keystone/app/Actions/Registries/CreateRegistryAuthOperation.php

<?php

namespace App\Actions\Registries;

use App\Enums\OperationKind;
use App\Enums\OperationStatus;
use App\Models\Operation;
use App\Models\Registry;
use App\Models\Server;
use App\Services\Registries\RegistryDockerAuthScript;
use InvalidArgumentException;

class CreateRegistryAuthOperation
{
    public function __construct(
        private readonly RegistryDockerAuthScript $registryDockerAuthScript,
    ) {}

    public function execute(Registry $registry, Server $server, string $scope): Operation
    {
        $auth = match ($scope) {
            'build' => $this->registryDockerAuthScript->forBuild($registry, 'root'),
            'runtime' => $this->registryDockerAuthScript->forRuntime($registry, 'root'),
            default => throw new InvalidArgumentException('Registry auth scope must be build or runtime.'),
        };

        $operation = $server->operations()->create([
            'kind' => OperationKind::CREDENTIAL_ROTATION,
            'status' => OperationStatus::PENDING,
        ]);

        $operation->steps()->create([
            'name' => 'Configure '.$scope.' registry auth',
            'order' => 1,
            'status' => OperationStatus::PENDING,
            'script' => $auth['script'],
            'secrets' => $auth['secrets'],
        ]);

        return $operation->refresh();
    }
}