Commit Graph

6 Commits

Author SHA1 Message Date
Andrea Luzzardi
2671e5f321 disable docker socket support until we have security in place
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2021-06-07 13:18:46 -07:00
Andrea Luzzardi
ac34df319a docker socket forwarding support
- This PR adds a new mount type: `docker.sock` (in addition to `cache`
  and `tmp`)
- It's then able to mount the LOCAL (as in, from the machine running
  dagger) docker socket inside the container by pretending to be an SSH
  Agent (hijacking the SSH agent forwarding support of buildkit)

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2021-06-04 16:14:25 -07:00
Guillaume de Rouville
d74efa2420 Fix index out of bound for Dagger compute inputs + add tests ["input-dir", "input-git", input-string"]
Signed-off-by: Guillaume de Rouville <guillaume.derouville@gmail.com>
2021-05-31 12:11:54 +02:00
Andrea Luzzardi
b627b4bc88 add support for excludes in input dir
This adds support for `--include` and `--exclude` for directory inputs.

For instance, this is what you would want to use when passing dagger
repository as an input:

```
inputs:
    repository:
        dir:
            path: .
            exclude:
                - '**/node_modules'
                - cmd/dagger/dagger
                - cmd/dagger/dagger-debug
```

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2021-05-28 16:22:32 -07:00
Andrea Luzzardi
9c0e2d1d95 buildkit secrets support
- Secrets are never exposed in plaintext in the Cue tree. `dagger query`
  won't dump secrets anymore, Cue errors won't contain them either.
- BuildKit-native secrets support through a new `mount` type. This
  ensures secrets will never be part of containerd layers, buildkit
  cache and generally speaking will never be saved to disk in plaintext.
- Updated netlify as an example
- Added tests
- Changed the Cue definition of a secret to:

```
	@dagger(secret)

	id: string
}
```

This is to ensure both that setting the wrong input type on a secret
(e.g. `dagger input text`) will fail, and attempting to misuse the
secret (e.g. interpolating, passing as an env variable, etc) will also
fail properly.

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2021-05-27 19:14:08 -07:00
Andrea Luzzardi
ce2e00cfa2 tests: migrate compute tests to bats
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2021-04-15 15:55:51 -07:00