mirror of
https://github.com/drone-plugins/drone-docker.git
synced 2026-06-14 05:13:02 +08:00
ci-9739 - workload identity/OIDC support for GAR/GCR (#413)
* adds support for oidc access tokens gar/gcr
This commit is contained in:
Eoin McAfee
@@ -34,11 +34,12 @@ type (
|
||||
|
||||
// Login defines Docker login parameters.
|
||||
Login struct {
|
||||
Registry string // Docker registry address
|
||||
Username string // Docker registry username
|
||||
Password string // Docker registry password
|
||||
Email string // Docker registry email
|
||||
Config string // Docker Auth Config
|
||||
Registry string // Docker registry address
|
||||
Username string // Docker registry username
|
||||
Password string // Docker registry password
|
||||
Email string // Docker registry email
|
||||
Config string // Docker Auth Config
|
||||
AccessToken string // External Access Token
|
||||
}
|
||||
|
||||
// Build defines Docker build parameters.
|
||||
@@ -113,7 +114,6 @@ type (
|
||||
|
||||
// Exec executes the plugin step
|
||||
func (p Plugin) Exec() error {
|
||||
|
||||
// start the Docker daemon server
|
||||
if !p.Daemon.Disabled {
|
||||
p.startDaemon()
|
||||
@@ -143,6 +143,8 @@ func (p Plugin) Exec() error {
|
||||
fmt.Println("Detected registry credentials")
|
||||
case p.Login.Config != "":
|
||||
fmt.Println("Detected registry credentials file")
|
||||
case p.Login.AccessToken != "":
|
||||
fmt.Println("Detected access token")
|
||||
default:
|
||||
fmt.Println("Registry credentials or Docker config not provided. Guest mode enabled.")
|
||||
}
|
||||
@@ -166,7 +168,18 @@ func (p Plugin) Exec() error {
|
||||
out := string(raw)
|
||||
out = strings.Replace(out, "WARNING! Using --password via the CLI is insecure. Use --password-stdin.", "", -1)
|
||||
fmt.Println(out)
|
||||
return fmt.Errorf("Error authenticating: exit status 1")
|
||||
return fmt.Errorf("error authenticating: exit status 1")
|
||||
}
|
||||
} else if p.Login.AccessToken != "" {
|
||||
cmd := commandLoginAccessToken(p.Login, p.Login.AccessToken)
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
return fmt.Errorf("error logging in to Docker registry: %s", err)
|
||||
}
|
||||
if strings.Contains(string(output), "Login Succeeded") {
|
||||
fmt.Println("Login successful")
|
||||
} else {
|
||||
return fmt.Errorf("login did not succeed")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -270,6 +283,17 @@ func commandLogin(login Login) *exec.Cmd {
|
||||
)
|
||||
}
|
||||
|
||||
func commandLoginAccessToken(login Login, accessToken string) *exec.Cmd {
|
||||
cmd := exec.Command(dockerExe,
|
||||
"login",
|
||||
"-u",
|
||||
"oauth2accesstoken",
|
||||
"--password-stdin",
|
||||
login.Registry)
|
||||
cmd.Stdin = strings.NewReader(accessToken)
|
||||
return cmd
|
||||
}
|
||||
|
||||
// helper to check if args match "docker pull <image>"
|
||||
func isCommandPull(args []string) bool {
|
||||
return len(args) > 2 && args[1] == "pull"
|
||||
|
||||
Reference in New Issue
Block a user