implemented integration tests for engine.#Pull + moved auth code separately for sharing code with other tasks later

Signed-off-by: Sam Alba <samalba@users.noreply.github.com>
2021-12-16 16:20:00 -08:00 · 2021-12-16 16:20:00 -08:00 · b082b1e5bc
commit b082b1e5bc
parent d668dd6dd2
4 changed files with 80 additions and 22 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -101,7 +101,8 @@ jobs:
        uses: crazy-max/ghaction-github-runtime@v1

      - name: Integration test
-        # env:
+        env:
+          DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
        #   DAGGER_CACHE_TO: "type=gha,mode=max,scope=test-integration"
        #   DAGGER_CACHE_FROM: "type=gha,mode=max,scope=test-integration"
        run: |
--- a/plan/task/auth.go
+++ b/plan/task/auth.go
@ -0,0 +1,54 @@
+package task
+
+import (
+	"go.dagger.io/dagger/compiler"
+	"go.dagger.io/dagger/plancontext"
+)
+
+type authValue struct {
+	Target   string
+	Username string
+	Secret   *plancontext.Secret
+}
+
+// Decodes an auth field value
+//
+// Cue format:
+//   auth: [...{
+//     target:   string
+//     username: string
+//     secret:   string | #Secret
+//   }]
+func decodeAuthValue(pctx *plancontext.Context, v *compiler.Value) ([]*authValue, error) {
+	vals, err := v.List()
+	if err != nil {
+		return nil, err
+	}
+
+	authVals := []*authValue{}
+	for _, val := range vals {
+		authVal := authValue{}
+
+		target, err := val.Lookup("target").String()
+		if err != nil {
+			return nil, err
+		}
+		authVal.Target = target
+
+		username, err := val.Lookup("username").String()
+		if err != nil {
+			return nil, err
+		}
+		authVal.Username = username
+
+		secret, err := pctx.Secrets.FromValue(val.Lookup("secret"))
+		if err != nil {
+			return nil, err
+		}
+		authVal.Secret = secret
+
+		authVals = append(authVals, &authVal)
+	}
+
+	return authVals, nil
+}
--- a/plan/task/pull.go
+++ b/plan/task/pull.go
@ -7,6 +7,7 @@ import (

 	"github.com/docker/distribution/reference"
 	"github.com/moby/buildkit/client/llb"
+	"github.com/rs/zerolog/log"
 	"go.dagger.io/dagger/compiler"
 	"go.dagger.io/dagger/plancontext"
 	"go.dagger.io/dagger/solver"
@ -19,20 +20,24 @@ func init() {
 type pullTask struct {
 }

-type authValue struct {
-	Target   string
-	Username string
-	// FIXME: handle secrets
-	Secret string
-}
-
 func (c *pullTask) Run(ctx context.Context, pctx *plancontext.Context, s solver.Solver, v *compiler.Value) (*compiler.Value, error) {
-	// FIXME: handle auth
+	lg := log.Ctx(ctx)
+
 	rawRef, err := v.Lookup("source").String()
 	if err != nil {
 		return nil, err
 	}

+	// Read auth info
+	auth, err := decodeAuthValue(pctx, v.Lookup("auth"))
+	if err != nil {
+		return nil, err
+	}
+	for _, a := range auth {
+		s.AddCredentials(a.Target, a.Username, a.Secret.PlainText())
+		lg.Debug().Str("target", a.Target).Msg("add target credentials")
+	}
+
 	ref, err := reference.ParseNormalizedNamed(rawRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse ref %s: %w", rawRef, err)
@ -54,6 +59,7 @@ func (c *pullTask) Run(ctx context.Context, pctx *plancontext.Context, s solver.
 	if err != nil {
 		return nil, err
 	}
+
 	imageJSON, err := json.Marshal(image)
 	if err != nil {
 		return nil, err
@ -64,17 +70,6 @@ func (c *pullTask) Run(ctx context.Context, pctx *plancontext.Context, s solver.
 		return nil, err
 	}

-	auth := []authValue{}
-
-	// Read auth data
-	if err := v.Lookup("auth").Decode(&auth); err != nil {
-		return nil, err
-	}
-
-	for _, a := range auth {
-		s.AddCredentials(a.Target, a.Username, a.Secret)
-	}
-
 	result, err := s.Solve(ctx, st, pctx.Platform.Get())
 	if err != nil {
 		return nil, err
--- a/tests/tasks/pull/pull_auth.cue
+++ b/tests/tasks/pull/pull_auth.cue
@ -5,11 +5,19 @@ import (
 )

 engine.#Plan & {
+	context: secrets: {
+		dockerHubToken: envvar: "DOCKERHUB_TOKEN"
+	}
 	actions: pull: engine.#Pull & {
-		source: "alpine:3.15.0@sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3"
+		source: "blocklayer/alpine-private:3.15.0@sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060"
+		auth: [{
+			target: "docker.io/blocklayer/alpine-private:3.15.0"
+			username: "daggertest"
+			secret: context.secrets.dockerHubToken.contents
+		}]
 	} & {
 		// assert result
-		digest: "sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3"
+		digest: "sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060"
 		config: {
 			Env: ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]
 			Cmd: ["/bin/sh"]