diff --git a/cmd/osbuild-worker/config.go b/cmd/osbuild-worker/config.go index 381ca8f87..19266a713 100644 --- a/cmd/osbuild-worker/config.go +++ b/cmd/osbuild-worker/config.go @@ -50,6 +50,10 @@ type authenticationConfig struct { ClientSecretPath string `toml:"client_secret"` } +type containersConfig struct { + AuthFilePath string `toml:"auth_file_path"` +} + type workerConfig struct { Composer *composerConfig `toml:"composer"` Koji map[string]kojiServerConfig `toml:"koji"` @@ -58,6 +62,7 @@ type workerConfig struct { AWS *awsConfig `toml:"aws"` GenericS3 *genericS3Config `toml:"generic_s3"` Authentication *authenticationConfig `toml:"authentication"` + Containers *containersConfig `toml:"containers"` // default value: /api/worker/v1 BasePath string `toml:"base_path"` DNFJson string `toml:"dnf-json"` diff --git a/cmd/osbuild-worker/jobimpl-container-resolve.go b/cmd/osbuild-worker/jobimpl-container-resolve.go index ca1b6d257..a9be8b231 100644 --- a/cmd/osbuild-worker/jobimpl-container-resolve.go +++ b/cmd/osbuild-worker/jobimpl-container-resolve.go @@ -29,6 +29,7 @@ func (impl *ContainerResolveJobImpl) Run(job worker.Job) error { logWithId.Infof("Resolving containers (%d)", len(args.Specs)) resolver := container.NewResolver(args.Arch) + resolver.AuthFilePath = impl.AuthFilePath for _, s := range args.Specs { resolver.Add(s.Source, s.Name, s.TLSVerify) diff --git a/cmd/osbuild-worker/jobimpl-osbuild.go b/cmd/osbuild-worker/jobimpl-osbuild.go index 17a698a28..e1a80ae51 100644 --- a/cmd/osbuild-worker/jobimpl-osbuild.go +++ b/cmd/osbuild-worker/jobimpl-osbuild.go @@ -41,14 +41,15 @@ type S3Configuration struct { } type OSBuildJobImpl struct { - Store string - Output string - KojiServers map[string]kojiServer - GCPCreds string - AzureCreds *azure.Credentials - AWSCreds string - AWSBucket string - S3Config S3Configuration + Store string + Output string + KojiServers map[string]kojiServer + GCPCreds string + AzureCreds *azure.Credentials + AWSCreds string + AWSBucket string + S3Config S3Configuration + ContainerAuthFile string } // Returns an *awscloud.AWS object with the credentials of the request. If they @@ -306,8 +307,15 @@ func (impl *OSBuildJobImpl) Run(job worker.Job) error { return nil } + var extraEnv []string + if impl.ContainerAuthFile != "" { + extraEnv = []string{ + fmt.Sprintf("REGISTRY_AUTH_FILE=%s", impl.ContainerAuthFile), + } + } + // Run osbuild and handle two kinds of errors - osbuildJobResult.OSBuildOutput, err = osbuild.RunOSBuild(jobArgs.Manifest, impl.Store, outputDirectory, exports, nil, nil, true, os.Stderr) + osbuildJobResult.OSBuildOutput, err = osbuild.RunOSBuild(jobArgs.Manifest, impl.Store, outputDirectory, exports, nil, extraEnv, true, os.Stderr) // First handle the case when "running" osbuild failed if err != nil { osbuildJobResult.JobError = clienterrors.WorkerClientError(clienterrors.ErrorBuildJob, "osbuild build failed") diff --git a/cmd/osbuild-worker/main.go b/cmd/osbuild-worker/main.go index d22d4cb8d..62d5e88a2 100644 --- a/cmd/osbuild-worker/main.go +++ b/cmd/osbuild-worker/main.go @@ -377,6 +377,11 @@ func main() { genericS3SkipSSLVerification = config.GenericS3.SkipSSLVerification } + var containersAuthFilePath string + if config.Containers != nil { + containersAuthFilePath = config.Containers.AuthFilePath + } + // depsolve jobs can be done during other jobs depsolveCtx, depsolveCtxCancel := context.WithCancel(context.Background()) solver := dnfjson.NewBaseSolver(rpmmd_cache) @@ -430,11 +435,17 @@ func main() { CABundle: genericS3CABundle, SkipSSLVerification: genericS3SkipSSLVerification, }, + ContainerAuthFile: containersAuthFilePath, }, worker.JobTypeKojiInit: &KojiInitJobImpl{ KojiServers: kojiServers, }, - worker.JobTypeKojiFinalize: &KojiFinalizeJobImpl{}, + worker.JobTypeKojiFinalize: &KojiFinalizeJobImpl{ + KojiServers: kojiServers, + }, + worker.JobTypeContainerResolve: &ContainerResolveJobImpl{ + AuthFilePath: containersAuthFilePath, + }, } acceptedJobTypes := []string{}