diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 48b16184..8bcd4219 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -101,7 +101,8 @@ jobs: uses: crazy-max/ghaction-github-runtime@v1 - name: Integration test - # env: + env: + DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} # DAGGER_CACHE_TO: "type=gha,mode=max,scope=test-integration" # DAGGER_CACHE_FROM: "type=gha,mode=max,scope=test-integration" run: | diff --git a/plan/task/auth.go b/plan/task/auth.go new file mode 100644 index 00000000..8fc7e44c --- /dev/null +++ b/plan/task/auth.go @@ -0,0 +1,54 @@ +package task + +import ( + "go.dagger.io/dagger/compiler" + "go.dagger.io/dagger/plancontext" +) + +type authValue struct { + Target string + Username string + Secret *plancontext.Secret +} + +// Decodes an auth field value +// +// Cue format: +// auth: [...{ +// target: string +// username: string +// secret: string | #Secret +// }] +func decodeAuthValue(pctx *plancontext.Context, v *compiler.Value) ([]*authValue, error) { + vals, err := v.List() + if err != nil { + return nil, err + } + + authVals := []*authValue{} + for _, val := range vals { + authVal := authValue{} + + target, err := val.Lookup("target").String() + if err != nil { + return nil, err + } + authVal.Target = target + + username, err := val.Lookup("username").String() + if err != nil { + return nil, err + } + authVal.Username = username + + secret, err := pctx.Secrets.FromValue(val.Lookup("secret")) + if err != nil { + return nil, err + } + authVal.Secret = secret + + authVals = append(authVals, &authVal) + } + + return authVals, nil +} diff --git a/plan/task/pull.go b/plan/task/pull.go index 46ecc9f2..bfa775f3 100644 --- a/plan/task/pull.go +++ b/plan/task/pull.go @@ -7,6 +7,7 @@ import ( "github.com/docker/distribution/reference" "github.com/moby/buildkit/client/llb" + "github.com/rs/zerolog/log" "go.dagger.io/dagger/compiler" "go.dagger.io/dagger/plancontext" "go.dagger.io/dagger/solver" @@ -19,20 +20,24 @@ func init() { type pullTask struct { } -type authValue struct { - Target string - Username string - // FIXME: handle secrets - Secret string -} - func (c *pullTask) Run(ctx context.Context, pctx *plancontext.Context, s solver.Solver, v *compiler.Value) (*compiler.Value, error) { - // FIXME: handle auth + lg := log.Ctx(ctx) + rawRef, err := v.Lookup("source").String() if err != nil { return nil, err } + // Read auth info + auth, err := decodeAuthValue(pctx, v.Lookup("auth")) + if err != nil { + return nil, err + } + for _, a := range auth { + s.AddCredentials(a.Target, a.Username, a.Secret.PlainText()) + lg.Debug().Str("target", a.Target).Msg("add target credentials") + } + ref, err := reference.ParseNormalizedNamed(rawRef) if err != nil { return nil, fmt.Errorf("failed to parse ref %s: %w", rawRef, err) @@ -54,6 +59,7 @@ func (c *pullTask) Run(ctx context.Context, pctx *plancontext.Context, s solver. if err != nil { return nil, err } + imageJSON, err := json.Marshal(image) if err != nil { return nil, err @@ -64,17 +70,6 @@ func (c *pullTask) Run(ctx context.Context, pctx *plancontext.Context, s solver. return nil, err } - auth := []authValue{} - - // Read auth data - if err := v.Lookup("auth").Decode(&auth); err != nil { - return nil, err - } - - for _, a := range auth { - s.AddCredentials(a.Target, a.Username, a.Secret) - } - result, err := s.Solve(ctx, st, pctx.Platform.Get()) if err != nil { return nil, err diff --git a/tests/tasks/pull/pull_auth.cue b/tests/tasks/pull/pull_auth.cue index 67ab1aab..5e5d22bf 100644 --- a/tests/tasks/pull/pull_auth.cue +++ b/tests/tasks/pull/pull_auth.cue @@ -5,11 +5,19 @@ import ( ) engine.#Plan & { + context: secrets: { + dockerHubToken: envvar: "DOCKERHUB_TOKEN" + } actions: pull: engine.#Pull & { - source: "alpine:3.15.0@sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3" + source: "blocklayer/alpine-private:3.15.0@sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060" + auth: [{ + target: "docker.io/blocklayer/alpine-private:3.15.0" + username: "daggertest" + secret: context.secrets.dockerHubToken.contents + }] } & { // assert result - digest: "sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3" + digest: "sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060" config: { Env: ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"] Cmd: ["/bin/sh"]