This repository has been archived on 2024-04-08. You can view files and clone it, but cannot push or open issues or pull requests.
dagger/pkg/alpha.dagger.io/docker/command.cue
Guillaume Coguiec bd0f276d30
typo: Fix some minor typos.
Signed-off-by: Guillaume Coguiec <guillaume@logical.work>
2022-02-07 21:10:25 -05:00

239 lines
4.4 KiB
CUE

package docker
import (
"strconv"
"alpha.dagger.io/alpine"
"alpha.dagger.io/dagger"
"alpha.dagger.io/dagger/op"
)
// A container image that can run any docker command
#Command: {
ssh?: {
// ssh host
host: string @dagger(input)
// ssh user
user: string @dagger(input)
// ssh port
port: *22 | int @dagger(input)
// private key
key: dagger.#Secret @dagger(input)
// fingerprint
fingerprint?: string @dagger(input)
// ssh key passphrase
keyPassphrase?: dagger.#Secret @dagger(input)
}
// Connect via DOCKER_HOST, supports tcp://
// TODO: Consider refactoring to support ssh:// & even file://
host?: string @dagger(input)
// Command to execute
command: string
// Environment variables shared by all commands
env: {
[string]: string
}
// Mount content from other artifacts
mount: [string]: from: dagger.#Artifact
// Mount secrets
secret: [string]: dagger.#Secret
// Mount persistent cache directories
cache: {
[string]: true
}
// Mount temporary directories
tmpfs: {
[string]: true
}
// Mount docker socket
socket?: dagger.#Stream @dagger(input)
// Additional packages to install
package: {
[string]: true | false | string
}
// Image registries
registries: [...{
target?: string
username: string
secret: dagger.#Secret
}]
// Copy contents from other artifacts
copy: [string]: from: dagger.#Artifact
// Write file in the container
files: [string]: string
// Setup docker client and then execute the user command
#code: #"""
# Setup ssh
if [ -n "$DOCKER_HOSTNAME" ]; then
export DOCKER_HOST="ssh://$DOCKER_USERNAME@$DOCKER_HOSTNAME:$DOCKER_PORT"
# Start ssh-agent
eval $(ssh-agent) > /dev/null
# Add key
if [ -f "/key" ]; then
message="$(ssh-keygen -y -f /key < /dev/null 2>&1)" || {
>&2 echo "$message"
exit 1
}
# Save key
ssh-add /key > /dev/null
if [ "$?" != 0 ]; then
exit 1
fi
fi
if [[ ! -z $FINGERPRINT ]]; then
mkdir -p "$HOME"/.ssh
# Add user's fingerprint to known hosts
echo "$FINGERPRINT" >> "$HOME"/.ssh/known_hosts
else
# Add host to known hosts
ssh -i /key -o "UserKnownHostsFile "$HOME"/.ssh/known_hosts" -o "StrictHostKeyChecking accept-new" -p "$DOCKER_PORT" "$DOCKER_USERNAME"@"$DOCKER_HOSTNAME" true > /dev/null 2>&1
fi
fi
# Execute entrypoint
/bin/bash /entrypoint.sh
"""#
#up: [
op.#Load & {
from: alpine.#Image & {
"package": {
package
bash: true
"openssh-client": true
"docker-cli": true
}
}
},
for registry in registries {
op.#Exec & {
args: ["/bin/bash", "-c", #"""
echo "$TARGET_HOST" | docker login --username "$DOCKER_USERNAME" --password-stdin "$(cat /password)"
"""#,
]
env: {
TARGET_HOST: registry.target
DOCKER_USERNAME: registry.username
}
mount: "/password": secret: registry.secret
}
},
for dest, content in files {
op.#WriteFile & {
"content": content
"dest": dest
}
},
for dest, src in copy {
op.#Copy & {
from: src.from
"dest": dest
}
},
if ssh.keyPassphrase != _|_ {
op.#WriteFile & {
content: #"""
#!/bin/bash
cat /keyPassphrase
"""#
dest: "/get_keyPassphrase"
mode: 0o500
}
},
// Write wrapper
op.#WriteFile & {
content: #code
dest: "/setup.sh"
},
// Write entrypoint
op.#WriteFile & {
content: command
dest: "/entrypoint.sh"
},
op.#Exec & {
always: true
args: [
"/bin/bash",
"--noprofile",
"--norc",
"-eo",
"pipefail",
"/setup.sh",
]
"env": {
env
if ssh != _|_ {
DOCKER_HOSTNAME: ssh.host
DOCKER_USERNAME: ssh.user
DOCKER_PORT: strconv.FormatInt(ssh.port, 10)
if ssh.keyPassphrase != _|_ {
SSH_ASKPASS: "/get_keyPassphrase"
DISPLAY: "1"
}
if ssh.fingerprint != _|_ {
FINGERPRINT: ssh.fingerprint
}
}
if host != _|_ && ssh == _|_ {
DOCKER_HOST: host
}
}
"mount": {
if ssh != _|_ {
if ssh.key != _|_ {
"/key": secret: ssh.key
}
if ssh.keyPassphrase != _|_ {
"/keyPassphrase": secret: ssh.keyPassphrase
}
}
if socket != _|_ {
"/var/run/docker.sock": stream: socket
}
for dest, o in mount {
"\(dest)": o
}
for dest, s in secret {
"\(dest)": secret: s
}
for dest, _ in cache {
"\(dest)": "cache"
}
for dest, _ in tmpfs {
"\(dest)": "tmpfs"
}
}
},
]
}