From e33f331739996107669d9b8f9599ffef0f2b4b14 Mon Sep 17 00:00:00 2001 From: Nikola Jokic Date: Fri, 21 Oct 2022 16:56:30 +0200 Subject: [PATCH] included secretName --- packages/k8s/src/k8s/index.ts | 8 ++- packages/k8s/src/k8s/kaniko.ts | 31 ++++++++- packages/k8s/src/k8s/settings.ts | 8 +++ packages/k8s/tests/run-container-step-test.ts | 63 ++++++++++--------- 4 files changed, 76 insertions(+), 34 deletions(-) diff --git a/packages/k8s/src/k8s/index.ts b/packages/k8s/src/k8s/index.ts index 9e492c8..27c4bc0 100644 --- a/packages/k8s/src/k8s/index.ts +++ b/packages/k8s/src/k8s/index.ts @@ -23,7 +23,8 @@ import { localRegistryHost, localRegistryPort, remoteRegistryHost, - remoteRegistryHandle + remoteRegistryHandle, + remoteRegistrySecretName } from './settings' export * from './settings' @@ -484,6 +485,7 @@ export async function containerBuild( ): Promise { let kanikoRegistry = '' let pullRegistry = '' + let secretName: string | undefined = undefined if (localRegistryHost()) { const host = `${localRegistryHost()}.${namespace()}.svc.cluster.local` const port = localRegistryPort() @@ -493,8 +495,10 @@ export async function containerBuild( } else { kanikoRegistry = `${remoteRegistryHost()}/${remoteRegistryHandle()}/${generateBuildImage()}` pullRegistry = kanikoRegistry + secretName = remoteRegistrySecretName() } - const pod = kanikoPod(args.dockerfile, kanikoRegistry) + + const pod = kanikoPod(args.dockerfile, kanikoRegistry, secretName) if (!pod.metadata?.name) { throw new Error('kaniko pod name is not set') } diff --git a/packages/k8s/src/k8s/kaniko.ts b/packages/k8s/src/k8s/kaniko.ts index aaf1909..f594514 100644 --- a/packages/k8s/src/k8s/kaniko.ts +++ b/packages/k8s/src/k8s/kaniko.ts @@ -17,7 +17,11 @@ function getKanikoName(): string { )}-kaniko` } -export function kanikoPod(dockerfile: string, destination: string): k8s.V1Pod { +export function kanikoPod( + dockerfile: string, + destination: string, + secretName?: string +): k8s.V1Pod { const pod = new k8s.V1Pod() pod.apiVersion = 'v1' pod.kind = 'Pod' @@ -62,5 +66,30 @@ export function kanikoPod(dockerfile: string, destination: string): k8s.V1Pod { persistentVolumeClaim: { claimName } } ] + if (secretName) { + const volumeName = 'docker-registry' + pod.spec.volumes.push({ + name: volumeName, + projected: { + sources: [ + { + secret: { + name: secretName, + items: [ + { + key: '.dockerconfigjson', + path: 'config.json' + } + ] + } + } + ] + } + }) + c.volumeMounts.push({ + name: volumeName, + mountPath: '/kaniko/.docker/' + }) + } return pod } diff --git a/packages/k8s/src/k8s/settings.ts b/packages/k8s/src/k8s/settings.ts index c8b96da..d6420db 100644 --- a/packages/k8s/src/k8s/settings.ts +++ b/packages/k8s/src/k8s/settings.ts @@ -61,3 +61,11 @@ export function remoteRegistryHandle(): string { } throw new Error(`environment variable ${name} is not set`) } + +export function remoteRegistrySecretName(): string { + const name = 'ACTIONS_RUNNER_CONTAINER_HOOKS_REMOTE_REGISTRY_SECRET_NAME' + if (process.env[name]) { + return process.env[name] + } + throw new Error(`environment variable ${name} is not set`) +} diff --git a/packages/k8s/tests/run-container-step-test.ts b/packages/k8s/tests/run-container-step-test.ts index 4a006f2..349c05a 100644 --- a/packages/k8s/tests/run-container-step-test.ts +++ b/packages/k8s/tests/run-container-step-test.ts @@ -3,41 +3,41 @@ import { TestHelper } from './test-setup' jest.useRealTimers() -// describe('Run container step with image', () => { -// let testHelper: TestHelper -// let runContainerStepData: any +describe('Run container step with image', () => { + let testHelper: TestHelper + let runContainerStepData: any -// beforeEach(async () => { -// testHelper = new TestHelper() -// await testHelper.initialize() -// runContainerStepData = testHelper.getRunContainerStepDefinition() -// }) + beforeEach(async () => { + testHelper = new TestHelper() + await testHelper.initialize() + runContainerStepData = testHelper.getRunContainerStepDefinition() + }) -// afterEach(async () => { -// await testHelper.cleanup() -// }) + afterEach(async () => { + await testHelper.cleanup() + }) -// it('should not throw', async () => { -// const exitCode = await runContainerStep(runContainerStepData.args) -// expect(exitCode).toBe(0) -// }) + it('should not throw', async () => { + const exitCode = await runContainerStep(runContainerStepData.args) + expect(exitCode).toBe(0) + }) -// it('should fail if the working directory does not exist', async () => { -// runContainerStepData.args.workingDirectory = '/foo/bar' -// await expect(runContainerStep(runContainerStepData.args)).rejects.toThrow() -// }) + it('should fail if the working directory does not exist', async () => { + runContainerStepData.args.workingDirectory = '/foo/bar' + await expect(runContainerStep(runContainerStepData.args)).rejects.toThrow() + }) -// it('should shold have env variables available', async () => { -// runContainerStepData.args.entryPoint = 'bash' -// runContainerStepData.args.entryPointArgs = [ -// '-c', -// "'if [[ -z $NODE_ENV ]]; then exit 1; fi'" -// ] -// await expect( -// runContainerStep(runContainerStepData.args) -// ).resolves.not.toThrow() -// }) -// }) + it('should shold have env variables available', async () => { + runContainerStepData.args.entryPoint = 'bash' + runContainerStepData.args.entryPointArgs = [ + '-c', + "'if [[ -z $NODE_ENV ]]; then exit 1; fi'" + ] + await expect( + runContainerStep(runContainerStepData.args) + ).resolves.not.toThrow() + }) +}) describe('run container step with docker build', () => { let testHelper: TestHelper @@ -56,7 +56,8 @@ describe('run container step with docker build', () => { const { registryName, localRegistryPort, nodePort } = await testHelper.createContainerRegistry() - process.env.ACTIONS_RUNNER_CONTAINER_HOOKS_LOCAL_REGISTRY_HOST = registryName + process.env.ACTIONS_RUNNER_CONTAINER_HOOKS_LOCAL_REGISTRY_HOST = + registryName process.env.ACTIONS_RUNNER_CONTAINER_HOOKS_LOCAL_REGISTRY_PORT = localRegistryPort.toString() process.env.ACTIONS_RUNNER_CONTAINER_HOOKS_LOCAL_REGISTRY_NODE_PORT =