cue modules: move stdlib to pkg/alpha.dagger.io

In preparation for Europa, we will vendor multiple CUE modules:

- `pkg/alpha.dagger.io`: legacy non-europa packages
- `pkg/dagger.io`: core Europa packages
- `pkg/universe.dagger.io`: Europa universe

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>

pkg/alpha.dagger.io/docker/command.cue

@@ -0,0 +1,238 @@
+package docker
+
+import (
+	"strconv"
+
+	"alpha.dagger.io/alpine"
+	"alpha.dagger.io/dagger"
+	"alpha.dagger.io/dagger/op"
+)
+
+// A container image that can run any docker command
+#Command: {
+	ssh?: {
+		// ssh host
+		host: string @dagger(input)
+
+		// ssh user
+		user: string @dagger(input)
+
+		// ssh port
+		port: *22 | int @dagger(input)
+
+		// private key
+		key: dagger.#Secret @dagger(input)
+
+		// fingerprint
+		fingerprint?: string @dagger(input)
+
+		// ssh key passphrase
+		keyPassphrase?: dagger.#Secret @dagger(input)
+	}
+
+	// Connect via DOCKER_HOST, supports tcp://
+	// TODO: Consider refactoring to support ssh:// & even file://
+	host?: string @dagger(input)
+
+	// Command to execute
+	command: string
+
+	// Environment variables shared by all commands
+	env: {
+		[string]: string
+	}
+
+	// Mount content from other artifacts
+	mount: [string]: from: dagger.#Artifact
+
+	// Mount secrets
+	secret: [string]: dagger.#Secret
+
+	// Mount persistent cache directories
+	cache: {
+		[string]: true
+	}
+
+	// Mount temporary directories
+	tmpfs: {
+		[string]: true
+	}
+
+	// Mount docker socket
+	socket?: dagger.#Stream @dagger(input)
+
+	// Additional packages to install
+	package: {
+		[string]: true | false | string
+	}
+
+	// Image registries
+	registries: [...{
+		target?:  string
+		username: string
+		secret:   dagger.#Secret
+	}]
+
+	// Copy contents from other artifacts
+	copy: [string]: from: dagger.#Artifact
+
+	// Write file in the container
+	files: [string]: string
+
+	// Setup docker client and then execute the user command
+	#code: #"""
+		# Setup ssh
+		if [ -n "$DOCKER_HOSTNAME" ]; then
+			export DOCKER_HOST="ssh://$DOCKER_USERNAME@$DOCKER_HOSTNAME:$DOCKER_PORT"
+
+			# Start ssh-agent
+			eval $(ssh-agent) > /dev/null
+
+			# Add key
+			if [ -f "/key" ]; then
+				message="$(ssh-keygen -y -f /key < /dev/null 2>&1)" || {
+					>&2 echo "$message"
+					exit 1
+				}
+
+				# Save key
+				ssh-add /key > /dev/null
+				if [ "$?" != 0 ]; then
+					exit 1
+				fi
+			fi
+
+			if [[ ! -z $FINGERPRINT ]]; then
+				mkdir -p "$HOME"/.ssh
+
+				# Add user's fingerprint to known hosts
+				echo "$FINGERPRINT" >> "$HOME"/.ssh/known_hosts
+			else
+				# Add host to known hosts
+				ssh -i /key -o "UserKnownHostsFile "$HOME"/.ssh/known_hosts" -o "StrictHostKeyChecking accept-new" -p "$DOCKER_PORT" "$DOCKER_USERNAME"@"$DOCKER_HOSTNAME" /bin/true > /dev/null 2>&1
+			fi
+		fi
+
+		# Execute entrypoint
+		/bin/bash /entrypoint.sh
+		"""#
+
+	#up: [
+		op.#Load & {
+			from: alpine.#Image & {
+				"package": {
+					package
+					bash:             true
+					"openssh-client": true
+					"docker-cli":     true
+				}
+			}
+		},
+
+		for registry in registries {
+			op.#Exec & {
+				args: ["/bin/bash", "-c", #"""
+						echo "$TARGER_HOST" | docker login --username "$DOCKER_USERNAME" --password-stdin "$(cat /password)"
+					"""#,
+				]
+				env: {
+					TARGET_HOST:     registry.target
+					DOCKER_USERNAME: registry.username
+				}
+				mount: "/password": secret: registry.secret
+			}
+		},
+
+		for dest, content in files {
+			op.#WriteFile & {
+				"content": content
+				"dest":    dest
+			}
+		},
+
+		for dest, src in copy {
+			op.#Copy & {
+				from:   src.from
+				"dest": dest
+			}
+		},
+
+		if ssh.keyPassphrase != _|_ {
+			op.#WriteFile & {
+				content: #"""
+					#!/bin/bash
+					cat /keyPassphrase
+					"""#
+				dest: "/get_keyPassphrase"
+				mode: 0o500
+			}
+		},
+
+		// Write wrapper
+		op.#WriteFile & {
+			content: #code
+			dest:    "/setup.sh"
+		},
+
+		// Write entrypoint
+		op.#WriteFile & {
+			content: command
+			dest:    "/entrypoint.sh"
+		},
+
+		op.#Exec & {
+			always: true
+			args: [
+				"/bin/bash",
+				"--noprofile",
+				"--norc",
+				"-eo",
+				"pipefail",
+				"/setup.sh",
+			]
+			"env": {
+				env
+				if ssh != _|_ {
+					DOCKER_HOSTNAME: ssh.host
+					DOCKER_USERNAME: ssh.user
+					DOCKER_PORT:     strconv.FormatInt(ssh.port, 10)
+					if ssh.keyPassphrase != _|_ {
+						SSH_ASKPASS: "/get_keyPassphrase"
+						DISPLAY:     "1"
+					}
+					if ssh.fingerprint != _|_ {
+						FINGERPRINT: ssh.fingerprint
+					}
+				}
+				if host != _|_ && ssh == _|_ {
+					DOCKER_HOST: host
+				}
+			}
+			"mount": {
+				if ssh != _|_ {
+					if ssh.key != _|_ {
+						"/key": secret: ssh.key
+					}
+					if ssh.keyPassphrase != _|_ {
+						"/keyPassphrase": secret: ssh.keyPassphrase
+					}
+				}
+				if socket != _|_ {
+					"/var/run/docker.sock": stream: socket
+				}
+				for dest, o in mount {
+					"\(dest)": o
+				}
+				for dest, s in secret {
+					"\(dest)": secret: s
+				}
+				for dest, _ in cache {
+					"\(dest)": "cache"
+				}
+				for dest, _ in tmpfs {
+					"\(dest)": "tmpfs"
+				}
+			}
+		},
+	]
+}

pkg/alpha.dagger.io/docker/compose/client.cue

@@ -0,0 +1,16 @@
+package compose
+
+import (
+	"alpha.dagger.io/alpine"
+)
+
+// A container image to run the docker-compose client
+#Client: alpine.#Image & {
+	package: {
+		bash:             true
+		jq:               true
+		curl:             true
+		"openssh-client": true
+		"docker-compose": true
+	}
+}

pkg/alpha.dagger.io/docker/compose/compose.cue

@@ -0,0 +1,95 @@
+// Docker-compose operations
+package compose
+
+import (
+	"strconv"
+	"alpha.dagger.io/dagger"
+	"alpha.dagger.io/docker"
+)
+
+#App: {
+	ssh?: {
+		// ssh host
+		host: string @dagger(input)
+
+		// ssh user
+		user: string @dagger(input)
+
+		// ssh port
+		port: *22 | int @dagger(input)
+
+		// private key
+		key: dagger.#Secret @dagger(input)
+
+		// fingerprint
+		fingerprint?: string @dagger(input)
+
+		// ssh key passphrase
+		keyPassphrase?: dagger.#Secret @dagger(input)
+	}
+
+	// Mount local docker socket
+	socket?: dagger.#Stream & dagger.#Input
+
+	// Accept either a contaxt, a docker-compose or both together
+	source?:      dagger.#Artifact @dagger(input)
+	composeFile?: string           @dagger(input)
+
+	// App name (use as COMPOSE_PROJECT_NAME)
+	name: *"source" | string @dagger(input)
+
+	// Image registries
+	registries: [...{
+		target?:  string
+		username: string
+		secret:   dagger.#Secret
+	}] @dagger(input)
+
+	#code: #"""
+		if [ -n "$DOCKER_HOSTNAME" ]; then
+			ssh -i /key -fNT -o "StreamLocalBindUnlink=yes" -L "$(pwd)"/docker.sock:/var/run/docker.sock -p "$DOCKER_PORT" "$DOCKER_USERNAME"@"$DOCKER_HOSTNAME"
+			export DOCKER_HOST="unix://$(pwd)/docker.sock"
+		fi
+
+		# Extend session duration
+		echo "Host *\nServerAliveInterval 240" >> "$HOME"/.ssh/config
+		chmod 600 "$HOME"/.ssh/config
+
+		# Move compose
+		if [ -d "$SOURCE_DIR" ]; then
+			if [ -f docker-compose.yaml ]; then
+				cp docker-compose.yaml "$SOURCE_DIR"/docker-compose.yaml
+			fi
+			cd "$SOURCE_DIR"
+		fi
+
+		docker-compose build
+		docker-compose up -d
+		"""#
+
+	run: docker.#Command & {
+		if ssh != _|_ {
+			"ssh": ssh
+		}
+		if socket != _|_ {
+			"socket": socket
+		}
+
+		command: #code
+		package: "docker-compose": true
+		"registries": registries
+		if source != _|_ {
+			copy: "/source": from: source
+		}
+		if composeFile != _|_ {
+			files: "/docker-compose.yaml": composeFile
+		}
+		env: {
+			COMPOSE_HTTP_TIMEOUT: strconv.FormatInt(200, 10)
+			COMPOSE_PROJECT_NAME: name
+			if source != _|_ {
+				SOURCE_DIR: "source"
+			}
+		}
+	}
+}

pkg/alpha.dagger.io/docker/compose/tests/cleanup.cue

@@ -0,0 +1,93 @@
+package compose
+
+import (
+	"strconv"
+
+	"alpha.dagger.io/dagger"
+	"alpha.dagger.io/dagger/op"
+)
+
+#CleanupCompose: {
+	// docker-compose up context
+	context: dagger.#Artifact
+
+	// App name (use as COMPOSE_PROJECT_NAME)
+	name: *"source" | string
+
+	ssh: {
+		// ssh host
+		host: string @dagger(input)
+
+		// ssh user
+		user: string @dagger(input)
+
+		// ssh port
+		port: *22 | int @dagger(input)
+
+		// private key
+		key: dagger.#Secret @dagger(input)
+
+		// fingerprint
+		fingerprint?: string @dagger(input)
+
+		// ssh key passphrase
+		keyPassphrase?: dagger.#Secret @dagger(input)
+	}
+
+	#code: #"""
+				# Export host
+				export DOCKER_HOST="unix://$(pwd)/docker.sock"
+
+				# Start ssh agent
+				eval $(ssh-agent) > /dev/null
+				ssh-add /key > /dev/null
+
+				ssh -i /key -o "StreamLocalBindUnlink=yes" -fNT -L "$(pwd)"/docker.sock:/var/run/docker.sock -p "$DOCKER_PORT" "$DOCKER_USERNAME"@"$DOCKER_HOSTNAME" || true
+
+				# Down
+				if [ -d /source ]; then
+					cd /source
+				fi
+
+				docker-compose down -v
+		"""#
+
+	#up: [
+		op.#Load & {from: context},
+
+		op.#WriteFile & {
+			content: #code
+			dest:    "/entrypoint.sh"
+		},
+
+		op.#Exec & {
+			always: true
+			args: [
+				"/bin/sh",
+				"--noprofile",
+				"--norc",
+				"-eo",
+				"pipefail",
+				"/entrypoint.sh",
+			]
+			env: {
+				DOCKER_HOSTNAME:      ssh.host
+				DOCKER_USERNAME:      ssh.user
+				DOCKER_PORT:          strconv.FormatInt(ssh.port, 10)
+				COMPOSE_PROJECT_NAME: name
+				if ssh.keyPassphrase != _|_ {
+					SSH_ASKPASS: "/get_passphrase"
+					DISPLAY:     "1"
+				}
+			}
+			mount: {
+				if ssh.key != _|_ {
+					"/key": secret: ssh.key
+				}
+				if ssh.keyPassphrase != _|_ {
+					"/passphrase": secret: ssh.keyPassphrase
+				}
+			}
+		},
+	]
+}

pkg/alpha.dagger.io/docker/compose/tests/compose.cue

@@ -0,0 +1,88 @@
+package compose
+
+import (
+	"alpha.dagger.io/dagger"
+	"alpha.dagger.io/docker"
+	"alpha.dagger.io/random"
+)
+
+repo: dagger.#Artifact @dagger(input)
+
+TestSSH: {
+	key:  dagger.#Secret @dagger(input)
+	host: string         @dagger(input)
+	user: string         @dagger(input)
+}
+
+TestCompose: {
+	// Generate a random string.
+	// Seed is used to force buildkit execution and not simply use a previous generated string.
+	suffix: random.#String & {seed: "cmp"}
+
+	name: "compose_test_\(suffix.out)"
+
+	up: #App & {
+		ssh: {
+			key:  TestSSH.key
+			host: TestSSH.host
+			user: TestSSH.user
+		}
+		source: repo
+		"name": name
+	}
+
+	verify: docker.#Command & {
+		ssh:     up.run.ssh
+		command: #"""
+				docker container ls | grep "\#(name)_api" | grep "Up"
+			"""#
+	}
+
+	cleanup: #CleanupCompose & {
+		context: up.run
+		"name":  name
+		ssh:     verify.ssh
+	}
+}
+
+TestInlineCompose: {
+	// Generate a random string.
+	// Seed is used to force buildkit execution and not simply use a previous generated string.
+	suffix: random.#String & {seed: "cmp-inline"}
+
+	name: "inline_test_\(suffix.out)"
+
+	up: #App & {
+		ssh: {
+			key:  TestSSH.key
+			host: TestSSH.host
+			user: TestSSH.user
+		}
+		source: repo
+		"name": name
+		composeFile: #"""
+			version: "3"
+
+			services:
+			  api-mix:
+			    build: .
+			    environment:
+			      PORT: 7000
+			    ports:
+			    - 7000
+			"""#
+	}
+
+	verify: docker.#Command & {
+		ssh:     up.run.ssh
+		command: #"""
+				docker container ls | grep "\#(name)_api-mix" | grep "Up"
+			"""#
+	}
+
+	cleanup: #CleanupCompose & {
+		context: up.run
+		"name":  name
+		ssh:     verify.ssh
+	}
+}

pkg/alpha.dagger.io/docker/compose/tests/testdata/Dockerfile

@@ -0,0 +1,15 @@
+FROM node:12-alpine
+
+WORKDIR /app
+
+COPY package.json package.json
+
+RUN npm install
+
+COPY . .
+
+ENV PORT=8080
+
+EXPOSE 8080
+
+CMD ["npm", "start"]

pkg/alpha.dagger.io/docker/compose/tests/testdata/docker-compose.yaml

@@ -0,0 +1,7 @@
+version: "3"
+
+services:
+    api:
+        build: ""
+        ports:
+        - 8080

pkg/alpha.dagger.io/docker/compose/tests/testdata/index.ts

@@ -0,0 +1,13 @@
+import express from "express";
+import { get } from "env-var";
+
+
+const app = express();
+
+const port: number = get('PORT').required().asPortNumber();
+
+app.get('/ping', (req, res) => {
+  res.status(200).send('pong')
+});
+
+app.listen(port, '0.0.0.0', () => console.log("Server listen on http://localhost:" + port));

pkg/alpha.dagger.io/docker/compose/tests/testdata/package.json

@@ -0,0 +1,22 @@
+{
+  "name": "test",
+  "version": "1.0.0",
+  "description": "A simple api",
+  "main": "index.ts",
+  "scripts": {
+    "build": "tsc",
+    "start": "ts-node index.ts",
+    "test": "test"
+  },
+  "author": "Tom Chauveau",
+  "license": "ISC",
+  "devDependencies": {
+    "ts-node": "^8.9.1",
+    "typescript": "^3.8.3"
+  },
+  "dependencies": {
+    "@types/express": "^4.17.6",
+    "env-var": "^6.1.1",
+    "express": "^4.17.1"
+  }
+}

pkg/alpha.dagger.io/docker/compose/tests/testdata/tsconfig.json

@@ -0,0 +1,12 @@
+{
+  "compilerOptions": {
+    "sourceMap": true,
+    "outDir": "dist",
+    "strict": true,
+    "lib": [
+      "esnext",
+      "dom"
+    ],
+    "esModuleInterop": true
+  }
+}

pkg/alpha.dagger.io/docker/docker.cue

@@ -0,0 +1,283 @@
+// Docker container operations
+package docker
+
+import (
+	"strings"
+	"alpha.dagger.io/dagger"
+	"alpha.dagger.io/dagger/op"
+)
+
+// Build a Docker image from source
+#Build: {
+	// Build context
+	source: dagger.#Input & {dagger.#Artifact}
+
+	// Dockerfile passed as a string
+	dockerfile: dagger.#Input & {*null | string}
+
+	args?: [string]: string | dagger.#Secret
+
+	#up: [
+		op.#DockerBuild & {
+			context: source
+			if dockerfile != null {
+				"dockerfile": dockerfile
+			}
+			if args != _|_ {
+				buildArg: args
+			}
+		},
+	]
+
+}
+
+// Pull a docker container
+#Pull: {
+	// Remote ref (example: "index.docker.io/alpine:latest")
+	from: dagger.#Input & {string}
+
+	#up: [
+		op.#FetchContainer & {ref: from},
+	]
+}
+
+// Push a docker image to a remote registry
+#Push: {
+	// Remote target (example: "index.docker.io/alpine:latest")
+	target: dagger.#Input & {string}
+
+	// Image source
+	source: dagger.#Input & {dagger.#Artifact}
+
+	// Registry auth
+	auth?: {
+		// Username
+		username: dagger.#Input & {string}
+
+		// Password or secret
+		secret: dagger.#Input & {dagger.#Secret | string}
+	}
+
+	push: #up: [
+		op.#Load & {from: source},
+
+		if auth != _|_ {
+			op.#DockerLogin & {
+				"target": target
+				username: auth.username
+				secret:   auth.secret
+			}
+		},
+
+		op.#PushContainer & {ref: target},
+
+		op.#Subdir & {dir: "/dagger"},
+	]
+
+	// Image ref
+	ref: {
+		string
+
+		#up: [
+			op.#Load & {from: push},
+
+			op.#Export & {
+				source: "/image_ref"
+			},
+		]
+	} & dagger.#Output
+
+	// Image digest
+	digest: {
+		string
+
+		#up: [
+			op.#Load & {from: push},
+
+			op.#Export & {
+				source: "/image_digest"
+			},
+		]
+	} & dagger.#Output
+}
+
+// Load a docker image into a docker engine
+#Load: {
+	// Connect to a remote SSH server
+	ssh?: {
+		// ssh host
+		host: dagger.#Input & {string}
+
+		// ssh user
+		user: dagger.#Input & {string}
+
+		// ssh port
+		port: dagger.#Input & {*22 | int}
+
+		// private key
+		key: dagger.#Input & {dagger.#Secret}
+
+		// fingerprint
+		fingerprint?: dagger.#Input & {string}
+
+		// ssh key passphrase
+		keyPassphrase?: dagger.#Input & {dagger.#Secret}
+	}
+
+	// Connect via DOCKER_HOST, supports tcp://
+	// TODO: Consider refactoring to support ssh:// & even file://
+	host?: string @dagger(input)
+
+	// Mount local docker socket
+	socket?: dagger.#Stream & dagger.#Input
+
+	// Name and optionally a tag in the 'name:tag' format
+	tag: dagger.#Input & {string}
+
+	// Image source
+	source: dagger.#Input & {dagger.#Artifact}
+
+	save: #up: [
+		op.#Load & {from: source},
+
+		op.#SaveImage & {
+			"tag": tag
+			dest:  "/image.tar"
+		},
+	]
+
+	load: #Command & {
+		if ssh != _|_ {
+			"ssh": ssh
+		}
+		if host != _|_ && ssh == _|_ {
+			"host": host
+		}
+		if socket != _|_ {
+			"socket": socket
+		}
+
+		copy: "/src": from: save
+
+		command: "docker load -i /src/image.tar"
+	}
+
+	// Image ID
+	id: {
+		string
+
+		#up: [
+			// HACK: force a dependency with `load`
+			op.#Load & {from: load},
+
+			op.#Load & {from: save},
+
+			op.#Export & {
+				source: "/dagger/image_id"
+			},
+		]
+	} & dagger.#Output
+}
+
+#Run: {
+	// Connect to a remote SSH server
+	ssh?: {
+		// ssh host
+		host: dagger.#Input & {string}
+
+		// ssh user
+		user: dagger.#Input & {string}
+
+		// ssh port
+		port: dagger.#Input & {*22 | int}
+
+		// private key
+		key: dagger.#Input & {dagger.#Secret}
+
+		// fingerprint
+		fingerprint?: dagger.#Input & {string}
+
+		// ssh key passphrase
+		keyPassphrase?: dagger.#Input & {dagger.#Secret}
+	}
+
+	// Connect via DOCKER_HOST, supports tcp://
+	// TODO: Consider refactoring to support ssh:// & even file://
+	host?: string @dagger(input)
+
+	// Mount local docker socket
+	socket?: dagger.#Stream & dagger.#Input
+
+	// Image reference (e.g: nginx:alpine)
+	ref: dagger.#Input & {string}
+
+	// Container name
+	name?: dagger.#Input & {string}
+
+	// Recreate container?
+	recreate: dagger.#Input & {bool | *true}
+
+	// Image registry
+	registry?: {
+		target:   string
+		username: string
+		secret:   dagger.#Secret
+	} & dagger.#Input
+
+	// local ports
+	ports?: [...string]
+
+	#command: #"""
+		# Run detach container
+		OPTS=""
+
+		if [ ! -z "$CONTAINER_NAME" ]; then
+			OPTS="$OPTS --name $CONTAINER_NAME"
+			docker inspect "$CONTAINER_NAME" >/dev/null && {
+				# Container already exists
+				if [ ! -z "$CONTAINER_RECREATE" ]; then
+					echo "Replacing container $CONTAINER_NAME"
+					docker stop "$CONTAINER_NAME"
+					docker rm "$CONTAINER_NAME"
+				else
+					echo "$CONTAINER_NAME already exists"
+					exit 0
+				fi
+			}
+		fi
+
+		if [ ! -z "$CONTAINER_PORTS" ]; then
+			OPTS="$OPTS -p $CONTAINER_PORTS"
+		fi
+
+		docker container run -d $OPTS "$IMAGE_REF"
+		"""#
+
+	run: #Command & {
+		if ssh != _|_ {
+			"ssh": ssh
+		}
+		if host != _|_ && ssh == _|_ {
+			"host": host
+		}
+		if socket != _|_ {
+			"socket": socket
+		}
+
+		command: #command
+		env: {
+			IMAGE_REF: ref
+			if name != _|_ {
+				CONTAINER_NAME: name
+			}
+
+			if recreate {
+				CONTAINER_RECREATE: "true"
+			}
+
+			if ports != _|_ {
+				CONTAINER_PORTS: strings.Join(ports, " -p ")
+			}
+		}
+	}
+}

pkg/alpha.dagger.io/docker/tests/build/dockerfile.cue

@@ -0,0 +1,84 @@
+package docker
+
+import (
+	"alpha.dagger.io/dagger"
+	"alpha.dagger.io/dagger/op"
+)
+
+TestSourceBuild: dagger.#Artifact @dagger(input)
+
+TestBuild: {
+	image: #Build & {
+		source: TestSourceBuild
+	}
+
+	verify: #up: [
+		op.#Load & {
+			from: image
+		},
+
+		op.#Exec & {
+			always: true
+			args: [
+				"sh", "-c", """
+						grep -q "test" /test.txt
+					""",
+			]
+		},
+	]
+}
+
+TestBuildWithArgs: {
+	image: #Build & {
+		dockerfile: """
+				FROM alpine
+				ARG TEST
+				ENV TEST=$TEST
+				RUN echo "$TEST" > /test.txt
+			"""
+		source: ""
+		args: TEST: "test"
+	}
+
+	verify: #up: [
+		op.#Load & {
+			from: image
+		},
+
+		op.#Exec & {
+			always: true
+			args: [
+				"sh", "-c", """
+						grep -q "test" /test.txt
+					""",
+			]
+		},
+	]
+}
+
+TestSourceImageFromDockerfile: dagger.#Artifact @dagger(input)
+
+TestImageFromDockerfile: {
+	image: #Build & {
+		dockerfile: """
+				FROM alpine
+				COPY test.txt /test.txt
+			"""
+		source: TestSourceImageFromDockerfile
+	}
+
+	verify: #up: [
+		op.#Load & {
+			from: image
+		},
+
+		op.#Exec & {
+			always: true
+			args: [
+				"sh", "-c", """
+						grep -q "test" /test.txt
+					""",
+			]
+		},
+	]
+}

pkg/alpha.dagger.io/docker/tests/build/testdata/build/Dockerfile

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo test >> /test.txt

pkg/alpha.dagger.io/docker/tests/build/testdata/dockerfile/test.txt

@@ -0,0 +1 @@
+test

pkg/alpha.dagger.io/docker/tests/command-host/command.cue

@@ -0,0 +1,13 @@
+package docker
+
+TestConfig: {
+	host: string @dagger(input)
+}
+
+TestHost: client: #Command & {
+	command: #"""
+			docker $CMD
+		"""#
+	host: TestConfig.host
+	env: CMD: "version"
+}

pkg/alpha.dagger.io/docker/tests/command-ssh-key-passphrase/command.cue

@@ -0,0 +1,25 @@
+package docker
+
+import (
+	"alpha.dagger.io/dagger"
+)
+
+TestConfig: {
+	host:          string         @dagger(input)
+	user:          string         @dagger(input)
+	key:           dagger.#Secret @dagger(input)
+	keyPassphrase: dagger.#Secret @dagger(input)
+}
+
+TestSSH: client: #Command & {
+	command: #"""
+			docker $CMD
+		"""#
+	ssh: {
+		host:          TestConfig.host
+		user:          TestConfig.user
+		key:           TestConfig.key
+		keyPassphrase: TestConfig.keyPassphrase
+	}
+	env: CMD: "version"
+}

pkg/alpha.dagger.io/docker/tests/command-ssh-wrong-key-passphrase/command.cue

@@ -0,0 +1,24 @@
+package docker
+
+import (
+	"alpha.dagger.io/dagger"
+)
+
+TestConfig: {
+	host:          string         @dagger(input)
+	user:          string         @dagger(input)
+	key:           dagger.#Secret @dagger(input)
+	keyPassphrase: dagger.#Secret @dagger(input)
+}
+
+TestSSH: client: #Command & {
+	command: #"""
+			docker version
+		"""#
+	ssh: {
+		host:          TestConfig.host
+		user:          TestConfig.user
+		key:           TestConfig.key
+		keyPassphrase: TestConfig.keyPassphrase
+	}
+}

pkg/alpha.dagger.io/docker/tests/command-ssh/command.cue

@@ -0,0 +1,26 @@
+package docker
+
+import (
+	"alpha.dagger.io/dagger"
+)
+
+TestConfig: {
+	host: dagger.#Input & {string}
+	user: dagger.#Input & {string}
+	key:  dagger.#Input & {dagger.#Secret}
+}
+
+TestPassword: dagger.#Input & {dagger.#Secret}
+
+TestSSH: client: #Command & {
+	command: #"""
+			docker $CMD && [ -f /run/secrets/password ]
+		"""#
+	ssh: {
+		host: TestConfig.host
+		user: TestConfig.user
+		key:  TestConfig.key
+	}
+	secret: "/run/secrets/password": TestPassword
+	env: CMD:                        "version"
+}

pkg/alpha.dagger.io/docker/tests/load/load.cue

@@ -0,0 +1,32 @@
+package docker
+
+import (
+	"alpha.dagger.io/dagger"
+	"alpha.dagger.io/random"
+)
+
+dockersocket: dagger.#Stream & dagger.#Input
+
+source: dagger.#Artifact & dagger.#Input
+
+TestLoad: {
+	suffix: random.#String & {
+		seed: ""
+	}
+
+	image: #Build & {
+		"source": source
+	}
+
+	load: #Load & {
+		tag:    "daggerci-image-load-\(suffix.out)"
+		source: image
+		socket: dockersocket
+	}
+
+	run: #Run & {
+		name:   "daggerci-container-load-\(suffix.out)"
+		ref:    load.id
+		socket: dockersocket
+	}
+}

pkg/alpha.dagger.io/docker/tests/load/testdata/Dockerfile

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo test >> /test.txt

pkg/alpha.dagger.io/docker/tests/pull/pull.cue

@@ -0,0 +1,25 @@
+package docker
+
+import (
+	"alpha.dagger.io/dagger/op"
+	"alpha.dagger.io/alpine"
+)
+
+ref: string @dagger(input)
+
+TestPull: {
+	pull: #Pull & {from: ref}
+
+	check: #up: [
+		op.#Load & {from: alpine.#Image},
+		op.#Exec & {
+			always: true
+			args: [
+				"sh", "-c", """
+					 grep -q "test" /src/test.txt
+					""",
+			]
+			mount: "/src": from: pull
+		},
+	]
+}

pkg/alpha.dagger.io/docker/tests/push-invalid-creds/push.cue

@@ -0,0 +1,36 @@
+package docker
+
+import (
+	"alpha.dagger.io/dagger"
+	"alpha.dagger.io/random"
+)
+
+TestRegistry: {
+	username: dagger.#Input & {string}
+	secret:   dagger.#Input & {dagger.#Secret}
+}
+
+TestPush: {
+	// Generate a random string
+	// Seed is used to force buildkit execution and not simply use a previous generated string.
+	tag: random.#String & {seed: "docker push and pull should fail"}
+
+	target: "daggerio/ci-test:\(tag.out)"
+
+	image: #Build & {
+		dockerfile: """
+				FROM alpine
+				RUN echo "test" > /test.txt
+			"""
+		source: ""
+	}
+
+	push: #Push & {
+		"target": target
+		source:   image
+		auth: {
+			username: TestRegistry.username
+			secret:   TestRegistry.secret
+		}
+	}
+}

pkg/alpha.dagger.io/docker/tests/push-multi-registry/push.cue

@@ -0,0 +1,65 @@
+package docker
+
+import (
+	"alpha.dagger.io/aws"
+	"alpha.dagger.io/aws/ecr"
+	"alpha.dagger.io/dagger"
+	"alpha.dagger.io/random"
+)
+
+// 
+// /!\ README /!\ 
+// The objective is to push an image on multiple registries to verify
+// that we correctly handle that kind of configuration
+//
+
+TestResources: {
+	// Generate a random string
+	// Seed is used to force buildkit execution and not simply use a previous generated string.
+	suffix: random.#String & {seed: "docker multi registry"}
+
+	image: #Build & {
+		dockerfile: """
+				FROM alpine
+				RUN echo "test" > /test.txt
+			"""
+		source: ""
+	}
+}
+
+TestRemoteAWS: {
+	awsConfig: aws.#Config
+
+	ecrCreds: ecr.#Credentials & {
+		config: awsConfig
+	}
+
+	target: "125635003186.dkr.ecr.\(awsConfig.region).amazonaws.com/dagger-ci:test-ecr-\(TestResources.suffix.out)"
+
+	remoteImg: #Push & {
+		"target": target
+		source:   TestResources.image
+		auth: {
+			username: ecrCreds.username
+			secret:   ecrCreds.secret
+		}
+	}
+}
+
+TestRemoteDocker: {
+	dockerConfig: {
+		username: dagger.#Input & {string}
+		secret:   dagger.#Input & {dagger.#Secret}
+	}
+
+	target: "daggerio/ci-test:test-docker-\(TestResources.suffix.out)"
+
+	remoteImg: #Push & {
+		"target": target
+		source:   TestResources.image
+		auth: {
+			username: dockerConfig.username
+			secret:   dockerConfig.secret
+		}
+	}
+}

pkg/alpha.dagger.io/docker/tests/push/push.cue

@@ -0,0 +1,36 @@
+package docker
+
+import (
+	"alpha.dagger.io/dagger"
+	"alpha.dagger.io/random"
+)
+
+TestRegistry: {
+	username: dagger.#Input & {string}
+	secret:   dagger.#Input & {dagger.#Secret}
+}
+
+TestPush: {
+	// Generate a random string
+	// Seed is used to force buildkit execution and not simply use a previous generated string.
+	tag: random.#String & {seed: "docker push"}
+
+	target: "daggerio/ci-test:\(tag.out)"
+
+	image: #Build & {
+		dockerfile: """
+				FROM alpine
+				RUN echo "test" > /test.txt
+			"""
+		source: ""
+	}
+
+	push: #Push & {
+		"target": target
+		source:   image
+		auth: {
+			username: TestRegistry.username
+			secret:   TestRegistry.secret
+		}
+	}
+}

pkg/alpha.dagger.io/docker/tests/run-host/simple.cue

@@ -0,0 +1,21 @@
+package docker
+
+import (
+	"alpha.dagger.io/random"
+)
+
+TestConfig: {
+	host: string @dagger(input)
+}
+
+TestHost: {
+	suffix: random.#String & {
+		seed: "docker-tcp-test"
+	}
+
+	run: #Run & {
+		name: "daggerci-test-tcp-\(suffix.out)"
+		ref:  "hello-world"
+		host: TestConfig.host
+	}
+}

pkg/alpha.dagger.io/docker/tests/run-local/local.cue

@@ -0,0 +1,18 @@
+package docker
+
+import (
+	"alpha.dagger.io/dagger"
+	"alpha.dagger.io/random"
+)
+
+dockersocket: dagger.#Stream & dagger.#Input
+
+suffix: random.#String & {
+	seed: ""
+}
+
+run: #Run & {
+	name:   "daggerci-test-local-\(suffix.out)"
+	ref:    "hello-world"
+	socket: dockersocket
+}

pkg/alpha.dagger.io/docker/tests/run-ports/ports.cue

@@ -0,0 +1,19 @@
+package docker
+
+import (
+	"alpha.dagger.io/dagger"
+	"alpha.dagger.io/random"
+)
+
+dockersocket: dagger.#Stream & dagger.#Input
+
+suffix: random.#String & {
+	seed: ""
+}
+
+run: #Run & {
+	name:   "daggerci-test-ports-\(suffix.out)"
+	ref:    "nginx"
+	socket: dockersocket
+	ports: ["8080:80"]
+}

pkg/alpha.dagger.io/docker/tests/run-ssh/simple.cue

@@ -0,0 +1,29 @@
+package docker
+
+import (
+	"alpha.dagger.io/dagger"
+	"alpha.dagger.io/random"
+)
+
+TestConfig: {
+	host: string         @dagger(input)
+	user: string         @dagger(input)
+	key:  dagger.#Secret @dagger(input)
+}
+
+TestSSH: {
+	suffix: random.#String & {
+		seed: ""
+	}
+
+	run: #Run & {
+		name: "daggerci-test-ssh-\(suffix.out)"
+		ref:  "hello-world"
+
+		ssh: {
+			host: TestConfig.host
+			user: TestConfig.user
+			key:  TestConfig.key
+		}
+	}
+}