Skip to content

Commit 70b21d8

Browse files
jmgilmanjmgilman
committed
chore: adds docker provider support
1 parent a233b20 commit 70b21d8

File tree

3 files changed

+91
-10
lines changed

3 files changed

+91
-10
lines changed

blueprint.cue

+16
Original file line numberDiff line numberDiff line change
@@ -5,5 +5,21 @@ ci: {
55
region: "eu-central-1"
66
role: "arn:aws:iam::332405224602:role/ci"
77
}
8+
docker: {
9+
credentials: {
10+
provider: "aws"
11+
path: "global/ci/docker"
12+
maps: {
13+
usernames: "username"
14+
passwords: "password"
15+
}
16+
}
17+
}
18+
earthly: {
19+
credentials: {
20+
provider: "aws"
21+
path: "global/ci/earthly"
22+
}
23+
}
824
}
925
}

forge/actions/setup/action.yml

+38-10
Original file line numberDiff line numberDiff line change
@@ -32,24 +32,52 @@ runs:
3232
run: |
3333
earthly --artifact ./forge/cli+build/forge /usr/local/bin/forge
3434
35-
- name: Get provider configuration
36-
id: provider
35+
# AWS Provider
36+
- name: Get AWS provider configuration
37+
id: aws
3738
shell: bash
3839
run: |
3940
BP=$(forge blueprint dump .)
4041
4142
AWS=$(echo "$BP" | jq -r .ci.providers.aws)
4243
if [[ "$AWS" != "null" ]]; then
43-
AWS_REGION=$(echo "$BP" | jq -r .ci.providers.aws.region)
44-
AWS_ROLE=$(echo "$BP" | jq -r .ci.providers.aws.role)
44+
REGION=$(echo "$BP" | jq -r .ci.providers.aws.region)
45+
ROLE=$(echo "$BP" | jq -r .ci.providers.aws.role)
4546
fi
4647
47-
echo "aws_region=$AWS_REGION" >> $GITHUB_OUTPUT
48-
echo "aws_role=$AWS_ROLE" >> $GITHUB_OUTPUT
49-
48+
echo "region=$REGION" >> $GITHUB_OUTPUT
49+
echo "role=$ROLE" >> $GITHUB_OUTPUT
5050
- name: Configure AWS
5151
uses: aws-actions/configure-aws-credentials@v4
52-
if: ${{ steps.provider.outputs.aws_region != '' && steps.provider.outputs.aws_role != '' }}
52+
if: ${{ steps.aws.outputs.region != '' && steps.aws.outputs.role != '' }}
53+
with:
54+
aws-region: ${{ steps.aws.outputs.region }}
55+
role-to-assume: ${{ steps.aws.outputs.role }}
56+
57+
# Docker Provider
58+
- name: Get Docker provider configuration
59+
id: docker
60+
shell: bash
61+
run: |
62+
BP=$(forge blueprint dump .)
63+
64+
DOCKER=$(echo "$BP" | jq -r .ci.providers.docker.credentials)
65+
if [[ "$DOCKER" != "null" ]]; then
66+
SECRET=$(forge secret get -b . ci.providers.docker.credentials)
67+
USERNAME=$(echo "$SECRET" | jq -r .username)
68+
PASSWORD=$(echo "$SECRET" | jq -r .password)
69+
70+
if [[ "$USERNAME" == "null" || "$PASSWORD" == "null"]]; then
71+
echo "Error: the docker provider secret must map secret values to 'username' and 'password'"
72+
exit 1
73+
fi
74+
fi
75+
76+
echo "username=$USERNAME" >> $GITHUB_OUTPUT
77+
echo "password=$PASSWORD" >> $GITHUB_OUTPUT
78+
- name: Login to Docker Hub
79+
uses: docker/login-action@v3
80+
if: ${{ steps.docker.outputs.username != '' && steps.docker.outputs.password != '' }}
5381
with:
54-
aws-region: ${{ steps.provider.outputs.aws_region }}
55-
role-to-assume: ${{ steps.provider.outputs.aws_role }}
82+
username: ${{ steps.docker.outputs.username }}
83+
password: ${{ steps.docker.outputs.password }}

forge/cli/cmd/cmds/secret.go

+37
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@ type SecretCmd struct {
3838

3939
func (c *Get) Run(logger *slog.Logger) error {
4040
var path, provider string
41+
var maps map[string]string
4142

4243
if c.Blueprint != "" {
4344
loader := loader.NewDefaultBlueprintLoader(c.Blueprint, logger)
@@ -56,9 +57,16 @@ func (c *Get) Run(logger *slog.Logger) error {
5657
path = *secret.Path
5758
provider = *secret.Provider
5859
}
60+
61+
if len(secret.Maps) > 0 {
62+
maps = secret.Maps
63+
} else {
64+
maps = make(map[string]string)
65+
}
5966
} else {
6067
path = c.Path
6168
provider = c.Provider
69+
maps = make(map[string]string)
6270
}
6371

6472
store := secrets.NewDefaultSecretStore()
@@ -73,6 +81,35 @@ func (c *Get) Run(logger *slog.Logger) error {
7381
return fmt.Errorf("could not get secret: %w", err)
7482
}
7583

84+
if len(maps) > 0 {
85+
mappedSecret := make(map[string]string)
86+
m := make(map[string]string)
87+
88+
if err := json.Unmarshal([]byte(s), &m); err != nil {
89+
return err
90+
}
91+
92+
for k, v := range maps {
93+
if _, ok := m[v]; !ok {
94+
return fmt.Errorf("key %s not found in secret at %s", v, path)
95+
}
96+
97+
mappedSecret[k] = m[v]
98+
}
99+
100+
if c.Key != "" {
101+
if _, ok := mappedSecret[c.Key]; !ok {
102+
return fmt.Errorf("key %s not found in mapped secret at %s", c.Key, path)
103+
}
104+
105+
fmt.Println(mappedSecret[c.Key])
106+
return nil
107+
} else {
108+
printJson(mappedSecret, false)
109+
return nil
110+
}
111+
}
112+
76113
if c.Key != "" {
77114
m := make(map[string]string)
78115

0 commit comments

Comments
 (0)