read registry credentials [CI SKIP]
This commit is contained in:
Brad Rydzewski
@@ -18,6 +18,7 @@ import (
|
|||||||
"github.com/drone/envsubst"
|
"github.com/drone/envsubst"
|
||||||
"github.com/drone/runner-go/environ"
|
"github.com/drone/runner-go/environ"
|
||||||
"github.com/drone/runner-go/manifest"
|
"github.com/drone/runner-go/manifest"
|
||||||
|
"github.com/drone/runner-go/registry"
|
||||||
"github.com/drone/runner-go/secret"
|
"github.com/drone/runner-go/secret"
|
||||||
|
|
||||||
"gopkg.in/alecthomas/kingpin.v2"
|
"gopkg.in/alecthomas/kingpin.v2"
|
||||||
@@ -34,6 +35,7 @@ type compileCommand struct {
|
|||||||
Labels map[string]string
|
Labels map[string]string
|
||||||
Secrets map[string]string
|
Secrets map[string]string
|
||||||
Resources compiler.Resources
|
Resources compiler.Resources
|
||||||
|
Config string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *compileCommand) run(*kingpin.ParseContext) error {
|
func (c *compileCommand) run(*kingpin.ParseContext) error {
|
||||||
@@ -108,6 +110,9 @@ func (c *compileCommand) run(*kingpin.ParseContext) error {
|
|||||||
Networks: c.Networks,
|
Networks: c.Networks,
|
||||||
Volumes: c.Volumes,
|
Volumes: c.Volumes,
|
||||||
Secret: secret.StaticVars(c.Secrets),
|
Secret: secret.StaticVars(c.Secrets),
|
||||||
|
Registry: registry.Combine(
|
||||||
|
registry.File(c.Config),
|
||||||
|
),
|
||||||
}
|
}
|
||||||
spec := comp.Compile(nocontext)
|
spec := comp.Compile(nocontext)
|
||||||
|
|
||||||
@@ -172,6 +177,9 @@ func registerCompile(app *kingpin.Application) {
|
|||||||
cmd.Flag("shmsize", "container shm size").
|
cmd.Flag("shmsize", "container shm size").
|
||||||
Int64Var(&c.Resources.ShmSize)
|
Int64Var(&c.Resources.ShmSize)
|
||||||
|
|
||||||
|
cmd.Flag("docker-config", "path to the docker config file").
|
||||||
|
StringVar(&c.Config)
|
||||||
|
|
||||||
// shared pipeline flags
|
// shared pipeline flags
|
||||||
c.Flags = internal.ParseFlags(cmd)
|
c.Flags = internal.ParseFlags(cmd)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -26,6 +26,7 @@ import (
|
|||||||
"github.com/drone/runner-go/manifest"
|
"github.com/drone/runner-go/manifest"
|
||||||
"github.com/drone/runner-go/pipeline"
|
"github.com/drone/runner-go/pipeline"
|
||||||
"github.com/drone/runner-go/pipeline/console"
|
"github.com/drone/runner-go/pipeline/console"
|
||||||
|
"github.com/drone/runner-go/registry"
|
||||||
"github.com/drone/runner-go/secret"
|
"github.com/drone/runner-go/secret"
|
||||||
"github.com/drone/signal"
|
"github.com/drone/signal"
|
||||||
|
|
||||||
@@ -47,6 +48,7 @@ type execCommand struct {
|
|||||||
Labels map[string]string
|
Labels map[string]string
|
||||||
Secrets map[string]string
|
Secrets map[string]string
|
||||||
Resources compiler.Resources
|
Resources compiler.Resources
|
||||||
|
Config string
|
||||||
Pretty bool
|
Pretty bool
|
||||||
Procs int64
|
Procs int64
|
||||||
Debug bool
|
Debug bool
|
||||||
@@ -128,6 +130,9 @@ func (c *execCommand) run(*kingpin.ParseContext) error {
|
|||||||
Networks: c.Networks,
|
Networks: c.Networks,
|
||||||
Volumes: c.Volumes,
|
Volumes: c.Volumes,
|
||||||
Secret: secret.StaticVars(c.Secrets),
|
Secret: secret.StaticVars(c.Secrets),
|
||||||
|
Registry: registry.Combine(
|
||||||
|
registry.File(c.Config),
|
||||||
|
),
|
||||||
}
|
}
|
||||||
spec := comp.Compile(nocontext)
|
spec := comp.Compile(nocontext)
|
||||||
|
|
||||||
@@ -308,6 +313,9 @@ func registerExec(app *kingpin.Application) {
|
|||||||
cmd.Flag("private-key", "private key file path").
|
cmd.Flag("private-key", "private key file path").
|
||||||
ExistingFileVar(&c.PrivateKey)
|
ExistingFileVar(&c.PrivateKey)
|
||||||
|
|
||||||
|
cmd.Flag("docker-config", "path to the docker config file").
|
||||||
|
StringVar(&c.Config)
|
||||||
|
|
||||||
cmd.Flag("debug", "enable debug logging").
|
cmd.Flag("debug", "enable debug logging").
|
||||||
BoolVar(&c.Debug)
|
BoolVar(&c.Debug)
|
||||||
|
|
||||||
|
|||||||
@@ -9,7 +9,6 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
"github.com/drone-runners/drone-runner-docker/engine"
|
"github.com/drone-runners/drone-runner-docker/engine"
|
||||||
"github.com/drone-runners/drone-runner-docker/engine/auth"
|
|
||||||
"github.com/drone-runners/drone-runner-docker/engine/compiler/image"
|
"github.com/drone-runners/drone-runner-docker/engine/compiler/image"
|
||||||
"github.com/drone-runners/drone-runner-docker/engine/resource"
|
"github.com/drone-runners/drone-runner-docker/engine/resource"
|
||||||
|
|
||||||
@@ -18,6 +17,8 @@ import (
|
|||||||
"github.com/drone/runner-go/environ"
|
"github.com/drone/runner-go/environ"
|
||||||
"github.com/drone/runner-go/labels"
|
"github.com/drone/runner-go/labels"
|
||||||
"github.com/drone/runner-go/manifest"
|
"github.com/drone/runner-go/manifest"
|
||||||
|
"github.com/drone/runner-go/registry"
|
||||||
|
"github.com/drone/runner-go/registry/auths"
|
||||||
"github.com/drone/runner-go/secret"
|
"github.com/drone/runner-go/secret"
|
||||||
|
|
||||||
"github.com/dchest/uniuri"
|
"github.com/dchest/uniuri"
|
||||||
@@ -113,6 +114,10 @@ type Compiler struct {
|
|||||||
// Secret returns a named secret value that can be injected
|
// Secret returns a named secret value that can be injected
|
||||||
// into the pipeline step.
|
// into the pipeline step.
|
||||||
Secret secret.Provider
|
Secret secret.Provider
|
||||||
|
|
||||||
|
// Registry returns a list of registry credentials that can be
|
||||||
|
// used to pull private container images.
|
||||||
|
Registry registry.Provider
|
||||||
}
|
}
|
||||||
|
|
||||||
// Compile compiles the configuration file.
|
// Compile compiles the configuration file.
|
||||||
@@ -285,22 +290,36 @@ func (c *Compiler) Compile(ctx context.Context) *engine.Spec {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var auths []*engine.Auth
|
// get registry credentials from registry plugins
|
||||||
|
creds, err := c.Registry.List(ctx, ®istry.Request{
|
||||||
|
Repo: c.Repo,
|
||||||
|
Build: c.Build,
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
// TODO (bradrydzewski) return an error to the caller
|
||||||
|
// if the provider returns an error.
|
||||||
|
}
|
||||||
|
|
||||||
|
// get registry credentials from secrets
|
||||||
for _, name := range c.Pipeline.PullSecrets {
|
for _, name := range c.Pipeline.PullSecrets {
|
||||||
secret, ok := c.findSecret(ctx, name)
|
secret, ok := c.findSecret(ctx, name)
|
||||||
if ok {
|
if ok {
|
||||||
parsed, err := auth.ParseString(secret)
|
parsed, err := auths.ParseString(secret)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
auths = append(auths, parsed...)
|
creds = append(creds, parsed...)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, step := range spec.Steps {
|
for _, step := range spec.Steps {
|
||||||
STEPS:
|
STEPS:
|
||||||
for _, auth := range auths {
|
for _, cred := range creds {
|
||||||
if image.MatchHostname(step.Image, auth.Address) {
|
if image.MatchHostname(step.Image, cred.Address) {
|
||||||
step.Auth = auth
|
step.Auth = &engine.Auth{
|
||||||
|
Address: cred.Address,
|
||||||
|
Username: cred.Username,
|
||||||
|
Password: cred.Password,
|
||||||
|
}
|
||||||
break STEPS
|
break STEPS
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -376,6 +395,8 @@ func (c *Compiler) findSecret(ctx context.Context, name string) (s string, ok bo
|
|||||||
if name == "" {
|
if name == "" {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
// TODO (bradrydzewski) return an error to the caller
|
||||||
|
// if the provider returns an error.
|
||||||
found, _ := c.Secret.Find(ctx, &secret.Request{
|
found, _ := c.Secret.Find(ctx, &secret.Request{
|
||||||
Name: name,
|
Name: name,
|
||||||
Build: c.Build,
|
Build: c.Build,
|
||||||
|
|||||||
Reference in New Issue
Block a user