Merge pull request #2 from opspec-pkgs/multi-registry-auth

add multi registry auth

.opspec/compile/op.yml

@@ -0,0 +1,14 @@
+name: compile
+description: compiles the bin from go source code
+inputs:
+ srcDir:
+ dir:
+ description: dir containing source code for bin
+ default: .
+run:
+ op:
+ ref: github.com/opspec-pkgs/golang.build.bin#2.0.0
+ inputs:
+ name: setAuths
+ srcDir:
+ goVersion: 1.15

CHANGELOG.md

@@ -5,6 +5,12 @@ All notable changes will be documented in this file in accordance with
 
 ## \[Unreleased]
 
+## \[1.2.0] - 2020-11-17
+
+### Added
+
+- Support passing creds for multiple registries
+
 ## \[1.1.1] - 2020-06-16
 
 ### Fixed

README.md

@@ -1,5 +1,7 @@
 [![Build Status](https://travis-ci.org/opspec-pkgs/opencontainers.image.build.svg?branch=master)](https://travis-ci.org/opspec-pkgs/opencontainers.image.build)
 
+<img src="icon.svg" alt="icon" height="100px">
+
 # Problem statement
 
 Builds an open container initiative (OCI) image
@@ -13,29 +15,27 @@ the op uses [![opspec 0.1.6](https://img.shields.io/badge/opspec-0.1.6-brightgre
 ## Install
 
 ```shell
-opctl op install github.com/opspec-pkgs/opencontainers.image.build#1.1.1
+opctl op install github.com/opspec-pkgs/opencontainers.image.build#1.2.0
 ```
 
 ## Run
 
 ```
-opctl run github.com/opspec-pkgs/opencontainers.image.build#1.1.1
+opctl run github.com/opspec-pkgs/opencontainers.image.build#1.2.0
 ```
 
 ## Compose
 
 ```yaml
 op:
- ref: github.com/opspec-pkgs/opencontainers.image.build#1.1.1
+ ref: github.com/opspec-pkgs/opencontainers.image.build#1.2.0
  inputs:
  instructions: # 👈 required; provide a value
  ## uncomment to override defaults
  # cacheDir: /default_cache
  # context: /default_context
  # contextIgnore: /default_context_ignore
- # password: ""
- # registry: "docker.io"
- # username: ""
+ # registryCreds: 
  outputs:
  image:
 ```

cmd.sh

@@ -2,6 +2,8 @@
 
 set -e
 
+/setAuths
+
 buildctl-daemonless.sh \
  build \
  --frontend dockerfile.v0 \

main.go

@@ -0,0 +1,66 @@
+package main
+
+import (
+ "encoding/base64"
+ "encoding/json"
+ "fmt"
+ "io/ioutil"
+ "os"
+)
+
+//RegistryCreds holds auth info for a registry
+type RegistryCreds struct {
+ Username string
+ Password string
+ Registry string
+}
+
+// ConfigFile holds a config file
+type ConfigFile struct{
+ Auths map[string]ConfigFileAuth `json:"auths"`
+}
+
+// ConfigFileAuth holds a config file entry
+type ConfigFileAuth struct {
+ Auth string `json:"auth"`
+}
+
+func main() {
+ registryCreds := []RegistryCreds{}
+ registryCredsJSON := os.Getenv("registryCreds")
+ err := json.Unmarshal([]byte(registryCredsJSON), &registryCreds)
+ if nil != err {
+ panic(err)
+ }
+
+ auths := map[string]ConfigFileAuth{}
+
+ for _, creds := range registryCreds {
+ auths[creds.Registry] = ConfigFileAuth{
+ Auth: base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", creds.Username, creds.Password))),
+ }
+ }
+
+ configFile := ConfigFile{
+ Auths: auths,
+ }
+
+ configFileBytes, err := json.Marshal(configFile)
+ if nil != err {
+ panic(err)
+ }
+
+ err = os.MkdirAll("/root/.docker", 0777)
+ if nil != err {
+ panic(err)
+ }
+
+ err = ioutil.WriteFile(
+ "/root/.docker/config.json",
+ configFileBytes,
+ 0777,
+ )
+ if nil != err {
+ panic(err)
+ }
+}

op.yml

@@ -2,6 +2,21 @@ description: Builds an open container initiative (OCI) image
 name: github.com/opspec-pkgs/opencontainers.image.build
 opspec: 0.1.6
 inputs:
+ registryCreds:
+ array:
+ default: []
+ description: creds for image registries
+ constraints: 
+ items:
+ type: object
+ properties:
+ username:
+ type: string
+ password:
+ type: string
+ registry:
+ format: uri
+ type: string
  cacheDir:
  dir:
  default: /default_cache
@@ -17,48 +32,23 @@ inputs:
  instructions:
  file:
  description: build instructions in the format of a Containerfile/Dockerfile
- username:
- string:
- description: username for auth w/ private registry
- default: ''
- password:
- string:
- description: password for auth w/ private registry
- default: ''
- isSecret: true
- registry:
- string:
- description: private registry to pull image from
- default: docker.io
 outputs:
  image:
  dir:
  description: image in form of [v1.0.1 OCI (Open Container Initiative) `image-layout`](https://github.com/opencontainers/image-spec/blob/v1.0.1/image-layout.md)
 run:
- serial:
- - op:
- ref: github.com/opspec-pkgs/base64.encode#1.1.0
- inputs:
- rawValue: $(username):$(password)
- outputs:
- encodedValue:
- - container:
- cmd: [ /cmd.sh ]
- files:
- /cmd.sh:
- /Dockerfile: $(instructions)
- /Dockerfile.dockerignore: $(contextIgnore)
- /root/.docker/config.json: 
- auths:
- $(registry):
- auth: $(encodedValue)
- dirs:
- /buildContext: $(context)
- /cacheDir: $(cacheDir)
- /image: $(image)
- envVars:
- password:
- registry:
- username:
- image: { ref: moby/buildkit:master}
-version: 1.1.1
+ container:
+ cmd: [ /cmd.sh ]
+ files:
+ /cmd.sh:
+ /Dockerfile: $(instructions)
+ /Dockerfile.dockerignore: $(contextIgnore)
+ /setAuths:
+ dirs:
+ /buildContext: $(context)
+ /cacheDir: $(cacheDir)
+ /image: $(image)
+ envVars:
+ registryCreds:
+ image: { ref: moby/buildkit:master}
+version: 1.2.0