working directory for the command
// Example: "/src"

View File

@ -77,12 +77,21 @@ func (t execTask) getRunOpts(v *compiler.Value, pctx *plancontext.Context) ([]ll
if err != nil {
return nil, err
}
for _, env := range envs {
v, err := env.Value.String()
if err != nil {
return nil, err
if plancontext.IsSecretValue(env.Value) {
secret, err := pctx.Secrets.FromValue(env.Value)
if err != nil {
return nil, err
}
opts = append(opts, llb.AddSecret(env.Label(), llb.SecretID(secret.ID()), llb.SecretAsEnv(true)))
} else {
s, err := env.Value.String()
if err != nil {
return nil, err
}
opts = append(opts, llb.AddEnv(env.Label(), s))
}
opts = append(opts, llb.AddEnv(env.Label(), v))
}
// always?

View File

@ -39,6 +39,7 @@ setup() {
cd "$TESTDIR"/tasks/exec
"$DAGGER" --europa up ./args.cue
"$DAGGER" --europa up ./env.cue
"$DAGGER" --europa up ./env_secret.cue
"$DAGGER" --europa up ./hosts.cue
"$DAGGER" --europa up ./mount_cache.cue

View File

@ -0,0 +1,25 @@
package main
import (
"dagger.io/dagger/engine"
)
engine.#Plan & {
inputs: secrets: testSecret: path: "secret.txt"
actions: {
image: engine.#Pull & {
source: "alpine:3.15.0@sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3"
}
verify: engine.#Exec & {
input: image.output
env: TEST: inputs.secrets.testSecret.contents
args: [
"sh", "-c",
#"""
test "$TEST" = "hello world"
"""#,
]
}
}
}

View File

@ -0,0 +1 @@
hello world