Merge pull request #344 from aluzzardi/registry-auth

support registry auth

stdlib/dagger/op/op.cue

@@ -32,7 +32,8 @@ package op
 // FIXME: bring back load (more efficient than copy)
 
 #Load: {
-	do:   "load"
+	do: "load"
+	// FIXME: this should be a `dagger.#Artifact`
 	from: _
 }
 
@@ -48,17 +49,32 @@ package op
 	// `true` means also ignoring the mount cache volumes
 	always?: true | *false
 	dir:     string | *"/"
+	// FIXME: this should be `from: dagger.#Artifact`
 	mount: [string]: "tmpfs" | "cache" | {from: _, path: string | *"/"}
 }
 
+// RegistryCredentials encodes Container Registry credentials
+#RegistryCredentials: {
+	username: string
+	// FIXME: this should `dagger.#Secret`
+	secret: string
+}
+
+// RegistryAuth maps registry hosts to credentials
+#RegistryAuth: {
+	[host=string]: #RegistryCredentials
+}
+
 #FetchContainer: {
-	do:  "fetch-container"
-	ref: string
+	do:   "fetch-container"
+	ref:  string
+	auth: #RegistryAuth
 }
 
 #PushContainer: {
-	do:  "push-container"
-	ref: string
+	do:   "push-container"
+	ref:  string
+	auth: #RegistryAuth
 }
 
 #FetchGit: {
@@ -68,7 +84,8 @@ package op
 }
 
 #Copy: {
-	do:   "copy"
+	do: "copy"
+	// FIXME: this should `dagger.#Artifact`
 	from: _
 	src:  string | *"/"
 	dest: string | *"/"
@@ -77,6 +94,7 @@ package op
 #DockerBuild: {
 	do: "docker-build"
 	// We accept either a context, a Dockerfile or both together
+	// FIXME: this should `dagger.#Artifact`
 	context?:        _
 	dockerfilePath?: string // path to the Dockerfile (defaults to "Dockerfile")
 	dockerfile?:     string
@@ -84,6 +102,10 @@ package op
 	platforms?: [...string]
 	buildArg?: [string]: string
 	label?: [string]:    string
+
+	// credentials for the registry (optional)
+	// used to pull images in `FROM` statements
+	auth: #RegistryAuth
 }
 
 #WriteFile: {