support registry auth

HACK: the way buildkit works, we can only supply an Auth Provider for the entirety of the build session (`dagger up`). Therefore, we start by scanning all auth in the entire Cue tree and supply an auth provider for all of them.

Drawbacks:
- As soon as you add `auth` in a Pipeline for a registry, all other Pipelines have access to the same registry
- You can't use different credentials for the same registry

Fixes #301

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>

dagger/client.go

@@ -19,6 +19,7 @@ import (
 	_ "github.com/moby/buildkit/client/connhelper/dockercontainer" // import the container connection driver
 	"github.com/moby/buildkit/client/llb"
 	bkgw "github.com/moby/buildkit/frontend/gateway/client"
+	"github.com/moby/buildkit/session"
 
 	// docker output
 	"dagger.io/go/pkg/buildkitd"
@@ -101,9 +102,13 @@ func (c *Client) buildfn(ctx context.Context, deployment *Deployment, fn ClientD
 		localdirs[label] = abs
 	}
 
+	// buildkit auth provider (registry)
+	auth := newRegistryAuthProvider()
+
 	// Setup solve options
 	opts := bk.SolveOpt{
 		LocalDirs: localdirs,
+		Session:   []session.Attachable{auth},
 	}
 
 	// Call buildkit solver
@@ -113,13 +118,16 @@ func (c *Client) buildfn(ctx context.Context, deployment *Deployment, fn ClientD
 		Msg("spawning buildkit job")
 
 	resp, err := c.c.Build(ctx, opts, "", func(ctx context.Context, gw bkgw.Client) (*bkgw.Result, error) {
-		s := NewSolver(c.c, gw, ch, c.noCache)
+		s := NewSolver(c.c, gw, ch, opts.Session, c.noCache)
 
 		lg.Debug().Msg("loading configuration")
 		if err := deployment.LoadPlan(ctx, s); err != nil {
 			return nil, err
 		}
 
+		lg.Debug().Msg("loading registry credentials from plan")
+		auth.SetCredentials(deployment.RegistryCredentials(ctx))
+
 		// Compute output overlay
 		if fn != nil {
 			if err := fn(ctx, deployment, s); err != nil {