Before, secret was a plain text string, but it could lead to security issue
so we are now handling secrets as `dagger.#Secret` or string.
I've add a new struct SecretStore that expose the inputStore to easily
retrieve secret value.
Signed-off-by: Tom Chauveau <tom.chauveau@epitech.eu>
- Update `op.cue` to support secrets
- Update `pipeline.go` to use authTokenSecret & authHeaderSecret
Signed-off-by: Tom Chauveau <tom.chauveau@epitech.eu>
Restructured the compile logic to happen on the CLI instead of the
BuildKit frontend.
- Avoid uploading the entire workspace to BuildKit on every compilation
- Let the CUE loader scan the files instead of going through the
BuildKit filesystem gRPC APIs.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
Rather than injecting universe at runtime, this change will vendor
alpha.dagger.io in `cue.mod` directly.
Fixes#700
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
This adds support for `--include` and `--exclude` for directory inputs.
For instance, this is what you would want to use when passing dagger
repository as an input:
```
inputs:
repository:
dir:
path: .
exclude:
- '**/node_modules'
- cmd/dagger/dagger
- cmd/dagger/dagger-debug
```
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
- Secrets are never exposed in plaintext in the Cue tree. `dagger query`
won't dump secrets anymore, Cue errors won't contain them either.
- BuildKit-native secrets support through a new `mount` type. This
ensures secrets will never be part of containerd layers, buildkit
cache and generally speaking will never be saved to disk in plaintext.
- Updated netlify as an example
- Added tests
- Changed the Cue definition of a secret to:
```
@dagger(secret)
id: string
}
```
This is to ensure both that setting the wrong input type on a secret
(e.g. `dagger input text`) will fail, and attempting to misuse the
secret (e.g. interpolating, passing as an env variable, etc) will also
fail properly.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>