Merge pull request #480 from TomChv/docker-run

Add #Run definition to docker package
2021-06-01 14:54:44 -07:00 · 2021-06-01 14:54:44 -07:00 · c02a8b89cc
commit c02a8b89cc
parent 413dec63a0 4b6315e2fc
12 changed files with 390 additions and 4 deletions
--- a/stdlib/docker/client.cue
+++ b/stdlib/docker/client.cue
@ -0,0 +1,18 @@
+package docker
+
+import (
+	"dagger.io/dagger/op"
+	"dagger.io/alpine"
+)
+
+#Client: #up: [
+	op.#Load & {
+		from: alpine.#Image & {
+			package: bash:             true
+			package: jq:               true
+			package: curl:             true
+			package: "openssh-client": true
+			package: "docker-cli":     true
+		}
+	},
+]
--- a/stdlib/docker/docker.cue
+++ b/stdlib/docker/docker.cue
@ -41,7 +41,140 @@ import (
 	]
 }

-// FIXME: #Run
+#Run: {
+	// Remote host
+	host: string @dagger(input)
+
+	// Remote user
+	user: string @dagger(input)
+
+	// Ssh remote port
+	port: *22 | int @dagger(input)
+
+	// Ssh private key
+	key: dagger.#Artifact @dagger(input)
+
+	// User fingerprint
+	fingerprint?: string @dagger(input)
+
+	// Ssh passphrase
+	passphrase?: string @dagger(input)
+
+	// Image reference (e.g: nginx:alpine)
+	ref: string @dagger(input)
+
+	// Container name
+	name?: string @dagger(input)
+
+	// Image registry
+	registry?: {
+		target:   string
+		username: string
+		secret:   dagger.#Secret
+	} @dagger(input)
+
+	#code: #"""
+	export DOCKER_HOST="ssh://$DOCKER_USERNAME@$DOCKER_HOSTNAME:\#(port)"
+
+	# Start ssh-agent
+	eval $(ssh-agent) > /dev/null
+
+	# Add key
+	message="$(ssh-keygen -y -f /key < /dev/null 2>&1)" || {
+		>&2 echo "$message"
+		exit 1
+	}
+
+	ssh-add /key > /dev/null
+	if [ "$?" != 0 ]; then
+		exit 1
+	fi
+
+	if [[ ! -z $FINGERPRINT ]]; then
+		mkdir -p "$HOME"/.ssh
+
+		# Add user's fingerprint to known hosts
+		echo "$FINGERPRINT" >> "$HOME"/.ssh/known_hosts
+	else
+		# Add host to known hosts
+		ssh -i /key -o "UserKnownHostsFile "$HOME"/.ssh/known_hosts" -o "StrictHostKeyChecking accept-new" -p \#(port) "$DOCKER_USERNAME"@"$DOCKER_HOSTNAME" /bin/true > /dev/null 2>&1
+	fi
+
+
+	# Run detach container
+	OPTS=""
+
+	if [ ! -z "$CONTAINER_NAME" ]; then
+		OPTS="$OPTS --name $CONTAINER_NAME"
+	fi
+
+	docker container run -d $OPTS \#(ref)
+	"""#
+
+	#up: [
+		op.#Load & {from: #Client},
+
+		op.#WriteFile & {
+			content: key
+			dest:    "/key"
+			mode:    0o400
+		},
+
+		if registry != _|_ {
+			op.#DockerLogin & {registry}
+		},
+
+		if passphrase != _|_ {
+			op.#WriteFile & {
+				content: passphrase
+				dest:    "/passphrase"
+				mode:    0o400
+			}
+		},
+
+		if passphrase != _|_ {
+			op.#WriteFile & {
+				content: #"""
+					#!/bin/bash
+					cat /passphrase
+					"""#
+				dest: "/get_passphrase"
+				mode: 0o500
+			}
+		},
+
+		op.#WriteFile & {
+			content: #code
+			dest:    "/entrypoint.sh"
+		},
+
+		op.#Exec & {
+			always: true
+			args: [
+				"/bin/sh",
+				"--noprofile",
+				"--norc",
+				"-eo",
+				"pipefail",
+				"/entrypoint.sh",
+			]
+			env: {
+				DOCKER_HOSTNAME: host
+				DOCKER_USERNAME: user
+				if passphrase != _|_ {
+					SSH_ASKPASS: "/get_passphrase"
+					DISPLAY:     "1"
+				}
+				if name != _|_ {
+					CONTAINER_NAME: name
+				}
+				if fingerprint != _|_ {
+					FINGERPRINT: fingerprint
+				}
+			}
+		},
+	]
+}

 // Build a Docker image from the provided Dockerfile contents
 // FIXME: incorporate into #Build
--- a/tests/stdlib.bats
+++ b/tests/stdlib.bats
@ -60,15 +60,15 @@ setup() {
    "$DAGGER" up -w "$TESTDIR"/stdlib/gcp/gcr
 }

-@test "stdlib: docker-build" {
+@test "stdlib: docker: build" {
    "$DAGGER" compute "$TESTDIR"/stdlib/docker/build/ --input-dir source="$TESTDIR"/stdlib/docker/build
 }

-@test "stdlib: docker-dockerfile" {
+@test "stdlib: docker: dockerfile" {
    "$DAGGER" compute "$TESTDIR"/stdlib/docker/dockerfile/ --input-dir source="$TESTDIR"/stdlib/docker/dockerfile/testdata
 }

-@test "stdlib: docker-push-and-pull" {
+@test "stdlib: docker: push-and-pull" {
    skip_unless_secrets_available "$TESTDIR"/stdlib/docker/push-pull/inputs.yaml

    # check that they succeed with the credentials
@ -76,6 +76,24 @@ setup() {
    assert_success
 }

+@test "stdlib: docker: run" {
+    skip_unless_secrets_available "$TESTDIR"/stdlib/docker/run/key.yaml
+
+    # Simple run
+    run "$DAGGER" compute --input-yaml "$TESTDIR"/stdlib/docker/run/key.yaml "$TESTDIR"/stdlib/docker/run/simple/
+    assert_success
+
+    # Handle key with passphrase
+    skip_unless_secrets_available "$TESTDIR"/stdlib/docker/run/protected-key.yaml
+
+    # Fail if invalid password
+    run "$DAGGER" compute --input-yaml "$TESTDIR"/stdlib/docker/run/protected-key.yaml "$TESTDIR"/stdlib/docker/run/wrrong-passphrase/
+    assert_failure
+
+    run "$DAGGER" compute --input-yaml "$TESTDIR"/stdlib/docker/run/protected-key.yaml "$TESTDIR"/stdlib/docker/run/passphrase/
+    assert_success
+}
+
@test "stdlib: terraform" {
    skip_unless_secrets_available "$TESTDIR"/stdlib/terraform/s3/inputs.yaml

--- a/tests/stdlib/docker/run/inputs.yaml
+++ b/tests/stdlib/docker/run/inputs.yaml
@ -0,0 +1,34 @@
+registry:
+    username: ENC[AES256_GCM,data:8AH6p9WHidanCA==,iv:ezThCQJv+bVBf8SdfSa2HFoP+eu6IZMPl5xvMOGDcps=,tag:mzR7xTKeQNDvkyd2Dm3AKw==,type:str]
+    secret: ENC[AES256_GCM,data:GtuaBAhFBw2JFaeuOm6mUr3m1j5fvCJjcWAzjsdU2xASFxwO,iv:YAXcRzBoemmef5PBdAOBa5acNPo4BoKH7Ngud/CWYfA=,tag:MCCUCOSutjRCI92raYrxdg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2021-04-27T00:59:33Z"
+    mac: ENC[AES256_GCM,data:qk+oo4m5OpfuQ+R3pZUuvn+gqAk15OAJzOULrlYqt1FIDRk/Q5ah5QpIbVxeP1EDVyuY/V/E0ZngRlSV7Dyx6Cp/moMd8AFBHNgnTB+Lq+NmZ9HR1QMOxpbMpJmUGn7MqQ1Ys4wy0p2q2Y2+TuUpKwmRGJbGVYEVmqvV5OT3jhc=,iv:QsUFa2GVzy6iqqLXRz8HascQZPIIzKBhxHdlabov02k=,tag:7lk63FeXsOlTCgfmWd7zrg==,type:str]
+    pgp:
+        - created_at: "2021-03-18T22:59:59Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAzqVY590vudzAQ//etnfnpfCo9rAkctR+Fwg/7VdVL3Rov+6gnyjUnoN1BS1
+            8jnBF/86AZ7uK89dTcTZCsK1hKPxeYg1kJTKpA+zfDORupzTWcMrRyjwNk5wQ2Vg
+            N1adUwFsBQpk8WptpsU/ro6+3yH+Nn35begs6hP2fH/EQ9XOxw5gY0kp0AFjGaKJ
+            tRZVrr3f2hpLESo6LILRO97UXZiGcwTn5onslECL92260cU1nqEQp+ESK7XrdYIG
+            99oM3eXEraKw4WuQDaDE6U135aUl6vIJWD1JZzyr3RW3+5O9pn5rpN3Wc0TbDR6+
+            9Fs/TjuA1h5eJzbt+lkA74BtxPOBv9O7HJnWJpXjiG0VUGHdFXoq5Tr5Ol68RQxa
+            BWe7IfTO6FHN0xOl1dY7cn5jtf+xlFjL86s9OkrJUFa9lbQx8L/QPCeA2Xiu4tpW
+            +wTSel13k8Uv/JSGgLwSohW6N4XTQYdxPkO+a1V08adwFBXaGgqxfg0rNehcS5fp
+            y3TEq84cOlBsaI+rYpnOTPEajtYWfTe8WFf+lBOn1vZ9EiupjZtefGX2MIWPXoaK
+            kVBgRvzjp4/BY68yRvdi5sZFd2nakl+DOXzouuFbzsOkxL3o9FA9aCVsXtFqqzSG
+            Hvq4ZJ5ivXf6vQf+s7Tgc4qxW2CQwIPZVkHhQossrWgtkQ4WDAyzfhF0YuhEnpLS
+            XgGNLr82LMVmempaJd7GfAR2nwGnLUTYny1KoiW/1ie6DPwLZBX/UxPOplaS5wYH
+            Xd3gV3smg5xZ7/rfvzKTzJ1a5yH6D3xI05UtnUWdqojONcXS9NS+P7RArngJwSs=
+            =m0OS
+            -----END PGP MESSAGE-----
+          fp: 6CB37404020B5F0A0B41B5BB225EBAB0B936AC65
+    unencrypted_suffix: _unencrypted
+    version: 3.7.1
--- a/tests/stdlib/docker/run/key.yaml
+++ b/tests/stdlib/docker/run/key.yaml
@ -0,0 +1,33 @@
+key: ENC[AES256_GCM,data:WVwwHYqXbaMtZu3bMbNrwhexIsfUHRaocq+6yvS55I+9BI2T9X2xvFz7IiMC+1gY9tcVkq4Fs0/bIOjDpjQ14GPNxxnbhtzyp7nFI7EnrSWCwRnHjmc+2fMcpdRFRDaYvZt+aHA9x874nCOT5DQLniKTwi8WAKMcKVuMg6g+gHVXtrFEG0d+1pJuypRannXgOlt2TgpNO9VhZFFivJbJ5fATX0xMuctBEV6CVR2gBqx62Zqz1C/znDv+BiEYHntFeXntb/n0gIL2gmTAcQbBMC5e0i8LmqmZkbCgs3GwiImNEnjaSQf97DsrfzSOEAPpz0hCo7EIF9gQHimNads/WYDvSvvH4MD1ReLBtQD22jO3JFxFrTyimAKKd0IqdMsh+S2ZqxeG8tt2yq0dEYWUdVxPpr5fgmlsfHuBE+qbPE+s2QvWvgFo3ZIaxvcKe1NSVLrNh2u666uUJK2/wetzLllYomkqvqmJxUtJHtyQg+cDOErKomFXXbeSoMw9/xnTpR5oHj7icAqehYilAm71cKWA1qpuUtbhYe8Z,iv:b3AG6AWe/Rw26R1ZPHvTGoONpjQMdf/OWLoazyySRig=,tag:lv413iPTOejZwPdUDGUsAw==,type:str]
+passphrase: ENC[AES256_GCM,data:6yw78pBY2B4=,iv:vdBWBE02qSyGmqyDeSM/4DP1QhKKFn9D1bCdP+oKic4=,tag:cg/WzydFf+IXflxW7v0BRA==,type:str]
+user: ENC[AES256_GCM,data:L3sBCudP5iA=,iv:gupZZbW9kMxC+LpAV6+S2TankSnRTbCg87Rq10U50bo=,tag:0uPJtM0qrQkq+3p7yQOmKA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    lastmodified: '2021-05-28T15:55:50Z'
+    mac: ENC[AES256_GCM,data:ZRHdrBWlnjy/AMpl2X9jInUMZdSbvdWYQTRKItNAU2gjz3baCJtGdbFb4hE7bwFPxkuv4EvzongTmUmzs9dBlmZhDIwbqeo54C37Purbi6q1CLE2wSYPdSxpP6LkJDbM4QBQ0smX3jf12K4UqPmI3e46YJtEDgtS5pNPrSGXBn0=,iv:ycQ4add4ih0nuQxBCbe5fsvMfBizX/mA7eWKBn3azBE=,tag:dF7PfbJKxMOiTBKH5VJJQA==,type:str]
+    pgp:
+    -   created_at: '2021-03-18T22:59:59Z'
+        enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAzqVY590vudzAQ//etnfnpfCo9rAkctR+Fwg/7VdVL3Rov+6gnyjUnoN1BS1
+            8jnBF/86AZ7uK89dTcTZCsK1hKPxeYg1kJTKpA+zfDORupzTWcMrRyjwNk5wQ2Vg
+            N1adUwFsBQpk8WptpsU/ro6+3yH+Nn35begs6hP2fH/EQ9XOxw5gY0kp0AFjGaKJ
+            tRZVrr3f2hpLESo6LILRO97UXZiGcwTn5onslECL92260cU1nqEQp+ESK7XrdYIG
+            99oM3eXEraKw4WuQDaDE6U135aUl6vIJWD1JZzyr3RW3+5O9pn5rpN3Wc0TbDR6+
+            9Fs/TjuA1h5eJzbt+lkA74BtxPOBv9O7HJnWJpXjiG0VUGHdFXoq5Tr5Ol68RQxa
+            BWe7IfTO6FHN0xOl1dY7cn5jtf+xlFjL86s9OkrJUFa9lbQx8L/QPCeA2Xiu4tpW
+            +wTSel13k8Uv/JSGgLwSohW6N4XTQYdxPkO+a1V08adwFBXaGgqxfg0rNehcS5fp
+            y3TEq84cOlBsaI+rYpnOTPEajtYWfTe8WFf+lBOn1vZ9EiupjZtefGX2MIWPXoaK
+            kVBgRvzjp4/BY68yRvdi5sZFd2nakl+DOXzouuFbzsOkxL3o9FA9aCVsXtFqqzSG
+            Hvq4ZJ5ivXf6vQf+s7Tgc4qxW2CQwIPZVkHhQossrWgtkQ4WDAyzfhF0YuhEnpLS
+            XgGNLr82LMVmempaJd7GfAR2nwGnLUTYny1KoiW/1ie6DPwLZBX/UxPOplaS5wYH
+            Xd3gV3smg5xZ7/rfvzKTzJ1a5yH6D3xI05UtnUWdqojONcXS9NS+P7RArngJwSs=
+            =m0OS
+            -----END PGP MESSAGE-----
+        fp: 6CB37404020B5F0A0B41B5BB225EBAB0B936AC65
+    unencrypted_suffix: _unencrypted
+    version: 3.7.1
--- a/tests/stdlib/docker/run/passphrase/passphrase.cue
+++ b/tests/stdlib/docker/run/passphrase/passphrase.cue
@ -0,0 +1,20 @@
+package docker
+
+import (
+	"dagger.io/docker"
+	"dagger.io/dagger"
+)
+
+// Run with --input-file key=$HOME/.ssh/<your private server key>
+key:        dagger.#Artifact
+passphrase: dagger.#Secret
+user:       dagger.#Secret
+
+TestRun: run: docker.#Run & {
+	host:         "143.198.64.230"
+	ref:          "nginx:alpine"
+	"user":       user
+	"passphrase": passphrase
+	name:         "daggerci-test-simple-\(random)"
+	"key":        key
+}
--- a/tests/stdlib/docker/run/passphrase/random.cue
+++ b/tests/stdlib/docker/run/passphrase/random.cue
@ -0,0 +1,20 @@
+package docker
+
+import (
+	"dagger.io/dagger/op"
+	"dagger.io/alpine"
+)
+
+random: {
+	string
+	#up: [
+		op.#Load & {from: alpine.#Image},
+		op.#Exec & {
+			always: true
+			args: ["sh", "-c", "cat /dev/urandom | tr -dc 'a-z' | fold -w 10 | head -n 1 | tr -d '\n' > /rand"]
+		},
+		op.#Export & {
+			source: "/rand"
+		},
+	]
+}
--- a/tests/stdlib/docker/run/protected-key.yaml
+++ b/tests/stdlib/docker/run/protected-key.yaml
@ -0,0 +1,33 @@
+key: ENC[AES256_GCM,data:YrLeVqoLuzcEIK6FYCGiP9DhuMAlYU3o9UX6VcensCVAA9+Ix2Y7asBp1iqRpvHLEpT8AYe7Hb+PLuyvRjyY2dKW86BecxBUyX39rc5WWB5CK8nS1jR7qdRljcJca9Pw1jKiPmSht5wtVkJQtVORsHNVQipzj6ouGVBqkw0gPPvp9Ywfrgxw+sOhdkU7FrjmoAZygQ2fbTQM7q6QhpLh1MWXw532eoIRarrxO29T6/CPl5Z17jSd9OIlKVV4iwqWrzovU857oqd9MpU+aj/dVubq497/krnStNeWnUkHyJp+IwX0hO1T5E6uj08prXw8wSTWpdtsfTChfKNDvAgshTmHN8g0bw0qmbUmdDxBSUFRUI95iOJSPLxStIobajK5W1foHbEqgiTm2Ki6ugkBaOL7v+wNhlkFXOfZrbKDBz9CCndFyzig+wXAGT+MovgwgF1S7m1av/8TGkpmxCuUPjfEmNttrwy8xACH/A/WxMoOQhFZ4Q2LUTQdtptvi32WudUMmUZdcI+VJ9TgQVSng1mPOx7yCDgIeym9vKTqZ2DHLgkKtmO+xpZfQHaifcRolJGYINatZPPYQs7kIunwPQH7pZazld45z6Lt7xXQ9/8=,iv:ac0ij8s482TzLHxNTkbr/i5O9t5NL8IMzdQS6rfmwRQ=,tag:Mew5sRiCTDavwD7GKZK/qw==,type:str]
+passphrase: ENC[AES256_GCM,data:6yw78pBY2B4=,iv:vdBWBE02qSyGmqyDeSM/4DP1QhKKFn9D1bCdP+oKic4=,tag:cg/WzydFf+IXflxW7v0BRA==,type:str]
+user: ENC[AES256_GCM,data:L3sBCudP5iA=,iv:gupZZbW9kMxC+LpAV6+S2TankSnRTbCg87Rq10U50bo=,tag:0uPJtM0qrQkq+3p7yQOmKA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    lastmodified: '2021-05-28T16:13:38Z'
+    mac: ENC[AES256_GCM,data:v4aC/yw20M2GnIktqxoGJCD4T4ViBivzMsBawNgBLTytRGI7s+QGEzdmfoF+dqA3Vdkzf0WKmoiUQ2bcbTjMx2sqvAiiavUz2/iOKdALpn2f13PHeJDBB8A9rnIdidhNadWm6rICIdlxuSmx3tCGIHcM7BY0XJvK3cr6q/3b+jE=,iv:j0J0gwpOGcDtItloYo1mbjfGJloioM1IanjqKwnOIA8=,tag:qPciC7z1fF3mNl+Zx7Fx4A==,type:str]
+    pgp:
+    -   created_at: '2021-03-18T22:59:59Z'
+        enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAzqVY590vudzAQ//etnfnpfCo9rAkctR+Fwg/7VdVL3Rov+6gnyjUnoN1BS1
+            8jnBF/86AZ7uK89dTcTZCsK1hKPxeYg1kJTKpA+zfDORupzTWcMrRyjwNk5wQ2Vg
+            N1adUwFsBQpk8WptpsU/ro6+3yH+Nn35begs6hP2fH/EQ9XOxw5gY0kp0AFjGaKJ
+            tRZVrr3f2hpLESo6LILRO97UXZiGcwTn5onslECL92260cU1nqEQp+ESK7XrdYIG
+            99oM3eXEraKw4WuQDaDE6U135aUl6vIJWD1JZzyr3RW3+5O9pn5rpN3Wc0TbDR6+
+            9Fs/TjuA1h5eJzbt+lkA74BtxPOBv9O7HJnWJpXjiG0VUGHdFXoq5Tr5Ol68RQxa
+            BWe7IfTO6FHN0xOl1dY7cn5jtf+xlFjL86s9OkrJUFa9lbQx8L/QPCeA2Xiu4tpW
+            +wTSel13k8Uv/JSGgLwSohW6N4XTQYdxPkO+a1V08adwFBXaGgqxfg0rNehcS5fp
+            y3TEq84cOlBsaI+rYpnOTPEajtYWfTe8WFf+lBOn1vZ9EiupjZtefGX2MIWPXoaK
+            kVBgRvzjp4/BY68yRvdi5sZFd2nakl+DOXzouuFbzsOkxL3o9FA9aCVsXtFqqzSG
+            Hvq4ZJ5ivXf6vQf+s7Tgc4qxW2CQwIPZVkHhQossrWgtkQ4WDAyzfhF0YuhEnpLS
+            XgGNLr82LMVmempaJd7GfAR2nwGnLUTYny1KoiW/1ie6DPwLZBX/UxPOplaS5wYH
+            Xd3gV3smg5xZ7/rfvzKTzJ1a5yH6D3xI05UtnUWdqojONcXS9NS+P7RArngJwSs=
+            =m0OS
+            -----END PGP MESSAGE-----
+        fp: 6CB37404020B5F0A0B41B5BB225EBAB0B936AC65
+    unencrypted_suffix: _unencrypted
+    version: 3.7.1
--- a/tests/stdlib/docker/run/simple/random.cue
+++ b/tests/stdlib/docker/run/simple/random.cue
@ -0,0 +1,20 @@
+package docker
+
+import (
+	"dagger.io/dagger/op"
+	"dagger.io/alpine"
+)
+
+random: {
+	string
+	#up: [
+		op.#Load & {from: alpine.#Image},
+		op.#Exec & {
+			always: true
+			args: ["sh", "-c", "cat /dev/urandom | tr -dc 'a-z' | fold -w 10 | head -n 1 | tr -d '\n' > /rand"]
+		},
+		op.#Export & {
+			source: "/rand"
+		},
+	]
+}
--- a/tests/stdlib/docker/run/simple/simple.cue
+++ b/tests/stdlib/docker/run/simple/simple.cue
@ -0,0 +1,17 @@
+package docker
+
+import (
+	"dagger.io/docker"
+	"dagger.io/dagger"
+)
+
+// Run with --input-file key=$HOME/.ssh/<your private server key>
+key: dagger.#Artifact
+
+TestRun: run: docker.#Run & {
+	host:  "143.198.64.230"
+	ref:   "nginx:alpine"
+	user:  "root"
+	name:  "daggerci-test-simple-\(random)"
+	"key": key
+}
--- a/tests/stdlib/docker/run/wrong-passphrase/random.cue
+++ b/tests/stdlib/docker/run/wrong-passphrase/random.cue
@ -0,0 +1,20 @@
+package docker
+
+import (
+	"dagger.io/dagger/op"
+	"dagger.io/alpine"
+)
+
+random: {
+	string
+	#up: [
+		op.#Load & {from: alpine.#Image},
+		op.#Exec & {
+			always: true
+			args: ["sh", "-c", "cat /dev/urandom | tr -dc 'a-z' | fold -w 10 | head -n 1 | tr -d '\n' > /rand"]
+		},
+		op.#Export & {
+			source: "/rand"
+		},
+	]
+}
--- a/tests/stdlib/docker/run/wrong-passphrase/wrong-password.cue
+++ b/tests/stdlib/docker/run/wrong-passphrase/wrong-password.cue
@ -0,0 +1,20 @@
+package docker
+
+import (
+	"dagger.io/docker"
+	"dagger.io/dagger"
+)
+
+// Run with --input-file key=$HOME/.ssh/<your private server key>
+key:        dagger.#Artifact
+passphrase: dagger.#Secret
+user:       dagger.#Secret
+
+TestRun: run: docker.#Run & {
+	host:       "143.198.64.230"
+	ref:        "nginx:alpine"
+	"user":     user
+	passphrase: "foobarbaz"
+	name:       "daggerci-test-simple-\(random)"
+	"key":      key
+}