Merge pull request #1557 from talentedmrjones/europa-engine-exec-secret-env
implemented ability to pass #Secret as env var
This commit is contained in:
commit
bf6d463833
17
go.mod
17
go.mod
@ -8,9 +8,9 @@ require (
|
||||
github.com/KromDaniel/jonson v0.0.0-20180630143114-d2f9c3c389db
|
||||
github.com/Microsoft/go-winio v0.5.1
|
||||
github.com/containerd/console v1.0.3
|
||||
github.com/containerd/containerd v1.5.9
|
||||
github.com/containerd/containerd v1.6.0-rc.2
|
||||
github.com/docker/buildx v0.6.2
|
||||
github.com/docker/distribution v2.7.1+incompatible
|
||||
github.com/docker/distribution v2.8.0+incompatible
|
||||
github.com/emicklei/proto v1.9.0 // indirect
|
||||
github.com/go-git/go-git/v5 v5.4.2
|
||||
github.com/gofrs/flock v0.8.1
|
||||
@ -20,7 +20,7 @@ require (
|
||||
github.com/mattn/go-colorable v0.1.8 // indirect
|
||||
github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db
|
||||
github.com/mitchellh/go-homedir v1.1.0
|
||||
github.com/moby/buildkit v0.9.3
|
||||
github.com/moby/buildkit v0.10.0-rc1
|
||||
github.com/morikuni/aec v1.0.0
|
||||
github.com/opencontainers/go-digest v1.0.0
|
||||
github.com/opencontainers/image-spec v1.0.2
|
||||
@ -29,21 +29,18 @@ require (
|
||||
github.com/spf13/cobra v1.2.1
|
||||
github.com/spf13/viper v1.8.1
|
||||
github.com/stretchr/testify v1.7.0
|
||||
github.com/tonistiigi/fsutil v0.0.0-20210609172227-d72af97c0eaf
|
||||
github.com/tonistiigi/fsutil v0.0.0-20220115021204-b19f7f9cb274
|
||||
github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea
|
||||
github.com/tonistiigi/vt100 v0.0.0-20210615222946-8066bb97264f
|
||||
go.mozilla.org/sops/v3 v3.7.1
|
||||
go.opentelemetry.io/otel v1.4.0
|
||||
go.opentelemetry.io/otel/exporters/jaeger v1.4.0
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.0.1 // indirect
|
||||
go.opentelemetry.io/otel/sdk v1.4.0
|
||||
go.opentelemetry.io/otel/trace v1.4.0
|
||||
golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
|
||||
golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57
|
||||
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
|
||||
golang.org/x/sys v0.0.0-20220110181412-a018aaa089fe // indirect
|
||||
golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b
|
||||
golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e
|
||||
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
|
||||
golang.org/x/tools v0.1.8 // indirect
|
||||
google.golang.org/grpc v1.44.0
|
||||
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
|
||||
@ -51,7 +48,5 @@ require (
|
||||
|
||||
replace (
|
||||
cuelang.org/go => github.com/dagger/cue v0.4.1-rc.1.0.20220121023213-66df011a52c2
|
||||
github.com/hashicorp/go-immutable-radix => github.com/tonistiigi/go-immutable-radix v0.0.0-20170803185627-826af9ccf0fe
|
||||
// genproto: corresponds to containerd
|
||||
google.golang.org/genproto => google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63
|
||||
github.com/docker/docker => github.com/docker/docker v20.10.3-0.20220121014307-40bb9831756f+incompatible
|
||||
)
|
||||
|
@ -17,7 +17,7 @@ package engine
|
||||
args: [...string]
|
||||
|
||||
// Environment variables
|
||||
env: [key=string]: string
|
||||
env: [key=string]: string | #Secret
|
||||
|
||||
// Working directory
|
||||
workdir: string | *"/"
|
||||
|
@ -55,7 +55,7 @@ import (
|
||||
|
||||
// Environment variables
|
||||
// Example: {"DEBUG": "1"}
|
||||
env: [string]: string
|
||||
env: [string]: string | engine.#Secret
|
||||
|
||||
// Working directory for the command
|
||||
// Example: "/src"
|
||||
|
@ -77,12 +77,21 @@ func (t execTask) getRunOpts(v *compiler.Value, pctx *plancontext.Context) ([]ll
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
for _, env := range envs {
|
||||
v, err := env.Value.String()
|
||||
if plancontext.IsSecretValue(env.Value) {
|
||||
secret, err := pctx.Secrets.FromValue(env.Value)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
opts = append(opts, llb.AddEnv(env.Label(), v))
|
||||
opts = append(opts, llb.AddSecret(env.Label(), llb.SecretID(secret.ID()), llb.SecretAsEnv(true)))
|
||||
} else {
|
||||
s, err := env.Value.String()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
opts = append(opts, llb.AddEnv(env.Label(), s))
|
||||
}
|
||||
}
|
||||
|
||||
// always?
|
||||
|
@ -39,6 +39,7 @@ setup() {
|
||||
cd "$TESTDIR"/tasks/exec
|
||||
"$DAGGER" --europa up ./args.cue
|
||||
"$DAGGER" --europa up ./env.cue
|
||||
"$DAGGER" --europa up ./env_secret.cue
|
||||
"$DAGGER" --europa up ./hosts.cue
|
||||
|
||||
"$DAGGER" --europa up ./mount_cache.cue
|
||||
|
25
tests/tasks/exec/env_secret.cue
Normal file
25
tests/tasks/exec/env_secret.cue
Normal file
@ -0,0 +1,25 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"dagger.io/dagger/engine"
|
||||
)
|
||||
|
||||
engine.#Plan & {
|
||||
inputs: secrets: testSecret: path: "secret.txt"
|
||||
actions: {
|
||||
image: engine.#Pull & {
|
||||
source: "alpine:3.15.0@sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3"
|
||||
}
|
||||
|
||||
verify: engine.#Exec & {
|
||||
input: image.output
|
||||
env: TEST: inputs.secrets.testSecret.contents
|
||||
args: [
|
||||
"sh", "-c",
|
||||
#"""
|
||||
test "$TEST" = "hello world"
|
||||
"""#,
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
1
tests/tasks/exec/secret.txt
Normal file
1
tests/tasks/exec/secret.txt
Normal file
@ -0,0 +1 @@
|
||||
hello world
|
Reference in New Issue
Block a user