} */ public function forBuild(Registry $registry, string $user = 'keystone'): array { return $this->forCredential($registry, 'build', $user); } /** * @return array{script: string, secrets: array} */ public function forRuntime(Registry $registry, string $user = 'keystone'): array { return $this->forCredential($registry, 'runtime', $user); } /** * @return array{script: string, secrets: array} */ private function forCredential(Registry $registry, string $scope, string $user): array { $credentials = $registry->credentials ?? []; $username = (string) ($credentials[$scope.'_username'] ?? $credentials['username'] ?? ''); $password = (string) ($credentials[$scope.'_password'] ?? $credentials['password'] ?? ''); $home = $user === 'root' ? '/root' : '/home/'.$user; $registryHost = rtrim((string) preg_replace('#^https?://#', '', (string) $registry->url), '/'); return [ 'script' => implode("\n", [ 'set -euo pipefail', 'install -d -m 700 -o '.escapeshellarg($user).' -g '.escapeshellarg($user).' '.escapeshellarg($home.'/.docker'), 'export DOCKER_CONFIG='.escapeshellarg($home.'/.docker'), 'printf %s '.escapeshellarg('[!registry_password_base64!]').' | base64 -d | docker login '.escapeshellarg($registryHost).' --username '.escapeshellarg($username).' --password-stdin >/dev/null', 'chown '.escapeshellarg($user.':'.$user).' '.escapeshellarg($home.'/.docker/config.json'), 'chmod 600 '.escapeshellarg($home.'/.docker/config.json'), ]), 'secrets' => [ 'registry_password_base64' => base64_encode($password), ], ]; } }