added DecodeSecret as a wrapper to TransformSecret; supports yaml and json secrets
Signed-off-by: Richard Jones <richard@dagger.io>
This commit is contained in:
parent
afb64e926f
commit
4f2c6e55e4
@ -1,6 +1,8 @@
|
|||||||
package dagger
|
package dagger
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"encoding/yaml"
|
||||||
|
"encoding/json"
|
||||||
"dagger.io/dagger/engine"
|
"dagger.io/dagger/engine"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -17,7 +19,7 @@ import (
|
|||||||
// Select a subdirectory from a filesystem tree
|
// Select a subdirectory from a filesystem tree
|
||||||
#Subdir: {
|
#Subdir: {
|
||||||
// Input tree
|
// Input tree
|
||||||
input: #FS
|
input: engine.#FS
|
||||||
|
|
||||||
// Path of the subdirectory
|
// Path of the subdirectory
|
||||||
// Example: "/build"
|
// Example: "/build"
|
||||||
@ -32,5 +34,27 @@ import (
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Subdirectory tree
|
// Subdirectory tree
|
||||||
output: #FS & _copy.output
|
output: engine.#FS & _copy.output
|
||||||
|
}
|
||||||
|
|
||||||
|
// DecodeSecret is a convenience wrapper around #TransformSecret. The plain text contents of input is expected to match the format
|
||||||
|
#DecodeSecret: {
|
||||||
|
{
|
||||||
|
format: "json"
|
||||||
|
engine.#TransformSecret & {
|
||||||
|
#function: {
|
||||||
|
input: _
|
||||||
|
output: json.Unmarshal(input)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} | {
|
||||||
|
format: "yaml"
|
||||||
|
engine.#TransformSecret & {
|
||||||
|
#function: {
|
||||||
|
input: _
|
||||||
|
output: yaml.Unmarshal(input)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
package testing
|
package testing
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"dagger.io/dagger"
|
||||||
"dagger.io/dagger/engine"
|
"dagger.io/dagger/engine"
|
||||||
"encoding/yaml"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
engine.#Plan & {
|
engine.#Plan & {
|
||||||
@ -15,21 +15,18 @@ engine.#Plan & {
|
|||||||
}
|
}
|
||||||
|
|
||||||
actions: {
|
actions: {
|
||||||
dockerHubToken: engine.#TransformSecret & {
|
sopsSecrets: dagger.#DecodeSecret & {
|
||||||
|
format: "yaml"
|
||||||
input: inputs.secrets.sops.contents
|
input: inputs.secrets.sops.contents
|
||||||
#function: {
|
|
||||||
input: _
|
|
||||||
output: yaml.Unmarshal(input)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
build: engine.#Build & {
|
build: engine.#Dockerfile & {
|
||||||
source: inputs.directories.testdata.contents
|
source: inputs.directories.testdata.contents
|
||||||
auth: [{
|
auth: [{
|
||||||
target: "daggerio/ci-test:private-pull"
|
target: "daggerio/ci-test:private-pull"
|
||||||
username: "daggertest"
|
username: "daggertest"
|
||||||
|
|
||||||
secret: dockerHubToken.output.DOCKERHUB_TOKEN.contents
|
secret: sopsSecrets.output.DOCKERHUB_TOKEN.contents
|
||||||
}]
|
}]
|
||||||
dockerfile: contents: """
|
dockerfile: contents: """
|
||||||
FROM daggerio/ci-test:private-pull@sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060
|
FROM daggerio/ci-test:private-pull@sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/yaml"
|
"dagger.io/dagger"
|
||||||
"dagger.io/dagger/engine"
|
"dagger.io/dagger/engine"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -17,12 +17,9 @@ engine.#Plan & {
|
|||||||
source: "alpine:3.15.0"
|
source: "alpine:3.15.0"
|
||||||
}
|
}
|
||||||
|
|
||||||
repoPassword: engine.#TransformSecret & {
|
sopsSecrets: dagger.#DecodeSecret & {
|
||||||
|
format: "yaml"
|
||||||
input: inputs.secrets.sops.contents
|
input: inputs.secrets.sops.contents
|
||||||
#function: {
|
|
||||||
input: _
|
|
||||||
output: yaml.Unmarshal(input)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
testRepo: engine.#GitPull & {
|
testRepo: engine.#GitPull & {
|
||||||
@ -30,7 +27,7 @@ engine.#Plan & {
|
|||||||
ref: "main"
|
ref: "main"
|
||||||
auth: {
|
auth: {
|
||||||
username: "dagger-test"
|
username: "dagger-test"
|
||||||
password: repoPassword.output.TestPAT.contents
|
password: sopsSecrets.output.TestPAT.contents
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,20 +1,28 @@
|
|||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"dagger.io/dagger"
|
||||||
"dagger.io/dagger/engine"
|
"dagger.io/dagger/engine"
|
||||||
)
|
)
|
||||||
|
|
||||||
engine.#Plan & {
|
engine.#Plan & {
|
||||||
inputs: secrets: dockerHubToken: command: {
|
inputs: secrets: sops: command: {
|
||||||
name: "sops"
|
name: "sops"
|
||||||
args: ["exec-env", "../../secrets_sops.yaml", "echo $DOCKERHUB_TOKEN"]
|
args: ["-d", "../../secrets_sops.yaml"]
|
||||||
}
|
}
|
||||||
actions: pull: engine.#Pull & {
|
|
||||||
|
actions: {
|
||||||
|
sopsSecrets: dagger.#DecodeSecret & {
|
||||||
|
format: "yaml"
|
||||||
|
input: inputs.secrets.sops.contents
|
||||||
|
}
|
||||||
|
|
||||||
|
pull: engine.#Pull & {
|
||||||
source: "daggerio/ci-test:private-pull@sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060"
|
source: "daggerio/ci-test:private-pull@sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060"
|
||||||
auth: [{
|
auth: [{
|
||||||
target: "daggerio/ci-test:private-pull"
|
target: "daggerio/ci-test:private-pull"
|
||||||
username: "daggertest"
|
username: "daggertest"
|
||||||
secret: inputs.secrets.dockerHubToken.contents
|
secret: sopsSecrets.output.DOCKERHUB_TOKEN.contents
|
||||||
}]
|
}]
|
||||||
} & {
|
} & {
|
||||||
// assert result
|
// assert result
|
||||||
@ -25,3 +33,4 @@ engine.#Plan & {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
@ -2,22 +2,29 @@ package main
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"strings"
|
"strings"
|
||||||
|
"dagger.io/dagger"
|
||||||
"dagger.io/dagger/engine"
|
"dagger.io/dagger/engine"
|
||||||
)
|
)
|
||||||
|
|
||||||
engine.#Plan & {
|
engine.#Plan & {
|
||||||
inputs: secrets: dockerHubToken: command: {
|
inputs: secrets: sops: command: {
|
||||||
name: "sops"
|
name: "sops"
|
||||||
args: ["exec-env", "../../secrets_sops.yaml", "echo $DOCKERHUB_TOKEN"]
|
args: ["-d", "../../secrets_sops.yaml"]
|
||||||
}
|
}
|
||||||
|
|
||||||
#auth: [{
|
#auth: [{
|
||||||
target: "daggerio/ci-test:private-pull"
|
target: "daggerio/ci-test:private-pull"
|
||||||
username: "daggertest"
|
username: "daggertest"
|
||||||
secret: inputs.secrets.dockerHubToken.contents
|
secret: actions.sopsSecrets.output.DOCKERHUB_TOKEN.contents
|
||||||
}]
|
}]
|
||||||
|
|
||||||
actions: {
|
actions: {
|
||||||
|
|
||||||
|
sopsSecrets: dagger.#DecodeSecret & {
|
||||||
|
format: "yaml"
|
||||||
|
input: inputs.secrets.sops.contents
|
||||||
|
}
|
||||||
|
|
||||||
randomString: {
|
randomString: {
|
||||||
baseImage: engine.#Pull & {
|
baseImage: engine.#Pull & {
|
||||||
source: "alpine:3.15.0@sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3"
|
source: "alpine:3.15.0@sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3"
|
||||||
|
Reference in New Issue
Block a user