feat: add support for gopass as a credential store

[sudoforge]

This change adds support for gopass as a credential store, based on
the pass implementation.

Closes #138
Closes #166

[crazy-max]

Thanks for your contrib, please check CI issues.

Also missing build-gopass make target in build-linux, build-darwin and build-windows stages in the Dockerfile.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 54.88722% with 60 lines in your changes missing coverage. Please review.

Project coverage is 55.21%. Comparing base (6b9df3e) to head (43efb72).

Files	Patch %	Lines
gopass/gopass.go	54.88%	42 Missing and 18 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #268      +/-   ##
==========================================
- Coverage   55.28%   55.21%   -0.08%     
==========================================
  Files           9       10       +1     
  Lines         624      757     +133     
==========================================
+ Hits          345      418      +73     
- Misses        234      276      +42     
- Partials       45       63      +18     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[crazy-max]

Thanks for your contrib, please check CI issues.

@sudoforge ^

[sudoforge]

Thanks for your contrib, please check CI issues.

@sudoforge ^

Yep, I'm aware of this and have a WIP solution that should resolve the build/test matrice failures.

[sudoforge]

sandboxed tests look good. For native ones on GHA we might need #289 first.

i'm not sure #289 resolves the issue we're seeing in the GHA tests. it looks like the pass and gopass tests are cross-pollinating the password store. i think this was due to not initializing gopass with a separate password store like what was being done in the sandboxed tests (the tests that run as part of the container build).

this should be addressed with sudoforge/docker-credential-helpers@4e78793 (the latest push as of this edit)

[sudoforge]

FWIW, i find the lack of a sandboxed test environment for all of the tests a little frustrating: running the test suite locally populates commits in my host machine's password store. this should probably be addressed separately. i'm firmly of the opinion that tests shouldn't have side effects.

[sudoforge]

rebased on top of c842499 (the latest docker/docker-credential-helpers:master as of this writing).

[sudoforge]

Thanks for running the test pipeline. Looks like initialization is failing on ubuntu and macos, and the windows test is failing to initialize for a reason related to the pubkey. I'll take a closer look later today.

[jmacdonald]

It seems like this feature lost steam trying to get the Windows tests passing, but for what it's worth, I'd love to see this merged; gopass support would be a really nice addition!

[sudoforge]

actually, it lost steam to real life, as things seem to often do -- but i'd still love to get this merged as well! i can revisit it this weekend.

[sudoforge]

sudoforge/docker-credential-helpers@0ebbeb8 is a rebase on top of 097f945; this is not expected to pass the entire pipeline -- i'm expecting it to fail on the test (windows-2022) workflow. this will be useful, though, as the logs for the last run in this tree (for sudoforge/docker-credential-helpers@5f7addc) have since expired, preventing me from being able to pick up debugging the error (which i cannot remember).

[sudoforge]

@crazy-max @thaJeztah would it be possible to get the pipelines kicked off for this PR some time this next week? i should only need a maximum of two more runs as far as i can tell:

• one to show me any errors that exist after rebasing, so that i can fix them
• one after fixing them to show that they all pass

i'd greatly appreciate your attention to this, and if there's anything i can do to make this a bit smoother, please let me know.

[sudoforge]

👋 checking in again. can we get the tests executed for this tree?

[sudoforge]

@thaJeztah @crazy-max checking in again.

[sudoforge]

I have created a commit which restricts pipeline steps that upload artifacts and/or consume secrets to this upstream repository, allowing me to enable actions in my fork, so that I can iterate on this freely.

[sudoforge]

The Windows pipeline now passes: https://github.com/sudoforge/docker-credential-helpers/actions/runs/9899993331/job/27349937852

This tree will now pass all of the pipelines. It has (since the last time it was reviewed) received a few changes:

• A second commit was added that restricts the execution of several pipeline steps to this repository (docker/docker-credentials-helper). The commit message contains the full context for why this was done, and given the fact that worklows require maintainer approval in this repository, I think it is something that should make it in-tree. Please let me know if you'd rather have this submitted in a second PR (I'd greatly prefer this if you plan to squash merge this tree; this is a logically independent commit and should not be squashed with the other).

• The commit adding support for gopass also touches the workflow file, namely, enabling the import of the GPG key for the Windows pipeline. This is necessary for the gopass pipeline to succeed.

[sudoforge]

Due to the lack of response from any maintainer, I feel compelled to let people know that they are able to build from my fork and use it, if they desire gopass support. I will keep it up-to-date, and I've enabled issues in it. You are welcome to open issues for gopass, or requests to rebase on top of upstream, explicitly.

I will accept no other contributions to the fork at this point in time.

[jmacdonald]

@sudoforge thank you for chasing this! It's disappointing that it may not get merged in, but I can definitely use your fork. Appreciate the work you've put in here. 🍻