kjuulh/dagger
Archived
1
0
Fork 0
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity

Merge pull request #1509 from talentedmrjones/europa-secrets-wrappers

Browse Source 
Implements #DecodeSecret as a wrapper to #TransformSecret
This commit is contained in:
Richard Jones 2022-01-28 12:52:53 -07:00 committed by GitHub
commit c2a7766293
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 71 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
pkg/dagger.io/dagger/utils.cue
View File

@ -1,6 +1,8 @@
package dagger package dagger
import ( import (
"encoding/yaml"
"encoding/json"
"dagger.io/dagger/engine" "dagger.io/dagger/engine"
) )
@ -17,7 +19,7 @@ import (
// Select a subdirectory from a filesystem tree // Select a subdirectory from a filesystem tree
#Subdir: { #Subdir: {
// Input tree // Input tree
input: #FS input: engine.#FS
// Path of the subdirectory // Path of the subdirectory
// Example: "/build" // Example: "/build"
@ -32,5 +34,27 @@ import (
} }
// Subdirectory tree // Subdirectory tree
output: #FS & _copy.output output: engine.#FS & _copy.output
}
// DecodeSecret is a convenience wrapper around #TransformSecret. The plain text contents of input is expected to match the format
#DecodeSecret: {
{
format: "json"
engine.#TransformSecret & {
#function: {
input: _
output: json.Unmarshal(input)
}
}
} | {
format: "yaml"
engine.#TransformSecret & {
#function: {
input: _
output: yaml.Unmarshal(input)
}
}
}
} }

15
tests/tasks/dockerfile/build_auth.cue
View File

@ -1,8 +1,8 @@
package testing package testing
import ( import (
"dagger.io/dagger"
"dagger.io/dagger/engine" "dagger.io/dagger/engine"
"encoding/yaml"
) )
engine.#Plan & { engine.#Plan & {
@ -15,21 +15,18 @@ engine.#Plan & {
} }
actions: { actions: {
dockerHubToken: engine.#TransformSecret & { sopsSecrets: dagger.#DecodeSecret & {
input: inputs.secrets.sops.contents format: "yaml"
#function: { input: inputs.secrets.sops.contents
input: _
output: yaml.Unmarshal(input)
}
} }
build: engine.#Build & { build: engine.#Dockerfile & {
source: inputs.directories.testdata.contents source: inputs.directories.testdata.contents
auth: [{ auth: [{
target: "daggerio/ci-test:private-pull" target: "daggerio/ci-test:private-pull"
username: "daggertest" username: "daggertest"
secret: dockerHubToken.output.DOCKERHUB_TOKEN.contents secret: sopsSecrets.output.DOCKERHUB_TOKEN.contents
}] }]
dockerfile: contents: """ dockerfile: contents: """
FROM daggerio/ci-test:private-pull@sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060 FROM daggerio/ci-test:private-pull@sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060

13
tests/tasks/gitpull/private_repo.cue
View File

@ -1,7 +1,7 @@
package main package main
import ( import (
"encoding/yaml" "dagger.io/dagger"
"dagger.io/dagger/engine" "dagger.io/dagger/engine"
) )
@ -17,12 +17,9 @@ engine.#Plan & {
source: "alpine:3.15.0" source: "alpine:3.15.0"
} }
repoPassword: engine.#TransformSecret & { sopsSecrets: dagger.#DecodeSecret & {
input: inputs.secrets.sops.contents format: "yaml"
#function: { input: inputs.secrets.sops.contents
input: _
output: yaml.Unmarshal(input)
}
} }
testRepo: engine.#GitPull & { testRepo: engine.#GitPull & {
@ -30,7 +27,7 @@ engine.#Plan & {
ref: "main" ref: "main"
auth: { auth: {
username: "dagger-test" username: "dagger-test"
password: repoPassword.output.TestPAT.contents password: sopsSecrets.output.TestPAT.contents
} }
} }

39
tests/tasks/pull/pull_auth.cue
View File

@ -1,27 +1,36 @@
package main package main
import ( import (
"dagger.io/dagger"
"dagger.io/dagger/engine" "dagger.io/dagger/engine"
) )
engine.#Plan & { engine.#Plan & {
inputs: secrets: dockerHubToken: command: { inputs: secrets: sops: command: {
name: "sops" name: "sops"
args: ["exec-env", "../../secrets_sops.yaml", "echo $DOCKERHUB_TOKEN"] args: ["-d", "../../secrets_sops.yaml"]
} }
actions: pull: engine.#Pull & {
source: "daggerio/ci-test:private-pull@sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060" actions: {
auth: [{ sopsSecrets: dagger.#DecodeSecret & {
target: "daggerio/ci-test:private-pull" format: "yaml"
username: "daggertest" input: inputs.secrets.sops.contents
secret: inputs.secrets.dockerHubToken.contents }
}]
} & { pull: engine.#Pull & {
// assert result source: "daggerio/ci-test:private-pull@sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060"
digest: "sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060" auth: [{
config: { target: "daggerio/ci-test:private-pull"
env: PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" username: "daggertest"
cmd: ["/bin/sh"] secret: sopsSecrets.output.DOCKERHUB_TOKEN.contents
}]
} & {
// assert result
digest: "sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060"
config: {
env: PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
cmd: ["/bin/sh"]
}
} }
} }
} }

13
tests/tasks/push/push.cue
View File

@ -2,22 +2,29 @@ package main
import ( import (
"strings" "strings"
"dagger.io/dagger"
"dagger.io/dagger/engine" "dagger.io/dagger/engine"
) )
engine.#Plan & { engine.#Plan & {
inputs: secrets: dockerHubToken: command: { inputs: secrets: sops: command: {
name: "sops" name: "sops"
args: ["exec-env", "../../secrets_sops.yaml", "echo $DOCKERHUB_TOKEN"] args: ["-d", "../../secrets_sops.yaml"]
} }
#auth: [{ #auth: [{
target: "daggerio/ci-test:private-pull" target: "daggerio/ci-test:private-pull"
username: "daggertest" username: "daggertest"
secret: inputs.secrets.dockerHubToken.contents secret: actions.sopsSecrets.output.DOCKERHUB_TOKEN.contents
}] }]
actions: { actions: {
sopsSecrets: dagger.#DecodeSecret & {
format: "yaml"
input: inputs.secrets.sops.contents
}
randomString: { randomString: {
baseImage: engine.#Pull & { baseImage: engine.#Pull & {
source: "alpine:3.15.0@sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3" source: "alpine:3.15.0@sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3"