Merge pull request #1235 from samalba/engine-pull-auth
auth support for engine.#Pull
This commit is contained in:
commit
580c2b6e42
3
.github/workflows/ci.yml
vendored
3
.github/workflows/ci.yml
vendored
@ -101,7 +101,8 @@ jobs:
|
||||
uses: crazy-max/ghaction-github-runtime@v1
|
||||
|
||||
- name: Integration test
|
||||
# env:
|
||||
env:
|
||||
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
# DAGGER_CACHE_TO: "type=gha,mode=max,scope=test-integration"
|
||||
# DAGGER_CACHE_FROM: "type=gha,mode=max,scope=test-integration"
|
||||
run: |
|
||||
|
54
plan/task/auth.go
Normal file
54
plan/task/auth.go
Normal file
@ -0,0 +1,54 @@
|
||||
package task
|
||||
|
||||
import (
|
||||
"go.dagger.io/dagger/compiler"
|
||||
"go.dagger.io/dagger/plancontext"
|
||||
)
|
||||
|
||||
type authValue struct {
|
||||
Target string
|
||||
Username string
|
||||
Secret *plancontext.Secret
|
||||
}
|
||||
|
||||
// Decodes an auth field value
|
||||
//
|
||||
// Cue format:
|
||||
// auth: [...{
|
||||
// target: string
|
||||
// username: string
|
||||
// secret: string | #Secret
|
||||
// }]
|
||||
func decodeAuthValue(pctx *plancontext.Context, v *compiler.Value) ([]*authValue, error) {
|
||||
vals, err := v.List()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
authVals := []*authValue{}
|
||||
for _, val := range vals {
|
||||
authVal := authValue{}
|
||||
|
||||
target, err := val.Lookup("target").String()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
authVal.Target = target
|
||||
|
||||
username, err := val.Lookup("username").String()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
authVal.Username = username
|
||||
|
||||
secret, err := pctx.Secrets.FromValue(val.Lookup("secret"))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
authVal.Secret = secret
|
||||
|
||||
authVals = append(authVals, &authVal)
|
||||
}
|
||||
|
||||
return authVals, nil
|
||||
}
|
@ -7,6 +7,7 @@ import (
|
||||
|
||||
"github.com/docker/distribution/reference"
|
||||
"github.com/moby/buildkit/client/llb"
|
||||
"github.com/rs/zerolog/log"
|
||||
"go.dagger.io/dagger/compiler"
|
||||
"go.dagger.io/dagger/plancontext"
|
||||
"go.dagger.io/dagger/solver"
|
||||
@ -20,12 +21,23 @@ type pullTask struct {
|
||||
}
|
||||
|
||||
func (c *pullTask) Run(ctx context.Context, pctx *plancontext.Context, s solver.Solver, v *compiler.Value) (*compiler.Value, error) {
|
||||
// FIXME: handle auth
|
||||
lg := log.Ctx(ctx)
|
||||
|
||||
rawRef, err := v.Lookup("source").String()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Read auth info
|
||||
auth, err := decodeAuthValue(pctx, v.Lookup("auth"))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
for _, a := range auth {
|
||||
s.AddCredentials(a.Target, a.Username, a.Secret.PlainText())
|
||||
lg.Debug().Str("target", a.Target).Msg("add target credentials")
|
||||
}
|
||||
|
||||
ref, err := reference.ParseNormalizedNamed(rawRef)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to parse ref %s: %w", rawRef, err)
|
||||
@ -47,6 +59,7 @@ func (c *pullTask) Run(ctx context.Context, pctx *plancontext.Context, s solver.
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
imageJSON, err := json.Marshal(image)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -6,7 +6,12 @@ setup() {
|
||||
|
||||
@test "task: #Pull" {
|
||||
cd "$TESTDIR"/tasks/pull
|
||||
"$DAGGER" --europa up
|
||||
"$DAGGER" --europa up ./pull.cue
|
||||
}
|
||||
|
||||
@test "task: #Pull with auth" {
|
||||
cd "$TESTDIR"/tasks/pull
|
||||
"$DAGGER" --europa up ./pull_auth.cue
|
||||
}
|
||||
|
||||
@test "task: #ReadFile" {
|
||||
@ -39,4 +44,4 @@ setup() {
|
||||
|
||||
"$DAGGER" --europa up ./user.cue
|
||||
"$DAGGER" --europa up ./workdir.cue
|
||||
}
|
||||
}
|
||||
|
24
tests/tasks/pull/pull_auth.cue
Normal file
24
tests/tasks/pull/pull_auth.cue
Normal file
@ -0,0 +1,24 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"alpha.dagger.io/europa/dagger/engine"
|
||||
)
|
||||
|
||||
engine.#Plan & {
|
||||
context: secrets: dockerHubToken: envvar: "DOCKERHUB_TOKEN"
|
||||
actions: pull: engine.#Pull & {
|
||||
source: "daggerio/ci-test:private-pull@sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060"
|
||||
auth: [{
|
||||
target: "daggerio/ci-test:private-pull"
|
||||
username: "daggertest"
|
||||
secret: context.secrets.dockerHubToken.contents
|
||||
}]
|
||||
} & {
|
||||
// assert result
|
||||
digest: "sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060"
|
||||
config: {
|
||||
Env: ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]
|
||||
Cmd: ["/bin/sh"]
|
||||
}
|
||||
}
|
||||
}
|
Reference in New Issue
Block a user