Merge pull request #628 from TomChv/improve-docker-push
Improve docker.#Push definition
This commit is contained in:
commit
e020b23649
@ -70,18 +70,23 @@ _No output._
|
|||||||
|
|
||||||
## docker.#Push
|
## docker.#Push
|
||||||
|
|
||||||
Push a docker image
|
Push a docker image to a remote registry
|
||||||
|
|
||||||
### docker.#Push Inputs
|
### docker.#Push Inputs
|
||||||
|
|
||||||
| Name | Type | Description |
|
| Name | Type | Description |
|
||||||
| ------------- |:-------------: |:-------------: |
|
| ------------- |:-------------: |:-------------: |
|
||||||
|*ref* | `string` |Remote ref (example: "index.docker.io/alpine:latest") |
|
|*target* | `string` |Remote target (example: "index.docker.io/alpine:latest") |
|
||||||
|*source* | `dagger.#Artifact` |Image |
|
|*source* | `dagger.#Artifact` |Image source |
|
||||||
|
|*auth.username* | `string` |Username |
|
||||||
|
|*auth.secret* | `string` |Password or secret |
|
||||||
|
|
||||||
### docker.#Push Outputs
|
### docker.#Push Outputs
|
||||||
|
|
||||||
_No output._
|
| Name | Type | Description |
|
||||||
|
| ------------- |:-------------: |:-------------: |
|
||||||
|
|*ref* | `string` |Image ref |
|
||||||
|
|*digest* | `string` |Image digest |
|
||||||
|
|
||||||
## docker.#Run
|
## docker.#Run
|
||||||
|
|
||||||
|
@ -2,10 +2,10 @@ package solver
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"net/url"
|
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
|
|
||||||
|
"github.com/docker/distribution/reference"
|
||||||
bkauth "github.com/moby/buildkit/session/auth"
|
bkauth "github.com/moby/buildkit/session/auth"
|
||||||
"google.golang.org/grpc"
|
"google.golang.org/grpc"
|
||||||
"google.golang.org/grpc/codes"
|
"google.golang.org/grpc/codes"
|
||||||
@ -40,9 +40,9 @@ func (a *RegistryAuthProvider) Register(server *grpc.Server) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (a *RegistryAuthProvider) Credentials(ctx context.Context, req *bkauth.CredentialsRequest) (*bkauth.CredentialsResponse, error) {
|
func (a *RegistryAuthProvider) Credentials(ctx context.Context, req *bkauth.CredentialsRequest) (*bkauth.CredentialsResponse, error) {
|
||||||
reqURL, err := parseAuthHost(req.Host)
|
host := req.Host
|
||||||
if err != nil {
|
if host == "registry-1.docker.io" {
|
||||||
return nil, err
|
host = "docker.io"
|
||||||
}
|
}
|
||||||
|
|
||||||
a.m.RLock()
|
a.m.RLock()
|
||||||
@ -54,7 +54,7 @@ func (a *RegistryAuthProvider) Credentials(ctx context.Context, req *bkauth.Cred
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if u.Host == reqURL.Host {
|
if u == host {
|
||||||
return auth, nil
|
return auth, nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -62,15 +62,16 @@ func (a *RegistryAuthProvider) Credentials(ctx context.Context, req *bkauth.Cred
|
|||||||
return &bkauth.CredentialsResponse{}, nil
|
return &bkauth.CredentialsResponse{}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func parseAuthHost(host string) (*url.URL, error) {
|
func parseAuthHost(host string) (string, error) {
|
||||||
if host == "registry-1.docker.io" {
|
host = strings.TrimPrefix(host, "http://")
|
||||||
host = "https://index.docker.io/v1/"
|
host = strings.TrimPrefix(host, "https://")
|
||||||
}
|
|
||||||
|
|
||||||
if !strings.HasPrefix(host, "http://") && !strings.HasPrefix(host, "https://") {
|
ref, err := reference.ParseNormalizedNamed(host)
|
||||||
host = "https://" + host
|
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
}
|
}
|
||||||
return url.Parse(host)
|
return reference.Domain(ref), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a *RegistryAuthProvider) FetchToken(ctx context.Context, req *bkauth.FetchTokenRequest) (rr *bkauth.FetchTokenResponse, err error) {
|
func (a *RegistryAuthProvider) FetchToken(ctx context.Context, req *bkauth.FetchTokenRequest) (rr *bkauth.FetchTokenResponse, err error) {
|
||||||
|
2
stdlib/.dagger/env/docker-pull/.gitignore
vendored
Normal file
2
stdlib/.dagger/env/docker-pull/.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
# dagger state
|
||||||
|
state/**
|
27
stdlib/.dagger/env/docker-pull/values.yaml
vendored
Normal file
27
stdlib/.dagger/env/docker-pull/values.yaml
vendored
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
plan:
|
||||||
|
module: ./docker
|
||||||
|
package: ./tests/pull
|
||||||
|
name: docker-pull
|
||||||
|
inputs:
|
||||||
|
ref:
|
||||||
|
text: docker.io/daggerio/ci-test:xtyzsocvpici@sha256:35fc94d52b4fa53c2caa38ff11e13182e6f88c651eb0846728d1007d931f0d3c
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0WFI2ZGFUOWgvNkdlZ3Na
|
||||||
|
dEE5dTlVQi8vUVJqcHUxWE9GSmdnNmZLMHhRCm1sbFlJbEw1ZVFSVXU4MCtkT09l
|
||||||
|
dVR1WE5XUkVpSXA3aXN5TzZLaWJRNnMKLS0tIDZINGpzODdXVUdKVVpFMjFUbUFO
|
||||||
|
SG1raUVNTzZIWDltV1pOS3hySHlJeWcKg3blmstOGcxtPww513+mAEA0MWOXwNAT
|
||||||
|
5ngRvG6MraW3g9dhIuUYOwjuJyz1Z07/DBEocSxnjSyw45ZCkM1/9Q==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2021-06-26T14:52:40Z"
|
||||||
|
mac: ENC[AES256_GCM,data:IVEK6NFWEmNv8kRay2wVNhrsXVazVinIYRDLy7DTvaiWXyQYun//joK3QIoKz3dqi9rXeuTd95B13RxVQWKy/8cpmryg4QCwAaCj8erb5FHMRfn5/mAAV3NL5oAoOpKF4lZByrfdrXTJKppGWwYOFy8X693kK3FUzoUpIW2OqXg=,iv:qinwsUefQ7M+0OCTISPdQ9q//xsPitmHeCpdF00BJoo=,tag:reHZ5j0nz9fjAEFpR7IGGQ==,type:str]
|
||||||
|
pgp: []
|
||||||
|
encrypted_suffix: secret
|
||||||
|
version: 3.7.1
|
2
stdlib/.dagger/env/docker-push-invalid-creds/.gitignore
vendored
Normal file
2
stdlib/.dagger/env/docker-push-invalid-creds/.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
# dagger state
|
||||||
|
state/**
|
29
stdlib/.dagger/env/docker-push-invalid-creds/values.yaml
vendored
Normal file
29
stdlib/.dagger/env/docker-push-invalid-creds/values.yaml
vendored
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
plan:
|
||||||
|
module: ./docker
|
||||||
|
package: ./tests/push-invalid-creds
|
||||||
|
name: docker-push-invalid-creds
|
||||||
|
inputs:
|
||||||
|
TestRegistry.secret:
|
||||||
|
text: ENC[AES256_GCM,data:PckymCtA/Q==,iv:to7XhUUcZrWDga7uT4C067BRzHEzmTPDUNAEb2TpS/I=,tag:jUTk8uGd185hmIvi/IHpww==,type:str]
|
||||||
|
TestRegistry.username:
|
||||||
|
text: invalid
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4czBwNGtSdGZqdEZ5WDlM
|
||||||
|
SHVYOU5zdFl4L2ptZk5rSHgwek1aaDNicENFCkJ4OUIweU5OZTVKalpTSkhYaGxB
|
||||||
|
RUpHZmVvU3g3Y2tBZnRUcHh0TE52M1EKLS0tIHI1VUt1aUR0a0tDNHJVTHY4eEt1
|
||||||
|
VC8wSTZvUE5UaDg2WE1CaGMzR3M1TEkK9v83AVI4lvFgjKCg8UmQrcxarlESWTfV
|
||||||
|
2cDdWgoH7ZqgXo5jFv2tn8qQWHKl8eTTeYUWn8GoNVPKrCroax2fiQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2021-06-26T15:00:53Z"
|
||||||
|
mac: ENC[AES256_GCM,data:ptE3WydZDuethnN5Qh26uAfndRbT+RKz2mktH4s2KyRNeDKgiBfwOVS1xoTxz+nkFoms0Cxac3iaVwZLpZXniQUbOAYY1fzfmyL32bfAUdNFs7P6K0thwSy8r8LJ38GvxHzZW289YVFTGSaJWCapbrcGzl6B7Aj5RcQ+Hhu32K8=,iv:PA2R7Q8y8F//RGnHpOCmxp8jWKXlAZ3Yfo0xbtPfx2E=,tag:EmxBTb9WVrDdOmgDHEDYfg==,type:str]
|
||||||
|
pgp: []
|
||||||
|
encrypted_suffix: secret
|
||||||
|
version: 3.7.1
|
2
stdlib/.dagger/env/docker-push-multi-registry/.gitignore
vendored
Normal file
2
stdlib/.dagger/env/docker-push-multi-registry/.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
# dagger state
|
||||||
|
state/**
|
35
stdlib/.dagger/env/docker-push-multi-registry/values.yaml
vendored
Normal file
35
stdlib/.dagger/env/docker-push-multi-registry/values.yaml
vendored
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
plan:
|
||||||
|
module: ./docker
|
||||||
|
package: ./tests/push-multi-registry
|
||||||
|
name: docker-push-multi-registry
|
||||||
|
inputs:
|
||||||
|
TestRemoteAWS.awsConfig.accessKey:
|
||||||
|
secret: ENC[AES256_GCM,data:Vg+RRHYV5p0twlKtq0zGzokTsXY=,iv:XXEjaZBmS7A+KBZQ/0ZJ4WLH3M5dthg0lq86BhHOt2U=,tag:q6QSQkH9Jz/e4FGlBNllug==,type:str]
|
||||||
|
TestRemoteAWS.awsConfig.region:
|
||||||
|
text: us-east-2
|
||||||
|
TestRemoteAWS.awsConfig.secretKey:
|
||||||
|
secret: ENC[AES256_GCM,data:uk5BBJhmc8RadT1FSIsnW+/Rvs8c+kIhshBia+DX+UEWiuPV+RwXfw==,iv:DzXcvUcy3amU7wCA6XFgPvGUAU+dxPZQMHKM94d9PlY=,tag:QDDs4kg6cFPLLGRM6sHzfg==,type:str]
|
||||||
|
TestRemoteDocker.dockerConfig.secret:
|
||||||
|
secret: ENC[AES256_GCM,data:bxlKdGBSd2Rxf0Kmw8+QO1h0308rGYPqzUO17Eg4RUh2WQjd,iv:vNZww3t8yBrcmmddJghtJWfkz3G9j2CPGyx9B3e/WK8=,tag:qlUl2dkREcGZxdKeAzPjzQ==,type:str]
|
||||||
|
TestRemoteDocker.dockerConfig.username:
|
||||||
|
text: daggertest
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnc1JZMUpTUnFZNVI3RHh3
|
||||||
|
a0RtTDNIQ2xjaHJlM0tNbndta1NlMjc2a2dFCkQzV0FpMFBHZUdZb0RMYW1DUGN2
|
||||||
|
TlZVQ2dhdWt3OEN5LzZEYXR4QkFSTTAKLS0tIFdaS0Z0dG85QXNNTnpXZ0dFUGpY
|
||||||
|
Yy81dlJ5cDhCL1VCc0szSE9Dbjh0TUEK+xcj1bHhJr0MR+2QLL0Y+at0/SFXcutx
|
||||||
|
VpUkCykV3eBV6P9I51+3NeJ/ZMmJ43N2geFFJNeacmn8uQKNxpgGGw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2021-07-01T13:15:01Z"
|
||||||
|
mac: ENC[AES256_GCM,data:vpU0XJA/H/ra4BIuReWJAOLvFW4s+xHDAxxSYoU1WkdX68EUb1jbuhEqyDqlhQRn6lf3qSt9kbnbiiw39/mrdBFnwDg5DLjOPT17G/rBiSp9p+1e4mN8hGNp79uen+dDQX7f4NSxZ4nroMVtEuIuBrbFaZUMYVaBYEHjGuw2hgc=,iv:/nW7lpopSsqTwoaPgiHrabtl8aOZtJEezkwBDqi15Tg=,tag:uw3Hj+/t3Y5U0wpK7g+tJg==,type:str]
|
||||||
|
pgp: []
|
||||||
|
encrypted_suffix: secret
|
||||||
|
version: 3.7.1
|
2
stdlib/.dagger/env/docker-push/.gitignore
vendored
Normal file
2
stdlib/.dagger/env/docker-push/.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
# dagger state
|
||||||
|
state/**
|
29
stdlib/.dagger/env/docker-push/values.yaml
vendored
Normal file
29
stdlib/.dagger/env/docker-push/values.yaml
vendored
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
plan:
|
||||||
|
module: ./docker
|
||||||
|
package: ./tests/push
|
||||||
|
name: docker-push
|
||||||
|
inputs:
|
||||||
|
TestRegistry.secret:
|
||||||
|
secret: ENC[AES256_GCM,data:ooc+0IjYtX9tkM7q1i4Ws6CorZsWtGQzHbjGx+j892iTZC7Q,iv:asdJzuRAHBRhD/FlkEd1VvX1tIz/qupBL7sMQWxZL5E=,tag:yuTyDx7hZeC+cmHx6tspmQ==,type:str]
|
||||||
|
TestRegistry.username:
|
||||||
|
text: daggertest
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrcnpRZ203QzhtKzc3bzF4
|
||||||
|
Y002V0JUUnNZMks2VS83SjBOdVZid1dxbTJjCmc5VGtvM3lOejEvQ3VMZ1ZyZElZ
|
||||||
|
Skd3ZWxRMHdQRHdtZFBYUFMweDFlL28KLS0tIHhHeUh4a2gvb2w3UTEyNFZaK0dS
|
||||||
|
UjFJYTc1UUUzSFVkZjQ2blRsSGpVdVEKOanMR3+WlAgoDfqTUW7WPW1ytT3NdkTX
|
||||||
|
4Rqo49QmnuKFJ9tKoBFQOqgIo8E/lpcOkeIUiy5e/35FvsZ/KFk/pg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2021-06-26T14:53:13Z"
|
||||||
|
mac: ENC[AES256_GCM,data:kxzdmyQwRIVP9D+w9LzRDIZOxDUqpSaGeD/GqaVxnQivEUjVFK5ePAcYV1fzjU4eeO3chIrP8NpvpIKZ1LztQddsPdTj72Yffgc5yq8/dGa3njiM8p9oa5hnZNoxLtyVPgRoNy3ZUZ6YSN9nqCFWW0DCjeSoiDlPX+1Vj/S6PeM=,iv:DhX4N6idS3VBaqau6k9yH+li34hOd3jqBsJJQu/P3Jw=,tag:X+taa7XgRmovR0JkhGpi7g==,type:str]
|
||||||
|
pgp: []
|
||||||
|
encrypted_suffix: secret
|
||||||
|
version: 3.7.1
|
@ -59,7 +59,7 @@ package op
|
|||||||
|
|
||||||
#DockerLogin: {
|
#DockerLogin: {
|
||||||
do: "docker-login"
|
do: "docker-login"
|
||||||
target: string | *"https://index.docker.io/v1/"
|
target: string
|
||||||
username: string
|
username: string
|
||||||
// FIXME: should be a #Secret (circular import)
|
// FIXME: should be a #Secret (circular import)
|
||||||
secret: string | bytes
|
secret: string | bytes
|
||||||
|
@ -28,18 +28,64 @@ import (
|
|||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
// Push a docker image
|
// Push a docker image to a remote registry
|
||||||
#Push: {
|
#Push: {
|
||||||
// Remote ref (example: "index.docker.io/alpine:latest")
|
// Remote target (example: "index.docker.io/alpine:latest")
|
||||||
ref: string @dagger(input)
|
target: string @dagger(input)
|
||||||
|
|
||||||
// Image
|
// Image source
|
||||||
source: dagger.#Artifact @dagger(input)
|
source: dagger.#Artifact @dagger(input)
|
||||||
|
|
||||||
#up: [
|
// Registry auth
|
||||||
op.#Load & {from: source},
|
auth: {
|
||||||
op.#PushContainer & {"ref": ref},
|
// Username
|
||||||
|
username: string @dagger(input)
|
||||||
|
|
||||||
|
// Password or secret
|
||||||
|
secret: string @dagger(input)
|
||||||
|
}
|
||||||
|
|
||||||
|
push: #up: [
|
||||||
|
op.#Load & {from: source},
|
||||||
|
|
||||||
|
if auth != _|_ {
|
||||||
|
op.#DockerLogin & {
|
||||||
|
"target": target
|
||||||
|
username: auth.username
|
||||||
|
secret: auth.secret
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
op.#PushContainer & {ref: target},
|
||||||
|
|
||||||
|
op.#Subdir & {dir: "/dagger"},
|
||||||
]
|
]
|
||||||
|
|
||||||
|
// Image ref
|
||||||
|
ref: {
|
||||||
|
string
|
||||||
|
|
||||||
|
#up: [
|
||||||
|
op.#Load & {from: push},
|
||||||
|
|
||||||
|
op.#Export & {
|
||||||
|
source: "/image_ref"
|
||||||
|
},
|
||||||
|
]
|
||||||
|
} @dagger(output)
|
||||||
|
|
||||||
|
// Image digest
|
||||||
|
digest: {
|
||||||
|
string
|
||||||
|
|
||||||
|
#up: [
|
||||||
|
op.#Load & {from: push},
|
||||||
|
|
||||||
|
op.#Export & {
|
||||||
|
source: "/image_digest"
|
||||||
|
},
|
||||||
|
]
|
||||||
|
} @dagger(output)
|
||||||
}
|
}
|
||||||
|
|
||||||
#Run: {
|
#Run: {
|
||||||
|
25
stdlib/docker/tests/pull/pull.cue
Normal file
25
stdlib/docker/tests/pull/pull.cue
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
package docker
|
||||||
|
|
||||||
|
import (
|
||||||
|
"alpha.dagger.io/dagger/op"
|
||||||
|
"alpha.dagger.io/alpine"
|
||||||
|
)
|
||||||
|
|
||||||
|
ref: string @dagger(input)
|
||||||
|
|
||||||
|
TestPull: {
|
||||||
|
pull: #Pull & {from: ref}
|
||||||
|
|
||||||
|
check: #up: [
|
||||||
|
op.#Load & {from: alpine.#Image},
|
||||||
|
op.#Exec & {
|
||||||
|
always: true
|
||||||
|
args: [
|
||||||
|
"sh", "-c", """
|
||||||
|
grep -q "test" /src/test.txt
|
||||||
|
""",
|
||||||
|
]
|
||||||
|
mount: "/src": from: pull
|
||||||
|
},
|
||||||
|
]
|
||||||
|
}
|
35
stdlib/docker/tests/push-invalid-creds/push.cue
Normal file
35
stdlib/docker/tests/push-invalid-creds/push.cue
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
package docker
|
||||||
|
|
||||||
|
import (
|
||||||
|
"alpha.dagger.io/random"
|
||||||
|
)
|
||||||
|
|
||||||
|
TestRegistry: {
|
||||||
|
username: string @dagger(input)
|
||||||
|
secret: string @dagger(input)
|
||||||
|
}
|
||||||
|
|
||||||
|
TestPush: {
|
||||||
|
// Generate a random string
|
||||||
|
// Seed is used to force buildkit execution and not simply use a previous generated string.
|
||||||
|
tag: random.#String & {seed: "docker push and pull should fail"}
|
||||||
|
|
||||||
|
target: "daggerio/ci-test:\(tag.out)"
|
||||||
|
|
||||||
|
image: #ImageFromDockerfile & {
|
||||||
|
dockerfile: """
|
||||||
|
FROM alpine
|
||||||
|
RUN echo "test" > /test.txt
|
||||||
|
"""
|
||||||
|
context: ""
|
||||||
|
}
|
||||||
|
|
||||||
|
push: #Push & {
|
||||||
|
"target": target
|
||||||
|
source: image
|
||||||
|
auth: {
|
||||||
|
username: TestRegistry.username
|
||||||
|
secret: TestRegistry.secret
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
93
stdlib/docker/tests/push-multi-registry/push.cue
Normal file
93
stdlib/docker/tests/push-multi-registry/push.cue
Normal file
@ -0,0 +1,93 @@
|
|||||||
|
package docker
|
||||||
|
|
||||||
|
import (
|
||||||
|
"alpha.dagger.io/aws"
|
||||||
|
"alpha.dagger.io/aws/ecr"
|
||||||
|
"alpha.dagger.io/dagger"
|
||||||
|
"alpha.dagger.io/dagger/op"
|
||||||
|
"alpha.dagger.io/random"
|
||||||
|
"alpha.dagger.io/alpine"
|
||||||
|
)
|
||||||
|
|
||||||
|
//
|
||||||
|
// /!\ README /!\
|
||||||
|
// The objective is to push an image on multiple registries to verify
|
||||||
|
// that we correctly handle that kind of configuration
|
||||||
|
//
|
||||||
|
|
||||||
|
TestResources: {
|
||||||
|
// Generate a random string
|
||||||
|
// Seed is used to force buildkit execution and not simply use a previous generated string.
|
||||||
|
suffix: random.#String & {seed: "docker multi registry"}
|
||||||
|
|
||||||
|
image: #ImageFromDockerfile & {
|
||||||
|
dockerfile: """
|
||||||
|
FROM alpine
|
||||||
|
RUN echo "test" > /test.txt
|
||||||
|
"""
|
||||||
|
context: ""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
TestRemoteAWS: {
|
||||||
|
awsConfig: aws.#Config
|
||||||
|
|
||||||
|
ecrCreds: ecr.#Credentials & {
|
||||||
|
config: awsConfig
|
||||||
|
}
|
||||||
|
|
||||||
|
target: "125635003186.dkr.ecr.\(awsConfig.region).amazonaws.com/dagger-ci:test-ecr-\(TestResources.suffix.out)"
|
||||||
|
|
||||||
|
remoteImg: #Push & {
|
||||||
|
"target": target
|
||||||
|
source: TestResources.image
|
||||||
|
auth: {
|
||||||
|
username: ecrCreds.username
|
||||||
|
secret: ecrCreds.secret
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#TestGetSecret: {
|
||||||
|
secret: dagger.#Artifact
|
||||||
|
|
||||||
|
out: {
|
||||||
|
string
|
||||||
|
|
||||||
|
#up: [
|
||||||
|
op.#Load & {from: alpine.#Image},
|
||||||
|
|
||||||
|
op.#Exec & {
|
||||||
|
always: true
|
||||||
|
args: ["sh", "-c", "cp /input/secret /secret"]
|
||||||
|
mount: "/input/secret": "secret": secret
|
||||||
|
},
|
||||||
|
|
||||||
|
op.#Export & {
|
||||||
|
source: "/secret"
|
||||||
|
},
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
TestRemoteDocker: {
|
||||||
|
dockerConfig: {
|
||||||
|
username: string & dagger.#Input
|
||||||
|
secret: dagger.#Secret & dagger.#Input
|
||||||
|
}
|
||||||
|
|
||||||
|
secret: #TestGetSecret & {
|
||||||
|
secret: dockerConfig.secret
|
||||||
|
}
|
||||||
|
|
||||||
|
target: "daggerio/ci-test:test-docker-\(TestResources.suffix.out)"
|
||||||
|
|
||||||
|
remoteImg: #Push & {
|
||||||
|
"target": target
|
||||||
|
source: TestResources.image
|
||||||
|
auth: {
|
||||||
|
username: dockerConfig.username
|
||||||
|
"secret": secret.out
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
64
stdlib/docker/tests/push/push.cue
Normal file
64
stdlib/docker/tests/push/push.cue
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
package docker
|
||||||
|
|
||||||
|
import (
|
||||||
|
"alpha.dagger.io/dagger/op"
|
||||||
|
"alpha.dagger.io/dagger"
|
||||||
|
"alpha.dagger.io/alpine"
|
||||||
|
"alpha.dagger.io/random"
|
||||||
|
)
|
||||||
|
|
||||||
|
TestRegistry: {
|
||||||
|
username: string @dagger(input)
|
||||||
|
secret: dagger.#Secret @dagger(input)
|
||||||
|
}
|
||||||
|
|
||||||
|
#TestGetSecret: {
|
||||||
|
secret: dagger.#Artifact
|
||||||
|
|
||||||
|
out: {
|
||||||
|
string
|
||||||
|
|
||||||
|
#up: [
|
||||||
|
op.#Load & {from: alpine.#Image},
|
||||||
|
|
||||||
|
op.#Exec & {
|
||||||
|
always: true
|
||||||
|
args: ["sh", "-c", "cp /input/secret /secret"]
|
||||||
|
mount: "/input/secret": "secret": secret
|
||||||
|
},
|
||||||
|
|
||||||
|
op.#Export & {
|
||||||
|
source: "/secret"
|
||||||
|
},
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
TestPush: {
|
||||||
|
// Generate a random string
|
||||||
|
// Seed is used to force buildkit execution and not simply use a previous generated string.
|
||||||
|
tag: random.#String & {seed: "docker push"}
|
||||||
|
|
||||||
|
target: "daggerio/ci-test:\(tag.out)"
|
||||||
|
|
||||||
|
secret: #TestGetSecret & {
|
||||||
|
secret: TestRegistry.secret
|
||||||
|
}
|
||||||
|
|
||||||
|
image: #ImageFromDockerfile & {
|
||||||
|
dockerfile: """
|
||||||
|
FROM alpine
|
||||||
|
RUN echo "test" > /test.txt
|
||||||
|
"""
|
||||||
|
context: ""
|
||||||
|
}
|
||||||
|
|
||||||
|
push: #Push & {
|
||||||
|
"target": target
|
||||||
|
source: image
|
||||||
|
auth: {
|
||||||
|
username: TestRegistry.username
|
||||||
|
"secret": secret.out
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -62,6 +62,29 @@ setup() {
|
|||||||
dagger -e docker-build up
|
dagger -e docker-build up
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@test "docker push and pull" {
|
||||||
|
skip "An occasional data race condition happen in the CI. Must be fix before execute that test"
|
||||||
|
# Push image
|
||||||
|
dagger -e docker-push up
|
||||||
|
|
||||||
|
# Get image reference
|
||||||
|
dagger -e docker-pull input text ref "$(dagger -e docker-push query -c TestPush.push.ref | tr -d '\n' | tr -d '\"')"
|
||||||
|
|
||||||
|
# Pull image
|
||||||
|
dagger -e docker-pull up
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "docker push: multi registry" {
|
||||||
|
skip "An occasional data race condition happen in the CI. Must be fix before execute that test"
|
||||||
|
run dagger -e docker-push-multi-registry up
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "docker push: invalid credential" {
|
||||||
|
# Push image (SHOULD FAIL)
|
||||||
|
run dagger -e docker-push-invalid-creds up
|
||||||
|
assert_failure
|
||||||
|
}
|
||||||
|
|
||||||
@test "docker command: ssh" {
|
@test "docker command: ssh" {
|
||||||
dagger -e docker-command-ssh up
|
dagger -e docker-command-ssh up
|
||||||
}
|
}
|
||||||
|
@ -21,6 +21,7 @@ TestPushContainer: {
|
|||||||
ref: "daggerio/ci-test:\(tag.out)"
|
ref: "daggerio/ci-test:\(tag.out)"
|
||||||
#up: [
|
#up: [
|
||||||
op.#DockerLogin & {
|
op.#DockerLogin & {
|
||||||
|
target: ref
|
||||||
registry
|
registry
|
||||||
},
|
},
|
||||||
op.#WriteFile & {
|
op.#WriteFile & {
|
||||||
|
@ -1,16 +0,0 @@
|
|||||||
setup() {
|
|
||||||
load 'helpers'
|
|
||||||
|
|
||||||
common_setup
|
|
||||||
}
|
|
||||||
|
|
||||||
# FIXME: move to universe/universe.bats
|
|
||||||
# Assigned to: <ADD YOUR NAME HERE>
|
|
||||||
# Changes in https://github.com/dagger/dagger/pull/628
|
|
||||||
@test "stdlib: docker: push-and-pull" {
|
|
||||||
skip_unless_secrets_available "$TESTDIR"/stdlib/docker/push-pull/inputs.yaml
|
|
||||||
|
|
||||||
# check that they succeed with the credentials
|
|
||||||
run "$DAGGER" compute --input-yaml "$TESTDIR"/stdlib/docker/push-pull/inputs.yaml --input-dir source="$TESTDIR"/stdlib/docker/push-pull/testdata "$TESTDIR"/stdlib/docker/push-pull/
|
|
||||||
assert_success
|
|
||||||
}
|
|
@ -1,23 +0,0 @@
|
|||||||
registry:
|
|
||||||
username: ENC[AES256_GCM,data:YDDLkr32orAgQw==,iv:ezThCQJv+bVBf8SdfSa2HFoP+eu6IZMPl5xvMOGDcps=,tag:sEV9Sonc9rjDbxXsV+UBIA==,type:str]
|
|
||||||
secret: ENC[AES256_GCM,data:moBq7PwFdtL/Z58ez+V1gR8QJsFRZEMsF82H/W6aJgf8Xdw8,iv:YAXcRzBoemmef5PBdAOBa5acNPo4BoKH7Ngud/CWYfA=,tag:LFkJvUZdltgHJ8TKVEeS/Q==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVmQxTXNSeU1scWJvVDFJ
|
|
||||||
cExOL3AvR1JRRWp0cFFRWGtvQ1VKc2t1SUVFClVCS1hpN1dNTktoaWZ3R09OMFVM
|
|
||||||
STRyWmtHRVROMW1Oa28yQkMwOHd1UUUKLS0tIE5LL1pEb1dMSEVXTHBsNlJxOTcr
|
|
||||||
U2FyQUtYcXVVVTlVcW5zRXh5aUk3RUUKGiWb9jSl5xRHQxB56LtNclV5Jhs50sS7
|
|
||||||
SAOBWgaYPjLpsI1oxgXf+B1FgBUEt3EMccrWRW85VvnOKOAUAJ53pQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2021-05-28T20:49:27Z"
|
|
||||||
mac: ENC[AES256_GCM,data:we6IaVqfT6KZ4s97JbdFCbxL2zotojLRLEbmgwEAfBhz4KAitulRItMn4I6aD1dEIwYGAFtQEcf+Wqz2yT7JC6iz1s2zNtGIaMbxxQZD6EQcJvNmY3vzqC4SKf0cRENGZWI5OscH9VVenTmOAxwwWvp9W4J52d2w9FAD9+vCl/c=,iv:vf8mZwr+z7DjCVHaRbk8jQO9/pso5INy/FmCPq/xlzo=,tag:sgSvlksSOVq5LU0ycAsXxw==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.7.1
|
|
@ -1,65 +0,0 @@
|
|||||||
package main
|
|
||||||
|
|
||||||
import (
|
|
||||||
"alpha.dagger.io/dagger"
|
|
||||||
"alpha.dagger.io/dagger/op"
|
|
||||||
"alpha.dagger.io/alpine"
|
|
||||||
"alpha.dagger.io/docker"
|
|
||||||
"alpha.dagger.io/random"
|
|
||||||
)
|
|
||||||
|
|
||||||
source: dagger.#Artifact
|
|
||||||
|
|
||||||
registry: {
|
|
||||||
username: string
|
|
||||||
secret: string
|
|
||||||
}
|
|
||||||
|
|
||||||
TestPushAndPull: {
|
|
||||||
tag: random.#String & {
|
|
||||||
seed: ""
|
|
||||||
}
|
|
||||||
|
|
||||||
ref: "daggerio/ci-test:\(tag.out)"
|
|
||||||
|
|
||||||
// Create image
|
|
||||||
image: docker.#ImageFromDockerfile & {
|
|
||||||
dockerfile: """
|
|
||||||
FROM alpine
|
|
||||||
COPY test.txt /test.txt
|
|
||||||
"""
|
|
||||||
context: source
|
|
||||||
}
|
|
||||||
|
|
||||||
// Login
|
|
||||||
login: #up: [
|
|
||||||
op.#DockerLogin & {
|
|
||||||
registry
|
|
||||||
},
|
|
||||||
]
|
|
||||||
|
|
||||||
// Push image
|
|
||||||
push: docker.#Push & {
|
|
||||||
"ref": ref
|
|
||||||
source: image
|
|
||||||
}
|
|
||||||
|
|
||||||
// Push image
|
|
||||||
pull: docker.#Pull & {
|
|
||||||
from: push.ref
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check the content
|
|
||||||
verify: #up: [
|
|
||||||
op.#Load & {from: alpine.#Image},
|
|
||||||
op.#Exec & {
|
|
||||||
always: true
|
|
||||||
args: [
|
|
||||||
"sh", "-c", """
|
|
||||||
grep -q "test" /src/test.txt
|
|
||||||
""",
|
|
||||||
]
|
|
||||||
mount: "/src": from: pull
|
|
||||||
},
|
|
||||||
]
|
|
||||||
}
|
|
@ -1 +0,0 @@
|
|||||||
test
|
|
Reference in New Issue
Block a user