Update docker.#Run definition and tests

Signed-off-by: Tom Chauveau <tom.chauveau@epitech.eu>
This commit is contained in:
Tom Chauveau 2021-06-11 19:01:33 +02:00
parent 8a2fc9aa72
commit b8a97fb6e7
9 changed files with 38 additions and 248 deletions

View File

@ -18,15 +18,17 @@ Build a Docker image from source, using included Dockerfile
_No output._ _No output._
## #Client ## #Command
A container image to run the Docker client A container image that can run any docker command
### #Client Inputs ### #Command Inputs
_No input._ | Name | Type | Description |
| ------------- |:-------------: |:-------------: |
|*command* | `string` |Command to execute |
### #Client Outputs ### #Command Outputs
_No output._ _No output._
@ -85,6 +87,12 @@ _No output._
|*ssh.port* | `*22 \| int` |ssh port | |*ssh.port* | `*22 \| int` |ssh port |
|*ssh.key* | `dagger.#Secret` |private key | |*ssh.key* | `dagger.#Secret` |private key |
|*ref* | `string` |Image reference (e.g: nginx:alpine) | |*ref* | `string` |Image reference (e.g: nginx:alpine) |
|*run.ssh.host* | `string` |ssh host |
|*run.ssh.user* | `string` |ssh user |
|*run.ssh.port* | `*22 \| int` |ssh port |
|*run.ssh.key* | `dagger.#Secret` |private key |
|*run.command* | `"""\n # Run detach container\n OPTS=""\n \n if [ ! -z "$CONTAINER_NAME" ]; then\n \tOPTS="$OPTS --name $CONTAINER_NAME"\n fi\n \n docker container run -d $OPTS "$IMAGE_REF"\n """` |Command to execute |
|*run.env.IMAGE_REF* | `string` |- |
### #Run Outputs ### #Run Outputs

View File

@ -14,7 +14,7 @@ TestConfig: {
TestSSH: client: docker.#Command & { TestSSH: client: docker.#Command & {
command: #""" command: #"""
docker $CMD docker version
"""# """#
ssh: { ssh: {
host: TestConfig.host host: TestConfig.host
@ -22,5 +22,4 @@ TestSSH: client: docker.#Command & {
key: TestConfig.key key: TestConfig.key
keyPassphrase: TestConfig.keyPassphrase keyPassphrase: TestConfig.keyPassphrase
} }
env: CMD: "version"
} }

View File

@ -5,7 +5,7 @@ inputs:
TestConfig.key: TestConfig.key:
secret: ENC[AES256_GCM,data:dbIEUHadOTOdPrmMAgyLGMdIY+FuyWZvv4mRyjr+BbLZavl7/fH6abiQFpPY0x3960iqPB+wEM6wG+VPDivHTj1QRVMGPIV8ZGrfeR/mfeDuaKXDttkWgRN8vyHOZ+oKnI22913tvK59gNbJX8fR0wPfqOCEWbzy+bRBh/bVH//CMwCoSU+v2rZwAqOnGyXCyeGbp+wo5xMufv+Dosgb4uhFk1CPQJfKfBJVMf1EJS0e9/P8GS5UUjevR9eeRnCJ7kdHu26b3lwAHhPWv72O/yuOIKItrgMkSuHz2H2BFdgt5xq/h/SfrONMwymg8+oEiuS3n1C8ZBv8I4RE5XF6GX/xWb9dZJLctbi6oBELtvKXhswnB0PWSK1OXMgrJ5yYFeBPpaBptRBxl0AJhOG92K6xM9O0cRxAT+vtz0zvJ7gIQDZtngcTTS+IMN6Kgmx4daW5x14FbRJRGKKqU+PHeUW2XpN70IwkWXZfLs445O9w8teayPUu3KePZJo8eLkVpWJIyVUnrk/5VIREV8EYZzRFUwTtwYSTefGycPfjz2L01xQR0fn55DxJpcLpCLqjGRhWHQE6Wn4j6aXyzbOXHMIYgw+Rx1egjszdKzgCWaA=,iv:CZyN1UCE0nI2/ch5O7kerfYBbCgoJX+dPvh5dRO3cxc=,tag:hwBmnOdC8Na0dwyUCU3QDw==,type:str] secret: ENC[AES256_GCM,data:dbIEUHadOTOdPrmMAgyLGMdIY+FuyWZvv4mRyjr+BbLZavl7/fH6abiQFpPY0x3960iqPB+wEM6wG+VPDivHTj1QRVMGPIV8ZGrfeR/mfeDuaKXDttkWgRN8vyHOZ+oKnI22913tvK59gNbJX8fR0wPfqOCEWbzy+bRBh/bVH//CMwCoSU+v2rZwAqOnGyXCyeGbp+wo5xMufv+Dosgb4uhFk1CPQJfKfBJVMf1EJS0e9/P8GS5UUjevR9eeRnCJ7kdHu26b3lwAHhPWv72O/yuOIKItrgMkSuHz2H2BFdgt5xq/h/SfrONMwymg8+oEiuS3n1C8ZBv8I4RE5XF6GX/xWb9dZJLctbi6oBELtvKXhswnB0PWSK1OXMgrJ5yYFeBPpaBptRBxl0AJhOG92K6xM9O0cRxAT+vtz0zvJ7gIQDZtngcTTS+IMN6Kgmx4daW5x14FbRJRGKKqU+PHeUW2XpN70IwkWXZfLs445O9w8teayPUu3KePZJo8eLkVpWJIyVUnrk/5VIREV8EYZzRFUwTtwYSTefGycPfjz2L01xQR0fn55DxJpcLpCLqjGRhWHQE6Wn4j6aXyzbOXHMIYgw+Rx1egjszdKzgCWaA=,iv:CZyN1UCE0nI2/ch5O7kerfYBbCgoJX+dPvh5dRO3cxc=,tag:hwBmnOdC8Na0dwyUCU3QDw==,type:str]
TestConfig.keyPassphrase: TestConfig.keyPassphrase:
secret: ENC[AES256_GCM,data:LM8qBQ1uZHVA,iv:z4MOKWy9owo69oy8Z4Gmd7fT7uXMR/Sp2qgM38wjWM4=,tag:WwZt3WtlROY3+j2LG8M39w==,type:str] secret: ENC[AES256_GCM,data:RZK8tx7PZaYtmg==,iv:yFXA8CROxAbrhz/i3PQHeqCFh4rMo+GHITpVxfAOkdo=,tag:Ep1J0nazTcc8EjHP6GbwAQ==,type:str]
TestConfig.user: TestConfig.user:
text: daggerci text: daggerci
sops: sops:
@ -23,8 +23,8 @@ sops:
R2tNU2JJWHFQTmhnUDd6eE13UUhQazgK+OQ50Q3+S5Fn2Y132ZeDrgUKWPcAk+et R2tNU2JJWHFQTmhnUDd6eE13UUhQazgK+OQ50Q3+S5Fn2Y132ZeDrgUKWPcAk+et
q8ppfZiPOtH4p6MwboSuh/vaTAAsxks7ctnqnU1pY+EHfnp8bHYHgQ== q8ppfZiPOtH4p6MwboSuh/vaTAAsxks7ctnqnU1pY+EHfnp8bHYHgQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2021-06-10T15:09:45Z" lastmodified: "2021-06-11T16:09:47Z"
mac: ENC[AES256_GCM,data:axraLjtO6zs1Zo2UVcrxJqLHlQea1pBcGCwCxIp43vw+L07haNtuqf0lJ5SL9XfB/yGjYtykP+Ld1evbgnUT4nqxRuHkN2NgHshmrytdptnOKCuTqE4sYWRt5Nny2linXmsqAYS9HAw8htw0DOjFUDruIAITjVLb8/sSgvS7wb4=,iv:Ahqguwy+9gmIzUMxDLzf9JuNybst+cMabfDciL5ZeJ4=,tag:EggVqFtbqLjMyHhrmqY1Ug==,type:str] mac: ENC[AES256_GCM,data:RTbDkgxWqVa4kgJPXny9u9hfwF1NG3g9L/6P2P44KE97yNdoxuAkuU1hs6DiATl4hgeck7p56gWLeUTeGAi+llMDqOodmSQEtD/XZvvdmyh4J+09+jg9QRwSL54xNR4Q83YBWy5PZm+hyYQdVl9H3omMCrdO78ydYXPSdDnRk3I=,iv:crEuUK+jQ6QBrf/Dxouu9+I3VXdZazKnHJ1g5JZLD0E=,tag:ymExWezKBTowuH4pugiQ/g==,type:str]
pgp: [] pgp: []
encrypted_suffix: secret encrypted_suffix: secret
version: 3.7.1 version: 3.7.1

View File

@ -1,32 +0,0 @@
package main
import (
"dagger.io/docker"
"dagger.io/dagger"
"dagger.io/random"
)
TestConfig: {
host: string @dagger(input)
user: string @dagger(input)
key: dagger.#Secret @dagger(input)
passphrase: dagger.#Secret @dagger(input)
}
TestRun: {
suffix: random.#String & {
seed: ""
}
run: docker.#Run & {
ref: "hello-world"
name: "daggerci-test-ssh-passphrase-\(suffix.out)"
ssh: {
host: TestConfig.host
user: TestConfig.user
key: TestConfig.key
keyPassphrase: TestConfig.passphrase
}
}
}

View File

@ -1,30 +0,0 @@
name: docker-run-ssh-passphrase
inputs:
TestConfig.host:
text: 143.198.64.230
TestConfig.key:
secret: ENC[AES256_GCM,data:iSpHfMuEYSmLagYZieJSMPvVhNBYjirZRennHJUOgVv4tkQa7wDyXUgSKqEhNxaL8w5ETPJwQ3vQRpXX4B/bZrtogwkGkFIhHLqsQvaRaTzIUtGarIB1ePgfgAhfXPxQwvxdmspsltdJTb3m3sg6aHOf17U2Czxhm4TfYOl+La2z1MCTFCq/d6QVOVJDtxwqyNQma/gDYG6wrbQC8KAu6+8VomuaIg9K6q8GU87oKT6eXoTMMj1DAkjKI9psihP6+GRefepZCHv2uOZHIHCrosnFzbJA7Ui9plFH9SCj29svjD4Dt7lZdoWUNPVKfnKZvXE6DfQQU42PB55EKF1ygRQTuGu89KZK5bPZKXMwVD8bV2rcvQAElmigEzuZQEdWdimOtAHBWsDmybIqHZmoq31Y1PHvrGlV5/413lkh53XJT98dLcMeBHZvxZY9HoWcYOvec+oxrwpbABrGXDEpPC7U5Z/LQ18vPj5BWkKuvhmWdGh+SeAKp19kDHlYJLRuBQvDDzpniMAfhcKr1C5VE6vqusoQ9BtXGfOy0ypGJKXq6NSywXxeeD/D0AwvMJIVvpdsQCzLLd9eiwHcY8VbUHub4AIjYLz51in9wJWtM3g=,iv:FnbOqwiJLLrgyOdOJnt5ap+MSleQtb+h4kzZYH5FCnE=,tag:g1Y0O9zUxeHin8gjGcyO+g==,type:str]
TestConfig.passphrase:
secret: ENC[AES256_GCM,data:C56QpBGR1zc=,iv:TE+Emj96cxno141uaAhQ4xp71ecBA8DmHR6WUZn+Q0Q=,tag:ZarNOVhA2agB0UbToFbtfw==,type:str]
TestConfig.user:
text: daggerci
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXV3E3c3h4R0xKcnB5YUo5
eUdkeTZUbjZ4SU9VOTdEVzVPL296ZzRQMVNZCkMxblZKTXE0TDdhdy9PVk1sQ015
VWxxNjlLc2RMdUxFV3FrbVJMYk9KRzQKLS0tIHNGeXIvY3M5MTNHM05XTmNESkpZ
ZXAwa1h2aEhGRGpwVTJzKy9EZGhQb0kKSYnRAiRh7b2LViajHk46ct94PVLHDajC
oaUPwzy4bIMI9UXGobkstC5ObmY3ba+jcPRy6c9moniL+iigZ8YglA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2021-06-09T20:14:54Z"
mac: ENC[AES256_GCM,data:ujrtYlsNtf58NNFjixESyUaqG4sM0Li6LjCCc16xhRMtepo7pdc85f8zqAU2II97EXW/DG0Cf9SKOejbRw7u+ZwtlssjFN//1BmbZzKTYE78KUNDfZjRAr1KQHjabug8iGpjmBpRs3UZ3gozQPoHPjRw7CZDzr+tV3mQ3N0qhUA=,iv:lJHb4UYnEc2T9jR24dRnCJ9/nmT5OY8jhrsc9LkhyNg=,tag:7F65O5IovHEaaFfomcS/6g==,type:str]
pgp: []
encrypted_suffix: secret
version: 3.7.1

View File

@ -1,32 +0,0 @@
package main
import (
"dagger.io/docker"
"dagger.io/dagger"
"dagger.io/random"
)
TestConfig: {
host: string @dagger(input)
user: string @dagger(input)
key: dagger.#Secret @dagger(input)
passphrase: dagger.#Secret @dagger(input)
}
TestRun: {
suffix: random.#String & {
seed: ""
}
run: docker.#Run & {
name: "daggerci-test-ssh-wrong-passphrase-\(suffix.out)"
ref: "hello-world"
ssh: {
host: TestConfig.host
user: TestConfig.user
key: TestConfig.key
keyPassphrase: TestConfig.passphrase
}
}
}

View File

@ -1,30 +0,0 @@
name: docker-run-ssh-wrong-passphrase
inputs:
TestConfig,passphrase:
secret: ENC[AES256_GCM,data:HdlbbaOogb6G,iv:Q0D3w/bEtijvaEK2ac9zmj817x7xZM2OspTmPDVBJDg=,tag:i0iGhuqMng2spumFWve18Q==,type:str]
TestConfig.host:
text: 143.198.64.230
TestConfig.key:
secret: ENC[AES256_GCM,data:83GxfuWdylQiJJF9sjOOkr9hBvSxgKEdATWeTej/xGgfPxbXm6gkPSPbZSG/Kl2IRHqsR8vbkPfMEL6FH/Y0yqEtPdf+Jl7a0E6L3coM0LW/xFY0WxBjp6D5HOI8p23rTvGGu+CKg5F38Bay2Oi6OdHGT4rsXZbT3uCCVYpbjNn00euXhCJ1w08WtDHhFUYgCbN5d84Pa7fIVR79wUmoi95/ekPsq89O6fXyI78cWzDcDll4fheqKIif8n/CAiEA96Bmb+ENaYuhPkfvQYJCPSmxixc51lr62JFZbM5iyFHW58qgsEQRPhqPg8DTqLVHP3QEUdrHptn8HfFHxlfi8zm9F3bzXGtHlVNMpYXrEVG/8TjdnpxXXm80U8oSryBkP3DglT/bmuDpO4wX0rjSwM+iwp3nqMMWp/ewLxV10rlWBiJkQaPB38If/zjRuoyuzWM46+4tzOTP0uYdzgbGbzcnnKJKvvFv0Rj8aG93vpL+RPnajnp+H3mPN9PsVPgLIpDroWxsozdQjwFUQZE5V2PeosNwW8QmXtnN8QtLwsahLu5BPQ8UAED7HLJwCKmwTXUkPaWB9FsMyg9QL75ih5vTpNjbZiRskWQbfe8Az30=,iv:SPwVKo+7tbSqnEwxysPd8MCkmZwZq3gf8FfbnDjvieo=,tag:zyYfz/3uGPZ4Iuc1OEQk+A==,type:str]
TestConfig.user:
text: daggerci
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDWjNjVWhSUnNuS2xaWFR2
Tm12UFg3elE0MUhILzJ0TkppQzR1VzZiUUMwClBwbncrR2VYVmxlZ09OUk1qV2tE
dURUZG1QVGZLdWM5WFlIQkF2UFB1YkUKLS0tIGFkN1VCajdkcHJRUk1YODBaWDFF
cm02K1NEenRnL25zc3RtaXd6SlA0UXcKFq38uYqZWvSlTOaisnhnQ+Mhbcv+ZifE
Mdxhq5w+Cdj+XhwbZ8UnnRInckD3UKovxAHV3kTSdXf54/QKn5TLVw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2021-06-09T20:15:05Z"
mac: ENC[AES256_GCM,data:+TLvTAkn2gMOxpcKhH0lvTBau/0xdgg/H9++2x0faYOA4CTLB6SzvUUvTGhrN0Z7Vut7suYPdOR4xHypfggJ6aiCmZ9PeXTwoO6F8ycAQ7TPFdBafHO61OV1fRb87X79hRU8SaKPIWrDF786lcHDGcMYkcoqyWsXDYloAEpL2t0=,iv:KYNpHruxv+l5LUqeYjXhF6cmblj70WSHlCZzlIRn7lo=,tag:ASxWqdkYtU9AyQ4aGyzL2w==,type:str]
pgp: []
encrypted_suffix: secret
version: 3.7.1

View File

@ -1,8 +1,6 @@
package docker package docker
import ( import (
"strconv"
"dagger.io/dagger" "dagger.io/dagger"
"dagger.io/dagger/op" "dagger.io/dagger/op"
) )
@ -78,38 +76,7 @@ import (
secret: dagger.#Secret secret: dagger.#Secret
} @dagger(input) } @dagger(input)
#code: #""" #command: #"""
if [ -n "$DOCKER_HOSTNAME" ]; then
export DOCKER_HOST="ssh://$DOCKER_USERNAME@$DOCKER_HOSTNAME:$DOCKER_PORT"
# Start ssh-agent
eval $(ssh-agent) > /dev/null
# Add key
if [ -f "/key" ]; then
message="$(ssh-keygen -y -f /key < /dev/null 2>&1)" || {
>&2 echo "$message"
exit 1
}
ssh-add /key > /dev/null
if [ "$?" != 0 ]; then
exit 1
fi
fi
if [[ ! -z $FINGERPRINT ]]; then
mkdir -p "$HOME"/.ssh
# Add user's fingerprint to known hosts
echo "$FINGERPRINT" >> "$HOME"/.ssh/known_hosts
else
# Add host to known hosts
ssh -i /key -o "UserKnownHostsFile "$HOME"/.ssh/known_hosts" -o "StrictHostKeyChecking accept-new" -p "$DOCKER_PORT" "$DOCKER_USERNAME"@"$DOCKER_HOSTNAME" /bin/true > /dev/null 2>&1
fi
fi
# Run detach container # Run detach container
OPTS="" OPTS=""
@ -120,67 +87,16 @@ import (
docker container run -d $OPTS "$IMAGE_REF" docker container run -d $OPTS "$IMAGE_REF"
"""# """#
#up: [ run: #Command & {
op.#Load & {from: #Client}, "ssh": ssh
command: #command
if registry != _|_ {
op.#DockerLogin & {registry}
},
if ssh.keyPassphrase != _|_ {
op.#WriteFile & {
content: #"""
#!/bin/bash
cat /passphrase
"""#
dest: "/get_passphrase"
mode: 0o500
}
},
op.#WriteFile & {
content: #code
dest: "/entrypoint.sh"
},
op.#Exec & {
always: true
args: [
"/bin/sh",
"--noprofile",
"--norc",
"-eo",
"pipefail",
"/entrypoint.sh",
]
env: { env: {
IMAGE_REF: ref IMAGE_REF: ref
if ssh != _|_ {
DOCKER_HOSTNAME: ssh.host
DOCKER_USERNAME: ssh.user
DOCKER_PORT: strconv.FormatInt(ssh.port, 10)
if ssh.keyPassphrase != _|_ {
SSH_ASKPASS: "/get_passphrase"
DISPLAY: "1"
}
if ssh.fingerprint != _|_ {
FINGERPRINT: ssh.fingerprint
}
}
if name != _|_ { if name != _|_ {
CONTAINER_NAME: name CONTAINER_NAME: name
} }
} }
mount: {
if ssh.key != _|_ {
"/key": secret: ssh.key
} }
if ssh.keyPassphrase != _|_ {
"/passphrase": secret: ssh.keyPassphrase
}
}
},
]
} }
// Build a Docker image from the provided Dockerfile contents // Build a Docker image from the provided Dockerfile contents

View File

@ -45,15 +45,6 @@ setup() {
dagger -e docker-run-ssh up dagger -e docker-run-ssh up
} }
@test "docker run: ssh with passphrase" {
dagger -e docker-run-ssh-passphrase up
}
@test "docker run: ssh with wrong passphrase" {
run dagger -e docker-run-ssh-wrong-passphrase up
assert_failure
}
@test "google cloud: gcr" { @test "google cloud: gcr" {
dagger -e google-gcr up dagger -e google-gcr up
} }