diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 48b16184..8bcd4219 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -101,7 +101,8 @@ jobs: uses: crazy-max/ghaction-github-runtime@v1 - name: Integration test - # env: + env: + DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} # DAGGER_CACHE_TO: "type=gha,mode=max,scope=test-integration" # DAGGER_CACHE_FROM: "type=gha,mode=max,scope=test-integration" run: | diff --git a/plan/task/auth.go b/plan/task/auth.go new file mode 100644 index 00000000..8fc7e44c --- /dev/null +++ b/plan/task/auth.go @@ -0,0 +1,54 @@ +package task + +import ( + "go.dagger.io/dagger/compiler" + "go.dagger.io/dagger/plancontext" +) + +type authValue struct { + Target string + Username string + Secret *plancontext.Secret +} + +// Decodes an auth field value +// +// Cue format: +// auth: [...{ +// target: string +// username: string +// secret: string | #Secret +// }] +func decodeAuthValue(pctx *plancontext.Context, v *compiler.Value) ([]*authValue, error) { + vals, err := v.List() + if err != nil { + return nil, err + } + + authVals := []*authValue{} + for _, val := range vals { + authVal := authValue{} + + target, err := val.Lookup("target").String() + if err != nil { + return nil, err + } + authVal.Target = target + + username, err := val.Lookup("username").String() + if err != nil { + return nil, err + } + authVal.Username = username + + secret, err := pctx.Secrets.FromValue(val.Lookup("secret")) + if err != nil { + return nil, err + } + authVal.Secret = secret + + authVals = append(authVals, &authVal) + } + + return authVals, nil +} diff --git a/plan/task/pull.go b/plan/task/pull.go index 20d48e9b..bfa775f3 100644 --- a/plan/task/pull.go +++ b/plan/task/pull.go @@ -7,6 +7,7 @@ import ( "github.com/docker/distribution/reference" "github.com/moby/buildkit/client/llb" + "github.com/rs/zerolog/log" "go.dagger.io/dagger/compiler" "go.dagger.io/dagger/plancontext" "go.dagger.io/dagger/solver" @@ -20,12 +21,23 @@ type pullTask struct { } func (c *pullTask) Run(ctx context.Context, pctx *plancontext.Context, s solver.Solver, v *compiler.Value) (*compiler.Value, error) { - // FIXME: handle auth + lg := log.Ctx(ctx) + rawRef, err := v.Lookup("source").String() if err != nil { return nil, err } + // Read auth info + auth, err := decodeAuthValue(pctx, v.Lookup("auth")) + if err != nil { + return nil, err + } + for _, a := range auth { + s.AddCredentials(a.Target, a.Username, a.Secret.PlainText()) + lg.Debug().Str("target", a.Target).Msg("add target credentials") + } + ref, err := reference.ParseNormalizedNamed(rawRef) if err != nil { return nil, fmt.Errorf("failed to parse ref %s: %w", rawRef, err) @@ -47,6 +59,7 @@ func (c *pullTask) Run(ctx context.Context, pctx *plancontext.Context, s solver. if err != nil { return nil, err } + imageJSON, err := json.Marshal(image) if err != nil { return nil, err diff --git a/tests/tasks.bats b/tests/tasks.bats index a563d1cb..ac1c182d 100644 --- a/tests/tasks.bats +++ b/tests/tasks.bats @@ -6,7 +6,12 @@ setup() { @test "task: #Pull" { cd "$TESTDIR"/tasks/pull - "$DAGGER" --europa up + "$DAGGER" --europa up ./pull.cue +} + +@test "task: #Pull with auth" { + cd "$TESTDIR"/tasks/pull + "$DAGGER" --europa up ./pull_auth.cue } @test "task: #ReadFile" { @@ -39,4 +44,4 @@ setup() { "$DAGGER" --europa up ./user.cue "$DAGGER" --europa up ./workdir.cue -} \ No newline at end of file +} diff --git a/tests/tasks/pull/pull_auth.cue b/tests/tasks/pull/pull_auth.cue new file mode 100644 index 00000000..f821f74d --- /dev/null +++ b/tests/tasks/pull/pull_auth.cue @@ -0,0 +1,24 @@ +package main + +import ( + "alpha.dagger.io/europa/dagger/engine" +) + +engine.#Plan & { + context: secrets: dockerHubToken: envvar: "DOCKERHUB_TOKEN" + actions: pull: engine.#Pull & { + source: "daggerio/ci-test:private-pull@sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060" + auth: [{ + target: "daggerio/ci-test:private-pull" + username: "daggertest" + secret: context.secrets.dockerHubToken.contents + }] + } & { + // assert result + digest: "sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060" + config: { + Env: ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"] + Cmd: ["/bin/sh"] + } + } +}