9c0e2d1d95
- Secrets are never exposed in plaintext in the Cue tree. `dagger query` won't dump secrets anymore, Cue errors won't contain them either. - BuildKit-native secrets support through a new `mount` type. This ensures secrets will never be part of containerd layers, buildkit cache and generally speaking will never be saved to disk in plaintext. - Updated netlify as an example - Added tests - Changed the Cue definition of a secret to: ``` @dagger(secret) id: string } ``` This is to ensure both that setting the wrong input type on a secret (e.g. `dagger input text`) will fail, and attempting to misuse the secret (e.g. interpolating, passing as an env variable, etc) will also fail properly. Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
90 lines
1.6 KiB
CUE
90 lines
1.6 KiB
CUE
package netlify
|
|
|
|
import (
|
|
"dagger.io/dagger"
|
|
"dagger.io/alpine"
|
|
"dagger.io/os"
|
|
)
|
|
|
|
// A Netlify account
|
|
#Account: {
|
|
// Use this Netlify account name
|
|
// (also referred to as "team" in the Netlify docs)
|
|
name: string | *"" @dagger(input)
|
|
|
|
// Netlify authentication token
|
|
token: dagger.#Secret @dagger(input)
|
|
}
|
|
|
|
// A Netlify site
|
|
#Site: {
|
|
// Netlify account this site is attached to
|
|
account: #Account
|
|
|
|
// Contents of the application to deploy
|
|
contents: dagger.#Artifact @dagger(input)
|
|
|
|
// Deploy to this Netlify site
|
|
name: string @dagger(input)
|
|
|
|
// Host the site at this address
|
|
customDomain?: string @dagger(input)
|
|
|
|
// Create the Netlify site if it doesn't exist?
|
|
create: bool | *true @dagger(input)
|
|
|
|
// Website url
|
|
url: {
|
|
os.#File & {
|
|
from: ctr
|
|
path: "/netlify/url"
|
|
}
|
|
}.read.data @dagger(output)
|
|
|
|
// Unique Deploy URL
|
|
deployUrl: {
|
|
os.#File & {
|
|
from: ctr
|
|
path: "/netlify/deployUrl"
|
|
}
|
|
}.read.data @dagger(output)
|
|
|
|
// Logs URL for this deployment
|
|
logsUrl: {
|
|
os.#File & {
|
|
from: ctr
|
|
path: "/netlify/logsUrl"
|
|
}
|
|
}.read.data @dagger(output)
|
|
|
|
ctr: os.#Container & {
|
|
image: alpine.#Image & {
|
|
package: {
|
|
bash: "=~5.1"
|
|
jq: "=~1.6"
|
|
curl: true
|
|
yarn: "=~1.22"
|
|
}
|
|
}
|
|
setup: [
|
|
"yarn global add netlify-cli@2.47.0",
|
|
]
|
|
// set in netlify.sh.cue
|
|
// FIXME: use embedding once cue supports it
|
|
command: _
|
|
env: {
|
|
NETLIFY_SITE_NAME: name
|
|
if (create) {
|
|
NETLIFY_SITE_CREATE: "1"
|
|
}
|
|
if customDomain != _|_ {
|
|
NETLIFY_DOMAIN: customDomain
|
|
}
|
|
NETLIFY_ACCOUNT: account.name
|
|
}
|
|
dir: "/src"
|
|
mount: "/src": from: contents
|
|
mount: "/token": secret: account.token
|
|
}
|
|
}
|