particle-os/particle-os-cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: Add ability to mount secrets

Browse source
This commit is contained in:
Gerald Pinder 2025-07-13 11:41:42 -04:00
parent 22ef8392b7
commit 4fabd3e5db
27 changed files with 463 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/commands/build.rs
View file

@ -14,8 +14,8 @@ use blue_build_process_management::{
use blue_build_recipe::Recipe;
use blue_build_utils::{
constants::{
ARCHIVE_SUFFIX, BB_REGISTRY_NAMESPACE, CONFIG_PATH, CONTAINER_FILE, RECIPE_FILE,
RECIPE_PATH,
ARCHIVE_SUFFIX, BB_REGISTRY_NAMESPACE, BB_SKIP_VALIDATION, CONFIG_PATH, CONTAINER_FILE,
RECIPE_FILE, RECIPE_PATH,
},
cowstr,
credentials::{Credentials, CredentialsArgs},
@ -135,6 +135,11 @@ pub struct BuildCommand {
#[arg(long, env = blue_build_utils::constants::BB_CACHE_LAYERS)]
cache_layers: bool,
/// Skips validation of the recipe file.
#[arg(long, env = BB_SKIP_VALIDATION)]
#[builder(default)]
skip_validation: bool,
#[clap(flatten)]
#[builder(default)]
credentials: CredentialsArgs,
@ -192,6 +197,7 @@ impl BlueBuildCommand for BuildCommand {
} else {
PathBuf::from(CONTAINER_FILE)
}))
.skip_validation(self.skip_validation)
.platform(self.platform)
.recipe(recipe)
.drivers(self.drivers)
@ -286,6 +292,7 @@ impl BuildCommand {
.squash(self.squash)
.maybe_cache_from(cache_image.as_ref())
.maybe_cache_to(cache_image.as_ref())
.secrets(recipe.get_secrets())
.build()
},
|archive_dir| {
@ -300,6 +307,7 @@ impl BuildCommand {
.squash(self.squash)
.maybe_cache_from(cache_image.as_ref())
.maybe_cache_to(cache_image.as_ref())
.secrets(recipe.get_secrets())
.build()
},
))?
@ -368,6 +376,7 @@ impl BuildCommand {
.clear_plan(self.rechunk_clear_plan)
.maybe_cache_from(cache_image)
.maybe_cache_to(cache_image)
.secrets(recipe.get_secrets())
.build(),
)
}

20
src/commands/generate.rs
View file

@ -1,5 +1,6 @@
use std::{
env,
ops::Not,
path::{Path, PathBuf},
};
@ -9,7 +10,9 @@ use blue_build_process_management::drivers::{
use blue_build_recipe::Recipe;
use blue_build_template::{ContainerFileTemplate, Template};
use blue_build_utils::{
constants::{BUILD_SCRIPTS_IMAGE_REF, CONFIG_PATH, RECIPE_FILE, RECIPE_PATH},
constants::{
BB_SKIP_VALIDATION, BUILD_SCRIPTS_IMAGE_REF, CONFIG_PATH, RECIPE_FILE, RECIPE_PATH,
},
syntax_highlighting::{self, DefaultThemes},
};
use bon::Builder;
@ -73,6 +76,11 @@ pub struct GenerateCommand {
#[builder(default)]
platform: Platform,
/// Skips validation of the recipe file.
#[arg(long, env = BB_SKIP_VALIDATION)]
#[builder(default)]
skip_validation: bool,
#[clap(flatten)]
#[builder(default)]
drivers: DriverArgs,
@ -101,10 +109,12 @@ impl GenerateCommand {
}
});
ValidateCommand::builder()
.recipe(recipe_path.clone())
.build()
.try_run()?;
if self.skip_validation.not() {
ValidateCommand::builder()
.recipe(recipe_path.clone())
.build()
.try_run()?;
}
let registry = if let (Some(registry), Some(registry_namespace)) =
(&self.registry, &self.registry_namespace)

22
src/commands/generate_iso.rs
View file

@ -4,7 +4,11 @@ use std::{
};
use blue_build_recipe::Recipe;
use blue_build_utils::{constants::ARCHIVE_SUFFIX, string_vec, traits::CowCollecter};
use blue_build_utils::{
constants::{ARCHIVE_SUFFIX, BB_SKIP_VALIDATION},
string_vec,
traits::CowCollecter,
};
use bon::Builder;
use clap::{Args, Subcommand, ValueEnum};
use miette::{Context, IntoDiagnostic, Result, bail};
@ -98,6 +102,10 @@ pub enum GenIsoSubcommand {
/// The path to the recipe file for your image.
#[arg()]
recipe: PathBuf,
/// Skips validation of the recipe file.
#[arg(long, env = BB_SKIP_VALIDATION)]
skip_validation: bool,
},
}
@ -147,11 +155,16 @@ impl BlueBuildCommand for GenerateIsoCommand {
env::current_dir().into_diagnostic()?
};
if let GenIsoSubcommand::Recipe { recipe } = &self.command {
if let GenIsoSubcommand::Recipe {
recipe,
skip_validation,
} = &self.command
{
BuildCommand::builder()
.recipe(vec![recipe.clone()])
.archive(image_out_dir.path())
.maybe_tempdir(self.tempdir.clone())
.skip_validation(*skip_validation)
.build()
.try_run()?;
}
@ -208,7 +221,10 @@ impl GenerateIsoCommand {
),
]);
}
GenIsoSubcommand::Recipe { recipe } => {
GenIsoSubcommand::Recipe {
recipe,
skip_validation: _,
} => {
let recipe = Recipe::parse(recipe)?;
args.extend([

11
src/commands/switch.rs
View file

@ -9,7 +9,10 @@ use blue_build_process_management::{
};
use blue_build_recipe::Recipe;
use blue_build_utils::{
constants::{ARCHIVE_SUFFIX, LOCAL_BUILD, OCI_ARCHIVE, OSTREE_UNVERIFIED_IMAGE, SUDO_ASKPASS},
constants::{
ARCHIVE_SUFFIX, BB_SKIP_VALIDATION, LOCAL_BUILD, OCI_ARCHIVE, OSTREE_UNVERIFIED_IMAGE,
SUDO_ASKPASS,
},
has_env_var, running_as_root,
};
use bon::Builder;
@ -41,6 +44,11 @@ pub struct SwitchCommand {
#[arg(long)]
tempdir: Option<PathBuf>,
/// Skips validation of the recipe file.
#[arg(long, env = BB_SKIP_VALIDATION)]
#[builder(default)]
skip_validation: bool,
#[clap(flatten)]
#[builder(default)]
drivers: DriverArgs,
@ -70,6 +78,7 @@ impl BlueBuildCommand for SwitchCommand {
.recipe([self.recipe.clone()])
.archive(tempdir.path())
.maybe_tempdir(self.tempdir.clone())
.skip_validation(self.skip_validation)
.build()
.try_run()?;