included secretName

2025-12-17 18:26:44 +00:00 · 2022-10-21 16:56:30 +02:00
parent 11de25a121
commit e33f331739
4 changed files with 76 additions and 34 deletions
--- a/packages/k8s/src/k8s/index.ts
+++ b/packages/k8s/src/k8s/index.ts
@@ -23,7 +23,8 @@ import {
  localRegistryHost,
  localRegistryPort,
  remoteRegistryHost,
-  remoteRegistryHandle
+  remoteRegistryHandle,
+  remoteRegistrySecretName
 } from './settings'

 export * from './settings'
@@ -484,6 +485,7 @@ export async function containerBuild(
 ): Promise<string> {
  let kanikoRegistry = ''
  let pullRegistry = ''
+  let secretName: string | undefined = undefined
  if (localRegistryHost()) {
    const host = `${localRegistryHost()}.${namespace()}.svc.cluster.local`
    const port = localRegistryPort()
@@ -493,8 +495,10 @@ export async function containerBuild(
  } else {
    kanikoRegistry = `${remoteRegistryHost()}/${remoteRegistryHandle()}/${generateBuildImage()}`
    pullRegistry = kanikoRegistry
+    secretName = remoteRegistrySecretName()
  }
-  const pod = kanikoPod(args.dockerfile, kanikoRegistry)
+
+  const pod = kanikoPod(args.dockerfile, kanikoRegistry, secretName)
  if (!pod.metadata?.name) {
    throw new Error('kaniko pod name is not set')
  }
--- a/packages/k8s/src/k8s/kaniko.ts
+++ b/packages/k8s/src/k8s/kaniko.ts
@@ -17,7 +17,11 @@ function getKanikoName(): string {
  )}-kaniko`
 }

-export function kanikoPod(dockerfile: string, destination: string): k8s.V1Pod {
+export function kanikoPod(
+  dockerfile: string,
+  destination: string,
+  secretName?: string
+): k8s.V1Pod {
  const pod = new k8s.V1Pod()
  pod.apiVersion = 'v1'
  pod.kind = 'Pod'
@@ -62,5 +66,30 @@ export function kanikoPod(dockerfile: string, destination: string): k8s.V1Pod {
      persistentVolumeClaim: { claimName }
    }
  ]
+  if (secretName) {
+    const volumeName = 'docker-registry'
+    pod.spec.volumes.push({
+      name: volumeName,
+      projected: {
+        sources: [
+          {
+            secret: {
+              name: secretName,
+              items: [
+                {
+                  key: '.dockerconfigjson',
+                  path: 'config.json'
+                }
+              ]
+            }
+          }
+        ]
+      }
+    })
+    c.volumeMounts.push({
+      name: volumeName,
+      mountPath: '/kaniko/.docker/'
+    })
+  }
  return pod
 }
--- a/packages/k8s/src/k8s/settings.ts
+++ b/packages/k8s/src/k8s/settings.ts
@@ -61,3 +61,11 @@ export function remoteRegistryHandle(): string {
  }
  throw new Error(`environment variable ${name} is not set`)
 }
+
+export function remoteRegistrySecretName(): string {
+  const name = 'ACTIONS_RUNNER_CONTAINER_HOOKS_REMOTE_REGISTRY_SECRET_NAME'
+  if (process.env[name]) {
+    return process.env[name]
+  }
+  throw new Error(`environment variable ${name} is not set`)
+}
--- a/packages/k8s/tests/run-container-step-test.ts
+++ b/packages/k8s/tests/run-container-step-test.ts
@@ -3,41 +3,41 @@ import { TestHelper } from './test-setup'

 jest.useRealTimers()

-// describe('Run container step with image', () => {
-//   let testHelper: TestHelper
-//   let runContainerStepData: any
+describe('Run container step with image', () => {
+  let testHelper: TestHelper
+  let runContainerStepData: any

-//   beforeEach(async () => {
-//     testHelper = new TestHelper()
-//     await testHelper.initialize()
-//     runContainerStepData = testHelper.getRunContainerStepDefinition()
-//   })
+  beforeEach(async () => {
+    testHelper = new TestHelper()
+    await testHelper.initialize()
+    runContainerStepData = testHelper.getRunContainerStepDefinition()
+  })

-//   afterEach(async () => {
-//     await testHelper.cleanup()
-//   })
+  afterEach(async () => {
+    await testHelper.cleanup()
+  })

-//   it('should not throw', async () => {
-//     const exitCode = await runContainerStep(runContainerStepData.args)
-//     expect(exitCode).toBe(0)
-//   })
+  it('should not throw', async () => {
+    const exitCode = await runContainerStep(runContainerStepData.args)
+    expect(exitCode).toBe(0)
+  })

-//   it('should fail if the working directory does not exist', async () => {
-//     runContainerStepData.args.workingDirectory = '/foo/bar'
-//     await expect(runContainerStep(runContainerStepData.args)).rejects.toThrow()
-//   })
+  it('should fail if the working directory does not exist', async () => {
+    runContainerStepData.args.workingDirectory = '/foo/bar'
+    await expect(runContainerStep(runContainerStepData.args)).rejects.toThrow()
+  })

-//   it('should shold have env variables available', async () => {
-//     runContainerStepData.args.entryPoint = 'bash'
-//     runContainerStepData.args.entryPointArgs = [
-//       '-c',
-//       "'if [[ -z $NODE_ENV ]]; then exit 1; fi'"
-//     ]
-//     await expect(
-//       runContainerStep(runContainerStepData.args)
-//     ).resolves.not.toThrow()
-//   })
-// })
+  it('should shold have env variables available', async () => {
+    runContainerStepData.args.entryPoint = 'bash'
+    runContainerStepData.args.entryPointArgs = [
+      '-c',
+      "'if [[ -z $NODE_ENV ]]; then exit 1; fi'"
+    ]
+    await expect(
+      runContainerStep(runContainerStepData.args)
+    ).resolves.not.toThrow()
+  })
+})

 describe('run container step with docker build', () => {
  let testHelper: TestHelper
@@ -56,7 +56,8 @@ describe('run container step with docker build', () => {
    const { registryName, localRegistryPort, nodePort } =
      await testHelper.createContainerRegistry()

-    process.env.ACTIONS_RUNNER_CONTAINER_HOOKS_LOCAL_REGISTRY_HOST = registryName
+    process.env.ACTIONS_RUNNER_CONTAINER_HOOKS_LOCAL_REGISTRY_HOST =
+      registryName
    process.env.ACTIONS_RUNNER_CONTAINER_HOOKS_LOCAL_REGISTRY_PORT =
      localRegistryPort.toString()
    process.env.ACTIONS_RUNNER_CONTAINER_HOOKS_LOCAL_REGISTRY_NODE_PORT =