kjuulh/dagger
Archived
1
0
Fork 0
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity
This repository has been archived on 2024-04-08. You can view files and clone it, but cannot push or open issues or pull requests.
dagger/stdlib/dagger/op/op.cue
Tom Chauveau a9fd97d7fe
Handle secrets in DockerLogin operation 
Before, secret was a plain text string, but it could lead to security issue
so we are now handling secrets as `dagger.#Secret` or string.
I've add a new struct SecretStore that expose the inputStore to easily
retrieve secret value.

Signed-off-by: Tom Chauveau <tom.chauveau@epitech.eu>
2021-08-31 13:04:16 +02:00

139 lines
2.6 KiB
CUE
Raw Blame History

// op: low-level operations for Dagger processing pipelines
package op
// One operation in a pipeline
//
// FIXME: #Op does not current enforce the op spec at full resolution, to avoid
// FIXME: triggering performance issues. See https://github.com/dagger/dagger/issues/445
// FIXME: To enforce the full #Op spec (see op_fullop.cue), run with "-t fullop"
#Op: {
do: string
...
}
// Export a value from fs state to cue
#Export: {
do: "export"
// Source path in the container
source: string
format: "json" | "yaml" | *"string"
}
#Local: {
do: "local"
dir: string
include: [...string]
exclude: [...string]
}
// FIXME: bring back load (more efficient than copy)
#Load: {
do: "load"
from: _
}
#Subdir: {
do: "subdir"
dir: string
}
#Workdir: {
do: "workdir"
path: string
}
#Exec: {
do: "exec"
args: [...string]
env?: [string]: string
// `true` means also ignoring the mount cache volumes
always?: true | *false
dir: string | *"/"
// HACK: FIXME later [Performance related]
// mount: [string]: "tmpfs" | "cache" | {from: _, path: string | *"/"} | {secret: _}
// https://github.com/dagger/dagger/issues/856
mount: [string]: {
_
...
}
// Map of hostnames to ip
hosts?: [string]: string
// User to exec with (if left empty, will default to the set user in the image)
user?: string
}
#DockerLogin: {
do: "docker-login"
target: string
username: string
// FIXME: should be a #Secret (circular import)
secret: _ @dagger(secret)
}
#FetchContainer: {
do: "fetch-container"
ref: string
}
#PushContainer: {
do: "push-container"
ref: string
}
#FetchGit: {
do: "fetch-git"
remote: string
ref: string
keepGitDir?: bool
// FIXME: the two options are currently ignored until we support buildkit secrets
authToken?: _ @dagger(secret)
authHeader?: _ @dagger(secret)
}
#FetchHTTP: {
do: "fetch-http"
url: string
checksum?: string
filename?: string
mode?: int | *0o644
uid?: int
gid?: int
}
#Copy: {
do: "copy"
from: _
src: string | *"/"
dest: string | *"/"
}
#DockerBuild: {
do: "docker-build"
// We accept either a context, a Dockerfile or both together
context?: _
dockerfilePath?: string // path to the Dockerfile (defaults to "Dockerfile")
dockerfile?: string
platforms?: [...string]
buildArg?: [string]: string
label?: [string]: string
target?: string
hosts?: [string]: string
}
#WriteFile: {
do: "write-file"
// FIXME: "contents" to follow english convention
content: string | bytes
dest: string
mode: int | *0o644
}
#Mkdir: {
do: "mkdir"
dir: *"/" | string
path: string
mode: int | *0o755
}
Reference in New Issue View Git Blame Copy Permalink