From 9dd1ec90f4e09d07fec7ec76352634794584fa88 Mon Sep 17 00:00:00 2001 From: Gerald Pinder Date: Tue, 28 May 2024 22:56:06 -0400 Subject: [PATCH] fix: Remove hard requirement for login creds to be able to push (#187) Related to https://github.com/blue-build/github-action/issues/48 --- Cargo.toml | 4 +- src/commands/build.rs | 76 +++++++++++++++++------------------ src/credentials.rs | 6 +-- src/drivers/buildah_driver.rs | 38 ++++++++++-------- src/drivers/docker_driver.rs | 36 +++++++++-------- src/drivers/podman_driver.rs | 38 ++++++++++-------- utils/Cargo.toml | 5 +-- utils/src/constants.rs | 4 ++ 8 files changed, 108 insertions(+), 99 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index ef00c8ea..a0c68e9a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -12,7 +12,7 @@ version = "0.8.9" [workspace.dependencies] anyhow = "1" chrono = "0.4" -clap = { version = "4", features = ["derive", "cargo", "unicode"] } +clap = "4" colored = "2" env_logger = "0.11" format_serde_error = "0.3" @@ -74,7 +74,7 @@ users = "0.11" # Workspace dependencies anyhow.workspace = true chrono.workspace = true -clap.workspace = true +clap = { workspace = true, features = ["derive", "cargo", "unicode", "env"] } colored.workspace = true env_logger.workspace = true indexmap.workspace = true diff --git a/src/commands/build.rs b/src/commands/build.rs index 53383a09..ca1a67b1 100644 --- a/src/commands/build.rs +++ b/src/commands/build.rs @@ -7,11 +7,12 @@ use std::{ use anyhow::{bail, Context, Result}; use blue_build_recipe::Recipe; use blue_build_utils::constants::{ - ARCHIVE_SUFFIX, BUILD_ID_LABEL, CI_DEFAULT_BRANCH, CI_PROJECT_NAME, CI_PROJECT_NAMESPACE, - CI_PROJECT_URL, CI_REGISTRY, CI_SERVER_HOST, CI_SERVER_PROTOCOL, CONFIG_PATH, CONTAINER_FILE, - COSIGN_PATH, COSIGN_PRIVATE_KEY, GITHUB_REPOSITORY_OWNER, GITHUB_TOKEN, - GITHUB_TOKEN_ISSUER_URL, GITHUB_WORKFLOW_REF, GITIGNORE_PATH, LABELED_ERROR_MESSAGE, - NO_LABEL_ERROR_MESSAGE, RECIPE_FILE, RECIPE_PATH, SIGSTORE_ID_TOKEN, + ARCHIVE_SUFFIX, BB_PASSWORD, BB_REGISTRY, BB_REGISTRY_NAMESPACE, BB_USERNAME, BUILD_ID_LABEL, + CI_DEFAULT_BRANCH, CI_PROJECT_NAME, CI_PROJECT_NAMESPACE, CI_PROJECT_URL, CI_REGISTRY, + CI_SERVER_HOST, CI_SERVER_PROTOCOL, CONFIG_PATH, CONTAINER_FILE, COSIGN_PATH, + COSIGN_PRIVATE_KEY, GITHUB_REPOSITORY_OWNER, GITHUB_TOKEN, GITHUB_TOKEN_ISSUER_URL, + GITHUB_WORKFLOW_REF, GITIGNORE_PATH, LABELED_ERROR_MESSAGE, NO_LABEL_ERROR_MESSAGE, + RECIPE_FILE, RECIPE_PATH, SIGSTORE_ID_TOKEN, }; use clap::Args; use colored::Colorize; @@ -20,7 +21,7 @@ use typed_builder::TypedBuilder; use crate::{ commands::generate::GenerateCommand, - credentials, + credentials::{self, Credentials}, drivers::{ opts::{BuildTagPushOpts, CompressionType, GetMetadataOpts}, Driver, @@ -78,26 +79,26 @@ pub struct BuildCommand { archive: Option, /// The registry's domain name. - #[arg(long)] + #[arg(long, env = BB_REGISTRY)] #[builder(default, setter(into, strip_option))] registry: Option, /// The url path to your base /// project images. - #[arg(long)] + #[arg(long, env = BB_REGISTRY_NAMESPACE)] #[builder(default, setter(into, strip_option))] #[arg(visible_alias("registry-path"))] registry_namespace: Option, /// The username to login to the /// container registry. - #[arg(short = 'U', long)] + #[arg(short = 'U', long, env = BB_USERNAME, hide_env_values = true)] #[builder(default, setter(into, strip_option))] username: Option, /// The password to login to the /// container registry. - #[arg(short = 'P', long)] + #[arg(short = 'P', long, env = BB_PASSWORD, hide_env_values = true)] #[builder(default, setter(into, strip_option))] password: Option, @@ -129,6 +130,8 @@ impl BlueBuildCommand for BuildCommand { check_cosign_files()?; } + Self::login()?; + // Check if the Containerfile exists // - If doesn't => *Build* // - If it does: @@ -213,10 +216,6 @@ impl BuildCommand { let tags = recipe.generate_tags(os_version); let image_name = self.generate_full_image_name(&recipe)?; - if self.push { - Self::login()?; - } - let opts = if let Some(archive_dir) = self.archive.as_ref() { BuildTagPushOpts::builder() .archive_path(format!( @@ -253,32 +252,31 @@ impl BuildCommand { trace!("BuildCommand::login()"); info!("Attempting to login to the registry"); - let credentials = credentials::get()?; - - let (registry, username, password) = ( - &credentials.registry, - &credentials.username, - &credentials.password, - ); - - info!("Logging into the registry, {registry}"); - Driver::get_build_driver().login()?; - - trace!("cosign login -u {username} -p [MASKED] {registry}"); - let login_output = Command::new("cosign") - .arg("login") - .arg("-u") - .arg(username) - .arg("-p") - .arg(password) - .arg(registry) - .output()?; - - if !login_output.status.success() { - let err_output = String::from_utf8_lossy(&login_output.stderr); - bail!("Failed to login for cosign: {err_output}"); + if let Some(Credentials { + registry, + username, + password, + }) = credentials::get() + { + info!("Logging into the registry, {registry}"); + Driver::get_build_driver().login()?; + + trace!("cosign login -u {username} -p [MASKED] {registry}"); + let login_output = Command::new("cosign") + .arg("login") + .arg("-u") + .arg(username) + .arg("-p") + .arg(password) + .arg(registry) + .output()?; + + if !login_output.status.success() { + let err_output = String::from_utf8_lossy(&login_output.stderr); + bail!("Failed to login for cosign: {err_output}"); + } + info!("Login success at {registry}"); } - info!("Login success at {registry}"); Ok(()) } diff --git a/src/credentials.rs b/src/credentials.rs index 330d62f1..c7cdf087 100644 --- a/src/credentials.rs +++ b/src/credentials.rs @@ -128,9 +128,7 @@ pub fn set_user_creds( /// /// # Errors /// Will error if there aren't any credentials available. -pub fn get() -> Result<&'static Credentials> { +pub fn get() -> Option<&'static Credentials> { trace!("credentials::get()"); - ENV_CREDENTIALS - .as_ref() - .ok_or_else(|| anyhow!("No credentials available")) + ENV_CREDENTIALS.as_ref() } diff --git a/src/drivers/buildah_driver.rs b/src/drivers/buildah_driver.rs index 0850ddb1..2acbcbca 100644 --- a/src/drivers/buildah_driver.rs +++ b/src/drivers/buildah_driver.rs @@ -5,7 +5,7 @@ use log::{error, info, trace}; use semver::Version; use serde::Deserialize; -use crate::credentials; +use crate::credentials::{self, Credentials}; use super::{ opts::{BuildOpts, PushOpts, TagOpts}, @@ -109,22 +109,26 @@ impl BuildDriver for BuildahDriver { fn login(&self) -> Result<()> { trace!("BuildahDriver::login()"); - let (registry, username, password) = - credentials::get().map(|c| (&c.registry, &c.username, &c.password))?; - - trace!("buildah login -u {username} -p [MASKED] {registry}"); - let output = Command::new("buildah") - .arg("login") - .arg("-u") - .arg(username) - .arg("-p") - .arg(password) - .arg(registry) - .output()?; - - if !output.status.success() { - let err_out = String::from_utf8_lossy(&output.stderr); - bail!("Failed to login for buildah: {err_out}"); + if let Some(Credentials { + registry, + username, + password, + }) = credentials::get() + { + trace!("buildah login -u {username} -p [MASKED] {registry}"); + let output = Command::new("buildah") + .arg("login") + .arg("-u") + .arg(username) + .arg("-p") + .arg(password) + .arg(registry) + .output()?; + + if !output.status.success() { + let err_out = String::from_utf8_lossy(&output.stderr); + bail!("Failed to login for buildah: {err_out}"); + } } Ok(()) } diff --git a/src/drivers/docker_driver.rs b/src/drivers/docker_driver.rs index 8b1520a4..8a99c45d 100644 --- a/src/drivers/docker_driver.rs +++ b/src/drivers/docker_driver.rs @@ -13,7 +13,7 @@ use once_cell::sync::Lazy; use semver::Version; use serde::Deserialize; -use crate::image_metadata::ImageMetadata; +use crate::{credentials::Credentials, image_metadata::ImageMetadata}; use super::{ credentials, @@ -169,22 +169,26 @@ impl BuildDriver for DockerDriver { fn login(&self) -> Result<()> { trace!("DockerDriver::login()"); - let (registry, username, password) = - credentials::get().map(|c| (&c.registry, &c.username, &c.password))?; - - trace!("docker login -u {username} -p [MASKED] {registry}"); - let output = Command::new("docker") - .arg("login") - .arg("-u") - .arg(username) - .arg("-p") - .arg(password) - .arg(registry) - .output()?; + if let Some(Credentials { + registry, + username, + password, + }) = credentials::get() + { + trace!("docker login -u {username} -p [MASKED] {registry}"); + let output = Command::new("docker") + .arg("login") + .arg("-u") + .arg(username) + .arg("-p") + .arg(password) + .arg(registry) + .output()?; - if !output.status.success() { - let err_out = String::from_utf8_lossy(&output.stderr); - bail!("Failed to login for docker: {err_out}"); + if !output.status.success() { + let err_out = String::from_utf8_lossy(&output.stderr); + bail!("Failed to login for docker: {err_out}"); + } } Ok(()) } diff --git a/src/drivers/podman_driver.rs b/src/drivers/podman_driver.rs index 220199ef..2eb028b0 100644 --- a/src/drivers/podman_driver.rs +++ b/src/drivers/podman_driver.rs @@ -6,7 +6,7 @@ use log::{debug, error, info, trace}; use semver::Version; use serde::Deserialize; -use crate::image_metadata::ImageMetadata; +use crate::{credentials::Credentials, image_metadata::ImageMetadata}; use super::{ credentials, @@ -120,22 +120,26 @@ impl BuildDriver for PodmanDriver { fn login(&self) -> Result<()> { trace!("PodmanDriver::login()"); - let (registry, username, password) = - credentials::get().map(|c| (&c.registry, &c.username, &c.password))?; - - trace!("podman login -u {username} -p [MASKED] {registry}"); - let output = Command::new("podman") - .arg("login") - .arg("-u") - .arg(username) - .arg("-p") - .arg(password) - .arg(registry) - .output()?; - - if !output.status.success() { - let err_out = String::from_utf8_lossy(&output.stderr); - bail!("Failed to login for podman: {err_out}"); + if let Some(Credentials { + registry, + username, + password, + }) = credentials::get() + { + trace!("podman login -u {username} -p [MASKED] {registry}"); + let output = Command::new("podman") + .arg("login") + .arg("-u") + .arg(username) + .arg("-p") + .arg(password) + .arg(registry) + .output()?; + + if !output.status.success() { + let err_out = String::from_utf8_lossy(&output.stderr); + bail!("Failed to login for podman: {err_out}"); + } } Ok(()) } diff --git a/utils/Cargo.toml b/utils/Cargo.toml index dd3ec1c9..df878121 100644 --- a/utils/Cargo.toml +++ b/utils/Cargo.toml @@ -17,6 +17,7 @@ which = "6" anyhow.workspace = true chrono.workspace = true +clap = { workspace = true, features = ["derive"] } colored.workspace = true env_logger.workspace = true format_serde_error.workspace = true @@ -25,10 +26,6 @@ serde.workspace = true serde_yaml.workspace = true serde_json.workspace = true -[dependencies.clap] -workspace = true -features = ["derive"] - [build-dependencies] syntect = "5.2.0" diff --git a/utils/src/constants.rs b/utils/src/constants.rs index 4eb7dc1a..a4a5cf93 100644 --- a/utils/src/constants.rs +++ b/utils/src/constants.rs @@ -17,6 +17,10 @@ pub const IMAGE_VERSION_LABEL: &str = "org.opencontainers.image.version"; // BlueBuild vars pub const BB_BUILDKIT_CACHE_GHA: &str = "BB_BUILDKIT_CACHE_GHA"; +pub const BB_PASSWORD: &str = "BB_PASSWORD"; +pub const BB_REGISTRY: &str = "BB_REGISTRY"; +pub const BB_REGISTRY_NAMESPACE: &str = "BB_REGISTRY_NAMESPACE"; +pub const BB_USERNAME: &str = "BB_USERNAME"; // Docker vars pub const DOCKER_HOST: &str = "DOCKER_HOST";