Merge pull request #1235 from samalba/engine-pull-auth

auth support for engine.#Pull

.github/workflows/ci.yml

@@ -101,7 +101,8 @@ jobs:
         uses: crazy-max/ghaction-github-runtime@v1
 
       - name: Integration test
-        # env:
+        env:
+          DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
         #   DAGGER_CACHE_TO: "type=gha,mode=max,scope=test-integration"
         #   DAGGER_CACHE_FROM: "type=gha,mode=max,scope=test-integration"
         run: |

plan/task/auth.go

@@ -0,0 +1,54 @@
+package task
+
+import (
+	"go.dagger.io/dagger/compiler"
+	"go.dagger.io/dagger/plancontext"
+)
+
+type authValue struct {
+	Target   string
+	Username string
+	Secret   *plancontext.Secret
+}
+
+// Decodes an auth field value
+//
+// Cue format:
+//   auth: [...{
+//     target:   string
+//     username: string
+//     secret:   string | #Secret
+//   }]
+func decodeAuthValue(pctx *plancontext.Context, v *compiler.Value) ([]*authValue, error) {
+	vals, err := v.List()
+	if err != nil {
+		return nil, err
+	}
+
+	authVals := []*authValue{}
+	for _, val := range vals {
+		authVal := authValue{}
+
+		target, err := val.Lookup("target").String()
+		if err != nil {
+			return nil, err
+		}
+		authVal.Target = target
+
+		username, err := val.Lookup("username").String()
+		if err != nil {
+			return nil, err
+		}
+		authVal.Username = username
+
+		secret, err := pctx.Secrets.FromValue(val.Lookup("secret"))
+		if err != nil {
+			return nil, err
+		}
+		authVal.Secret = secret
+
+		authVals = append(authVals, &authVal)
+	}
+
+	return authVals, nil
+}

plan/task/pull.go

@@ -7,6 +7,7 @@ import (
 
 	"github.com/docker/distribution/reference"
 	"github.com/moby/buildkit/client/llb"
+	"github.com/rs/zerolog/log"
 	"go.dagger.io/dagger/compiler"
 	"go.dagger.io/dagger/plancontext"
 	"go.dagger.io/dagger/solver"
@@ -20,12 +21,23 @@ type pullTask struct {
 }
 
 func (c *pullTask) Run(ctx context.Context, pctx *plancontext.Context, s solver.Solver, v *compiler.Value) (*compiler.Value, error) {
-	// FIXME: handle auth
+	lg := log.Ctx(ctx)
+
 	rawRef, err := v.Lookup("source").String()
 	if err != nil {
 		return nil, err
 	}
 
+	// Read auth info
+	auth, err := decodeAuthValue(pctx, v.Lookup("auth"))
+	if err != nil {
+		return nil, err
+	}
+	for _, a := range auth {
+		s.AddCredentials(a.Target, a.Username, a.Secret.PlainText())
+		lg.Debug().Str("target", a.Target).Msg("add target credentials")
+	}
+
 	ref, err := reference.ParseNormalizedNamed(rawRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse ref %s: %w", rawRef, err)
@@ -47,6 +59,7 @@ func (c *pullTask) Run(ctx context.Context, pctx *plancontext.Context, s solver.
 	if err != nil {
 		return nil, err
 	}
+
 	imageJSON, err := json.Marshal(image)
 	if err != nil {
 		return nil, err

tests/tasks.bats

@@ -6,7 +6,12 @@ setup() {
 
 @test "task: #Pull" {
     cd "$TESTDIR"/tasks/pull
-    "$DAGGER" --europa up
+    "$DAGGER" --europa up ./pull.cue
+}
+
+@test "task: #Pull with auth" {
+    cd "$TESTDIR"/tasks/pull
+    "$DAGGER" --europa up ./pull_auth.cue
 }
 
 @test "task: #ReadFile" {
@@ -39,4 +44,4 @@ setup() {
 
     "$DAGGER" --europa up ./user.cue
     "$DAGGER" --europa up ./workdir.cue
-}
+}

tests/tasks/pull/pull_auth.cue

@@ -0,0 +1,24 @@
+package main
+
+import (
+	"alpha.dagger.io/europa/dagger/engine"
+)
+
+engine.#Plan & {
+	context: secrets: dockerHubToken: envvar: "DOCKERHUB_TOKEN"
+	actions: pull: engine.#Pull & {
+		source: "daggerio/ci-test:private-pull@sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060"
+		auth: [{
+			target:   "daggerio/ci-test:private-pull"
+			username: "daggertest"
+			secret:   context.secrets.dockerHubToken.contents
+		}]
+	} & {
+		// assert result
+		digest: "sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060"
+		config: {
+			Env: ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]
+			Cmd: ["/bin/sh"]
+		}
+	}
+}