From 7d40e79366f13cbb3a49eb4327d0b7bde9d081cc Mon Sep 17 00:00:00 2001
From: Andrea Luzzardi <aluzzardi@gmail.com>
Date: Tue, 21 Dec 2021 14:16:33 +0100
Subject: [PATCH] engine.#Build: support auth

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
---
 plan/task/build.go                    | 42 ++++++++++++++++-----------
 stdlib/europa/dagger/engine/image.cue |  8 +++++
 tests/tasks.bats                      |  2 ++
 tests/tasks/build/build_auth.cue      | 24 +++++++++++++++
 4 files changed, 59 insertions(+), 17 deletions(-)
 create mode 100644 tests/tasks/build/build_auth.cue

diff --git a/plan/task/build.go b/plan/task/build.go
index 7cde2082..da3b8d0c 100644
--- a/plan/task/build.go
+++ b/plan/task/build.go
@@ -3,10 +3,10 @@ package task
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"strings"
 
-	"cuelang.org/go/cue"
 	bkplatforms "github.com/containerd/containerd/platforms"
 	"github.com/moby/buildkit/client/llb"
 	"github.com/moby/buildkit/exporter/containerimage/exptypes"
@@ -14,6 +14,7 @@ import (
 	"github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb"
 	bkgw "github.com/moby/buildkit/frontend/gateway/client"
 	bkpb "github.com/moby/buildkit/solver/pb"
+	"github.com/rs/zerolog/log"
 
 	"go.dagger.io/dagger/compiler"
 	"go.dagger.io/dagger/plancontext"
@@ -42,7 +43,17 @@ func (t *buildTask) Run(ctx context.Context, pctx *plancontext.Context, s solver
 }
 
 func (t *buildTask) dockerfile(ctx context.Context, pctx *plancontext.Context, s solver.Solver, v *compiler.Value) (*compiler.Value, error) {
-	// FIXME: support auth
+	lg := log.Ctx(ctx)
+
+	// Read auth info
+	auth, err := decodeAuthValue(pctx, v.Lookup("auth"))
+	if err != nil {
+		return nil, err
+	}
+	for _, a := range auth {
+		s.AddCredentials(a.Target, a.Username, a.Secret.PlainText())
+		lg.Debug().Str("target", a.Target).Msg("add target credentials")
+	}
 
 	source, err := pctx.FS.FromValue(v.Lookup("source"))
 	if err != nil {
@@ -104,23 +115,20 @@ func (t *buildTask) dockerfile(ctx context.Context, pctx *plancontext.Context, s
 		return nil, err
 	}
 
-	out := compiler.NewValue()
-	if err := out.FillPath(cue.ParsePath("output"), pctx.FS.New(ref).MarshalCUE()); err != nil {
-		return nil, err
+	// Image metadata
+	meta, ok := res.Metadata[exptypes.ExporterImageConfigKey]
+	if !ok {
+		return nil, errors.New("build returned no image config")
+	}
+	var image dockerfile2llb.Image
+	if err := json.Unmarshal(meta, &image); err != nil {
+		return nil, fmt.Errorf("failed to unmarshal image config: %w", err)
 	}
 
-	// Load image metadata
-	if meta, ok := res.Metadata[exptypes.ExporterImageConfigKey]; ok {
-		var image dockerfile2llb.Image
-		if err := json.Unmarshal(meta, &image); err != nil {
-			return nil, fmt.Errorf("failed to unmarshal image config: %w", err)
-		}
-		if err := out.FillPath(cue.ParsePath("config"), image.Config); err != nil {
-			return nil, err
-		}
-	}
-
-	return out, nil
+	return compiler.NewValue().FillFields(map[string]interface{}{
+		"output": pctx.FS.New(ref).MarshalCUE(),
+		"config": image.Config,
+	})
 }
 
 func (t *buildTask) dockerBuildOpts(v *compiler.Value, pctx *plancontext.Context) (map[string]string, error) {
diff --git a/stdlib/europa/dagger/engine/image.cue b/stdlib/europa/dagger/engine/image.cue
index 67a725ec..4f915b43 100644
--- a/stdlib/europa/dagger/engine/image.cue
+++ b/stdlib/europa/dagger/engine/image.cue
@@ -83,6 +83,14 @@ package engine
 			contents: string
 		}
 
+		// Authentication
+		auth: [...{
+			target:   string
+			username: string
+			secret:   string | #Secret
+		}]
+
+		// FIXME: options ported from op.#DockerBuild
 		platforms: [...string]
 		target: string
 		buildArg: [string]: string
diff --git a/tests/tasks.bats b/tests/tasks.bats
index db6d14b3..090106ca 100644
--- a/tests/tasks.bats
+++ b/tests/tasks.bats
@@ -85,4 +85,6 @@ setup() {
     "$DAGGER" --europa up ./image_config.cue
     "$DAGGER" --europa up ./labels.cue
     "$DAGGER" --europa up ./platform.cue
+
+    "$DAGGER" --europa up ./build_auth.cue
 }
diff --git a/tests/tasks/build/build_auth.cue b/tests/tasks/build/build_auth.cue
new file mode 100644
index 00000000..bcc18275
--- /dev/null
+++ b/tests/tasks/build/build_auth.cue
@@ -0,0 +1,24 @@
+package testing
+
+import (
+	"alpha.dagger.io/europa/dagger/engine"
+)
+
+engine.#Plan & {
+	inputs: {
+		directories: testdata: path:     "./testdata"
+		secrets: dockerHubToken: envvar: "DOCKERHUB_TOKEN"
+	}
+
+	actions: build: engine.#Build & {
+		source: inputs.directories.testdata.contents
+		auth: [{
+			target:   "daggerio/ci-test:private-pull"
+			username: "daggertest"
+			secret:   inputs.secrets.dockerHubToken.contents
+		}]
+		dockerfile: contents: """
+			FROM daggerio/ci-test:private-pull@sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060
+			"""
+	}
+}