Container auth from opctl

Author: Chris Dostert

CHANGELOG.md

@@ -9,11 +9,12 @@ All notable changes will be documented in this file in accordance with
 
 ### Added
 
+- Ability to push built image to remote repositories via `isPushEnabled` and `namesCsv` inputs
 - Support for building multi-platform images via `platformsCsv` input
 
 ### Changed
 
-- Authentication configuration is now provided via `authConfig` (in the same format as dockers config.json) in order to ease usage for docker users.
+- `cacheDir` renamed to `cache` for consistency
 
 ## \[1.3.0] - 2024-05-27
 

README.md

@@ -28,11 +28,13 @@ op:
   inputs:
     instructions:  # 👈 required; provide a value
   ## uncomment to override defaults
-  #   authConfig: [object Object]
-  #   cacheDir: /default_cache
+  #   cache: /default_cache
   #   context: /default_context
   #   contextIgnore: /default_context_ignore
+  #   isPushEnabled: false
+  #   namesCsv: ""
   #   platformsCsv: ""
+  #   registryCreds: $(opctl://./secrets/docker.io)
   outputs:
     image:
 ```

op.yml

@@ -1,41 +1,48 @@
 description: Builds an open container initiative (OCI) image
 name: github.com/opspec-pkgs/opencontainers.image.build
 inputs:
-  authConfig:
-    object:
-      default: {}
+  registryCreds:
+    array:
+      default:
+        - $(opctl://./secrets/docker.io)
       description: |
-        Auth config for image registries; same format as a docker config.json
-
-        Note that when using docker and a credential helper (e.g. the default with macOS docker desktop) ~/.docker/config.json will not directly contain credentials. If you need to provide auth in this case, you'll need to generate a configuration file with base64 encoded credentials. See https://github.com/docker/for-mac/issues/4100 for more discussion on the format of this file.
-      constraints:
-        properties:
-          auths:
-            type: object
-            description: |
-              Keys are registry hostname/urls and values contain authentication information
-            additionalProperties:
-              type: object
-              properties:
-                auth:
-                  description: Base64 encoded string of the format `{username}:{password}`
-                  type: string
-                  format: base64
-  cacheDir:
+        creds for image registries e.g. `["username": "xx", "password": "yy", "registry": "https://index.docker.io/v1/"]`
+      constraints: 
+        items:
+          type: object
+          properties:
+            username:
+              type: string
+            password:
+              type: string
+            registry:
+              type: string
+  cache:
     dir:
       default: /default_cache
-      description: directory used to cache images/layers across runs. Must be formatted as an [image-layout](https://github.com/opencontainers/image-spec/blob/v1.0.1/image-layout.md)
+      description: Directory used to cache images/layers across runs. Must be formatted as an [image-layout](https://github.com/opencontainers/image-spec/blob/v1.0.1/image-layout.md)
   context:
     dir:
-      description: context for build
+      description: Context for build
       default: /default_context
   contextIgnore:
     file:
-      description: context ignore rules in the format of a .gitignore/.dockerignore
+      description: Context ignore rules in the format of a .gitignore/.dockerignore
       default: /default_context_ignore
   instructions:
     file:
-      description: build instructions in the format of a Containerfile/Dockerfile
+      description: Build instructions in the format of a Containerfile/Dockerfile
+  isPushEnabled:
+    boolean:
+      default: false
+      description: Whether to push the named images (to remote registries) after they're created
+  namesCsv:
+    string:
+      default: ''
+      description: |
+        Names the image will be tagged with in the form of comma separated "[registry/][username/][repository/][:tag]"
+        
+        e.g. 'docker.io/my-org-name/my-repo-name:my-image-tag'
   platformsCsv:
     string:
       default: ''
@@ -49,35 +56,33 @@ outputs:
     dir:
       description: image in form of [v1.0.1 OCI (Open Container Initiative) `image-layout`](https://github.com/opencontainers/image-spec/blob/v1.0.1/image-layout.md)
 run:
-  serial:
-  - op:
-      ref: github.com/opspec-pkgs/docker.config.clean#1.1.0
-      inputs:
-        dockerConfig: $(authConfig)
-      outputs:
-        dockerConfigCleaned: $(authConfig)
-  - container:
-      cmd:
-        - sh
-        - -ce
-        - >
-          buildctl-daemonless.sh
-          build
-          --frontend dockerfile.v0
-          --local context=/buildContext
-          --local dockerfile=/
-          --output type=oci,tar=false,dest=/image
-          --import-cache type=local,src=/cacheDir
-          --export-cache type=local,dest=/cacheDir,mode=max
-          --opt platform=$(platformsCsv)
-      dirs:
-        /buildContext: $(context)
-        /cacheDir: $(cacheDir)
-        /image: $(image)
-      files:
-        /root/.docker/config.json: $(authConfig)
-        /Dockerfile: $(instructions)
-        /Dockerfile.dockerignore: $(contextIgnore)
-      image:
-        ref: moby/buildkit:master
+  container:
+    cmd:
+      - sh
+      - -ce
+      - 
+        /setAuths &&
+
+        buildctl-daemonless.sh
+        build
+        --frontend dockerfile.v0
+        --local context=/context
+        --local dockerfile=/
+        --import-cache type=local,src=/cache
+        --export-cache type=local,dest=/cache,mode=max
+        --opt platform=$(platformsCsv)
+        --output type=image,name=$(namesCsv),push=$(isPushEnabled)
+        --output type=oci,'name=$(namesCsv)',tar=false,dest=/image
+    dirs:
+      /context: $(context)
+      /cache: $(cache)
+      /image: $(image)     
+    envVars:
+      registryCreds:
+    files:
+      /Dockerfile: $(instructions)
+      /Dockerfile.dockerignore: $(contextIgnore)
+      /setAuths:
+    image:
+      ref: moby/buildkit:latest
 version: 2.0.0