dagger/stdlib/docker/compose/compose.cue

package compose

import (
	"strconv"
	"dagger.io/dagger"
	"dagger.io/dagger/op"
)

#Up: {
	ssh?: {
		// ssh host
		host: string @dagger(input)

		// ssh user
		user: string @dagger(input)

		// ssh port
		port: *22 | int @dagger(input)

		// private key
		key: dagger.#Secret @dagger(input)

		// fingerprint
		fingerprint?: string @dagger(input)

		// ssh key passphrase
		keyPassphrase?: dagger.#Secret @dagger(input)
	}

	// Accept either a contaxt, a docker-compose or both together
	context?:     dagger.#Artifact @dagger(input)
	composeFile?: string           @dagger(input)

	// Image registries
	registries: [...{
		target?:  string
		username: string
		secret:   dagger.#Secret
	}] @dagger(input)

	#code: #"""
			if [ -n "$DOCKER_HOSTNAME" ]; then
				# Start ssh-agent
				eval $(ssh-agent) > /dev/null
				# Add key
				if [ -f "/key" ]; then
					message="$(ssh-keygen -y -f /key < /dev/null 2>&1)" || {
						>&2 echo "$message"
						exit 1
					}
					ssh-add /key > /dev/null
					if [ "$?" != 0 ]; then
						exit 1
					fi
				fi
				if [[ ! -z $FINGERPRINT ]]; then
					mkdir -p "$HOME"/.ssh
					# Add user's fingerprint to known hosts
					echo "$FINGERPRINT" >> "$HOME"/.ssh/known_hosts
				else
					# Add host to known hosts
					ssh -i /key -o "UserKnownHostsFile "$HOME"/.ssh/known_hosts" -o "StrictHostKeyChecking accept-new" -p "$DOCKER_PORT" "$DOCKER_USERNAME"@"$DOCKER_HOSTNAME" /bin/true > /dev/null 2>&1
				fi
				ssh -i /key -fNT -o "StreamLocalBindUnlink=yes" -L "$(pwd)"/docker.sock:/var/run/docker.sock -p "$DOCKER_PORT" "$DOCKER_USERNAME"@"$DOCKER_HOSTNAME"
				export DOCKER_HOST="unix://$(pwd)/docker.sock"
			fi

			# Extend session duration
			echo "Host *\nServerAliveInterval 240" >> "$HOME"/.ssh/config
			chmod 600 "$HOME"/.ssh/config

			cd /context
			docker-compose build
			docker-compose up -d
		"""#

	#up: [
		op.#Load & {from: #Client},

		// Login to registries
		for registry in registries {
			op.#DockerLogin & {registry}
		},

		if context != _|_ {
			op.#Copy & {
				from: context
				dest: "/context/"
			}
		},

		if context == _|_ {
			op.#Mkdir & {
				path: "/context/"
			}
		},

		if composeFile != _|_ {
			op.#WriteFile & {
				content: composeFile
				dest:    "/context/docker-compose.yaml"
			}
		},

		if ssh.keyPassphrase != _|_ {
			op.#WriteFile & {
				content: #"""
					#!/bin/bash
					cat /passphrase
					"""#
				dest: "/get_passphrase"
				mode: 0o500
			}
		},

		op.#WriteFile & {
			content: #code
			dest:    "/entrypoint.sh"
		},

		op.#Exec & {
			always: true
			args: [
				"/bin/sh",
				"--noprofile",
				"--norc",
				"-eo",
				"pipefail",
				"/entrypoint.sh",
			]
			env: {
				if ssh != _|_ {
					COMPOSE_HTTP_TIMEOUT: strconv.FormatInt(200, 10)
					DOCKER_HOSTNAME:      ssh.host
					DOCKER_USERNAME:      ssh.user
					DOCKER_PORT:          strconv.FormatInt(ssh.port, 10)
					if ssh.keyPassphrase != _|_ {
						SSH_ASKPASS: "/get_passphrase"
						DISPLAY:     "1"
					}
					if ssh.fingerprint != _|_ {
						FINGERPRINT: ssh.fingerprint
					}
				}
			}
			mount: {
				if ssh == _|_ {
					"/var/run/docker.sock": "docker.sock"
				}
				if ssh.key != _|_ {
					"/key": secret: ssh.key
				}
				if ssh.keyPassphrase != _|_ {
					"/passphrase": secret: ssh.keyPassphrase
				}
			}
		},
	]
}