51 lines
2.0 KiB
PHP
51 lines
2.0 KiB
PHP
<?php
|
|
|
|
namespace App\Services\Registries;
|
|
|
|
use App\Models\Registry;
|
|
|
|
class RegistryDockerAuthScript
|
|
{
|
|
/**
|
|
* @return array{script: string, secrets: array<string, string>}
|
|
*/
|
|
public function forBuild(Registry $registry, string $user = 'keystone'): array
|
|
{
|
|
return $this->forCredential($registry, 'build', $user);
|
|
}
|
|
|
|
/**
|
|
* @return array{script: string, secrets: array<string, string>}
|
|
*/
|
|
public function forRuntime(Registry $registry, string $user = 'keystone'): array
|
|
{
|
|
return $this->forCredential($registry, 'runtime', $user);
|
|
}
|
|
|
|
/**
|
|
* @return array{script: string, secrets: array<string, string>}
|
|
*/
|
|
private function forCredential(Registry $registry, string $scope, string $user): array
|
|
{
|
|
$credentials = $registry->credentials ?? [];
|
|
$username = (string) ($credentials[$scope.'_username'] ?? $credentials['username'] ?? '');
|
|
$password = (string) ($credentials[$scope.'_password'] ?? $credentials['password'] ?? '');
|
|
$home = $user === 'root' ? '/root' : '/home/'.$user;
|
|
$registryHost = rtrim((string) preg_replace('#^https?://#', '', (string) $registry->url), '/');
|
|
|
|
return [
|
|
'script' => implode("\n", [
|
|
'set -euo pipefail',
|
|
'install -d -m 700 -o '.escapeshellarg($user).' -g '.escapeshellarg($user).' '.escapeshellarg($home.'/.docker'),
|
|
'export DOCKER_CONFIG='.escapeshellarg($home.'/.docker'),
|
|
'printf %s '.escapeshellarg('[!registry_password_base64!]').' | base64 -d | docker login '.escapeshellarg($registryHost).' --username '.escapeshellarg($username).' --password-stdin >/dev/null',
|
|
'chown '.escapeshellarg($user.':'.$user).' '.escapeshellarg($home.'/.docker/config.json'),
|
|
'chmod 600 '.escapeshellarg($home.'/.docker/config.json'),
|
|
]),
|
|
'secrets' => [
|
|
'registry_password_base64' => base64_encode($password),
|
|
],
|
|
];
|
|
}
|
|
}
|