Merge pull request #323 from thaJeztah/pass_simplify_get

pass: Get: remove redundant stat
Merge pull request #317 from docker/dependabot/github_actions/softprops/action-gh-release-2
2026-06-28 07:11:36 +05:30 · 2024-05-10 14:15:26 +02:00 · 2024-05-10 14:14:16 +02:00 · 2024-05-10 11:04:52 +02:00 · 2024-05-10 10:28:57 +02:00 · 2024-05-10 10:23:32 +02:00
8 changed files with 160 additions and 41 deletions
@@ -0,0 +1,30 @@
+<!--
+Please make sure you've read and understood our contributing guidelines;
+https://github.com/docker/cli/blob/master/CONTRIBUTING.md
+
+** Make sure all your commits include a signature generated with `git commit -s` **
+
+For additional information on our contributing process, read our contributing
+guide https://docs.docker.com/opensource/code/
+
+If this is a bug fix, make sure your description includes "fixes #xxxx", or
+"closes #xxxx"
+
+Please provide the following information:
+-->
+
+**- What I did**
+
+**- How I did it**
+
+**- How to verify it**
+
+**- Description for the changelog**
+<!--
+Write a short (one line) summary that describes the changes in this
+pull request for inclusion in the changelog:
+-->
+
+
+**- A picture of a cute animal (not mandatory but encouraged)**
+
@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    open-pull-requests-limit: 10
+    directory: "/"
+    schedule:
+      interval: "daily"
+    labels:
+      - "dependencies"
+      - "bot"
@@ -15,7 +15,7 @@ on:

 env:
  DESTDIR: ./bin
-  GO_VERSION: 1.21.6
+  GO_VERSION: 1.21.10

 jobs:
  validate:
@@ -29,10 +29,10 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
      -
        name: Run
        run: |
@@ -46,18 +46,18 @@ jobs:
        os:
          - ubuntu-22.04
          - ubuntu-20.04
-          - macOS-11
+          - macOS-14
+          - macOS-13
          - windows-2022
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      -
        name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
        with:
          go-version: ${{ env.GO_VERSION }}
-          cache: true
      -
        name: Install deps (ubuntu)
        if: startsWith(matrix.os, 'ubuntu-')
@@ -72,7 +72,7 @@ jobs:
      -
        name: GPG conf
        if: ${{ !startsWith(matrix.os, 'windows-') }}
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
        id: gpg
        with:
          script: |
@@ -89,7 +89,7 @@ jobs:
      -
        name: Import GPG key
        if: ${{ !startsWith(matrix.os, 'windows-') }}
-        uses: crazy-max/ghaction-import-gpg@v5
+        uses: crazy-max/ghaction-import-gpg@v6
        with:
          gpg_private_key: ${{ steps.gpg.outputs.key }}
          passphrase: ${{ steps.gpg.outputs.passphrase }}
@@ -107,22 +107,23 @@ jobs:
        shell: bash
      -
        name: Upload coverage
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4
        with:
          file: ${{ env.DESTDIR }}/coverage.txt
+          token: ${{ secrets.CODECOV_TOKEN }}

  test-sandboxed:
    runs-on: ubuntu-22.04
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
      -
        name: Test
-        uses: docker/bake-action@v2
+        uses: docker/bake-action@v4
        with:
          targets: test
          set: |
@@ -130,24 +131,25 @@ jobs:
            *.cache-to=type=gha,scope=test,mode=max
      -
        name: Upload coverage
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4
        with:
          file: ${{ env.DESTDIR }}//coverage.txt
+          token: ${{ secrets.CODECOV_TOKEN }}

  build:
    runs-on: ubuntu-22.04
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
      -
        name: Build
        run: |
@@ -165,7 +167,7 @@ jobs:
          find ${{ env.DESTDIR }} -type f -exec file -e ascii -e text -- {} +
      -
        name: Upload artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
          name: docker-credential-helpers
          path: ${{ env.DESTDIR }}/*
@@ -173,7 +175,7 @@ jobs:
      -
        name: GitHub Release
        if: startsWith(github.ref, 'refs/tags/v')
-        uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5
+        uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87  # v2.0.5
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
@@ -185,7 +187,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      -
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:1

-ARG GO_VERSION=1.21.6
-ARG XX_VERSION=1.2.1
+ARG GO_VERSION=1.21.10
+ARG XX_VERSION=1.4.0
 ARG OSXCROSS_VERSION=11.3-r7-debian
 ARG GOLANGCI_LINT_VERSION=v1.55.2
 ARG DEBIAN_FRONTEND=noninteractive
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1

-ARG GO_VERSION=1.21.6
+ARG GO_VERSION=1.21.10
 ARG DISTRO=ubuntu
 ARG SUITE=focal

@@ -1,5 +1,5 @@
 variable "GO_VERSION" {
-  default = "1.21.6"
+  default = "1.21.10"
 }

 # Defines the output folder
@@ -87,8 +87,7 @@ func (p Pass) Add(creds *credentials.Credentials) error {
 		return errors.New("missing credentials")
 	}

-	encoded := base64.URLEncoding.EncodeToString([]byte(creds.ServerURL))
-
+	encoded := encodeServerURL(creds.ServerURL)
 	_, err := p.runPass(creds.Secret, "insert", "-f", "-m", path.Join(PASS_FOLDER, encoded, creds.Username))
 	return err
 }
@@ -99,7 +98,7 @@ func (p Pass) Delete(serverURL string) error {
 		return errors.New("missing server url")
 	}

-	encoded := base64.URLEncoding.EncodeToString([]byte(serverURL))
+	encoded := encodeServerURL(serverURL)
 	_, err := p.runPass("", "rm", "-rf", path.Join(PASS_FOLDER, encoded))
 	return err
 }
@@ -142,23 +141,14 @@ func (p Pass) Get(serverURL string) (string, string, error) {
 		return "", "", errors.New("missing server url")
 	}

-	encoded := base64.URLEncoding.EncodeToString([]byte(serverURL))
-
-	if _, err := os.Stat(path.Join(getPassDir(), PASS_FOLDER, encoded)); err != nil {
-		if os.IsNotExist(err) {
-			return "", "", credentials.NewErrCredentialsNotFound()
-		}
-
-		return "", "", err
-	}
-
+	encoded := encodeServerURL(serverURL)
 	usernames, err := listPassDir(encoded)
 	if err != nil {
 		return "", "", err
 	}

 	if len(usernames) < 1 {
-		return "", "", fmt.Errorf("no usernames for %s", serverURL)
+		return "", "", credentials.NewErrCredentialsNotFound()
 	}

 	actual := strings.TrimSuffix(usernames[0].Name(), ".gpg")
@@ -180,7 +170,7 @@ func (p Pass) List() (map[string]string, error) {
 			continue
 		}

-		serverURL, err := base64.URLEncoding.DecodeString(server.Name())
+		serverURL, err := decodeServerURL(server.Name())
 		if err != nil {
 			return nil, err
 		}
@@ -191,11 +181,27 @@ func (p Pass) List() (map[string]string, error) {
 		}

 		if len(usernames) < 1 {
-			return nil, fmt.Errorf("no usernames for %s", serverURL)
+			continue
 		}

-		resp[string(serverURL)] = strings.TrimSuffix(usernames[0].Name(), ".gpg")
+		resp[serverURL] = strings.TrimSuffix(usernames[0].Name(), ".gpg")
 	}

 	return resp, nil
 }
+
+// encodeServerURL returns the serverURL in base64-URL encoding to use
+// as directory-name in pass storage.
+func encodeServerURL(serverURL string) string {
+	return base64.URLEncoding.EncodeToString([]byte(serverURL))
+}
+
+// decodeServerURL decodes base64-URL encoded serverURL. ServerURLs are
+// used in encoded format for directory-names in pass storage.
+func decodeServerURL(encodedServerURL string) (string, error) {
+	serverURL, err := base64.URLEncoding.DecodeString(encodedServerURL)
+	if err != nil {
+		return "", err
+	}
+	return string(serverURL), nil
+}
@@ -3,6 +3,8 @@
 package pass

 import (
+	"os"
+	"path"
 	"strings"
 	"testing"

@@ -116,6 +118,75 @@ func TestPassHelperList(t *testing.T) {
 	}
 }

+// TestPassHelperWithEmptyServer verifies that empty directories (servers
+// without credentials) are ignored, but still returns credentials for other
+// servers.
+func TestPassHelperWithEmptyServer(t *testing.T) {
+	helper := Pass{}
+	if err := helper.checkInitialized(); err != nil {
+		t.Error(err)
+	}
+
+	creds := []*credentials.Credentials{
+		{
+			ServerURL: "https://myreqistry.example.com:2375/v1",
+			Username:  "foo",
+			Secret:    "isthebestmeshuggahalbum",
+		},
+		{
+			ServerURL: "https://index.example.com/v1//access-token",
+		},
+	}
+
+	t.Cleanup(func() {
+		for _, cred := range creds {
+			_ = helper.Delete(cred.ServerURL)
+		}
+	})
+
+	for _, cred := range creds {
+		if cred.Username != "" {
+			if err := helper.Add(cred); err != nil {
+				t.Error(err)
+			}
+		} else {
+			// No credentials; create an empty directory for this server.
+			serverURL := encodeServerURL(cred.ServerURL)
+			p := path.Join(getPassDir(), PASS_FOLDER, serverURL)
+			if err := os.Mkdir(p, 0o755); err != nil {
+				t.Error(err)
+			}
+		}
+	}
+
+	credsList, err := helper.List()
+	if err != nil {
+		t.Error(err)
+	}
+	if len(credsList) == 0 {
+		t.Error("expected credentials to be returned, but got none")
+	}
+	for _, cred := range creds {
+		if cred.Username != "" {
+			userName, secret, err := helper.Get(cred.ServerURL)
+			if err != nil {
+				t.Error(err)
+			}
+			if userName != cred.Username {
+				t.Errorf("expected username %q, actual: %q", cred.Username, userName)
+			}
+			if secret != cred.Secret {
+				t.Errorf("expected secret %q, actual: %q", cred.Secret, secret)
+			}
+		} else {
+			_, _, err := helper.Get(cred.ServerURL)
+			if !credentials.IsErrCredentialsNotFound(err) {
+				t.Errorf("expected credentials not found, actual: %v", err)
+			}
+		}
+	}
+}
+
 func TestMissingCred(t *testing.T) {
 	helper := Pass{}
 	if _, _, err := helper.Get("garbage"); !credentials.IsErrCredentialsNotFound(err) {
Author	SHA1	Message	Date
Sebastiaan van Stijn	6b9df3ebb5	Merge pull request #323 from thaJeztah/pass_simplify_get pass: Get: remove redundant stat	2024-05-10 14:15:26 +02:00
Sebastiaan van Stijn	dc10c50685	Merge pull request #317 from docker/dependabot/github_actions/softprops/action-gh-release-2 build(deps): bump softprops/action-gh-release from 1 to 2	2024-05-10 14:14:16 +02:00
CrazyMax	896eb37d47	build(deps): bump softprops/action-gh-release to 2.0.5 Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2024-05-10 11:04:52 +02:00
Sebastiaan van Stijn	a14669f4ff	pass: Get: remove redundant stat listPassdir already handles "not found" errors, in which case it returns an [empty result][1]. Previously this would return a custom error, but since `1bb9aa3210`, an empty result produces a `errCredentialsNotFound`, making this check redundant. This patch removes the redundant check. [1]: https://github.com/docker/docker-credential-helpers/blob/f64d6b131b3da07a6337dc63a882e08ce541d1c1/pass/pass.go#L118-L125 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2024-05-10 10:28:57 +02:00
Sebastiaan van Stijn	74840b3740	Merge pull request #322 from thaJeztah/pass_dry pass: add utilities for encoding/decoding serverURL	2024-05-10 10:23:32 +02:00
Sebastiaan van Stijn	d3ef442f59	pass: add utilities for encoding/decoding serverURL While the implementation of these is fairly trivial, we want them to remain the same. This patch adds utilities to handle the encoding and decoding of the server-URLs. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2024-05-09 16:58:34 +02:00
Sebastiaan van Stijn	f64d6b131b	Merge pull request #321 from thaJeztah/fix_pass_errors pass: return correct error, and ignore empty stores on list	2024-05-09 16:44:30 +02:00
Sebastiaan van Stijn	1bb9aa3210	pass: return correct error, and ignore empty stores on list commit `2fc2313bb1` changed the errors returned by the pass credentials-helper to use a errCredentialsNotFound. This error string is used in the client to distinguish a "not found" error from other errors. (see [client.Get][1]). However, there were additional second code-paths that returned a custom error, which would not be detected as a "not found" error, resulting in an error when logging out; Removing login credentials for https://index.docker.io/v1/ WARNING: could not erase credentials: https://index.docker.io/v1/: error erasing credentials - err: exit status 1, out: `error getting credentials - err: exit status 1, out: `no usernames for https://index.docker.io/v1/`` This patch: - updates Pass.Get() to return a errCredentialsNotFound if no credentials were found - updates Pass.List() to not return an error if any of the domains had no credentials stored. [1]: https://github.com/docker/docker-credential-helpers/blob/73b9e5d51f8dc9f598e08a0f2171c5d5a828e76b/client/client.go#L51-L55 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2024-05-09 12:19:23 +02:00
Sebastiaan van Stijn	73b9e5d51f	Merge pull request #320 from thaJeztah/update_gha update GHA to macOS-13, macOS-14, and update to go1.21.10	2024-05-08 22:48:19 +02:00
Sebastiaan van Stijn	0c43fede6d	update to go1.21.10 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2024-05-08 15:59:23 +02:00
Sebastiaan van Stijn	a941c5247f	gha: update to use macos-13, macos-14 macos-11 runners are being deprecated; updating to use macos-13 (x86) and macos-14 (arm64) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2024-05-08 15:56:13 +02:00
Sebastiaan van Stijn	097f945536	Merge pull request #318 from thaJeztah/pr_template add pull-request template	2024-03-18 12:07:36 +01:00
Sebastiaan van Stijn	9272dcb90a	add pull-request template Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2024-03-18 11:17:06 +01:00
dependabot[bot]	ecacf8cdcf	build(deps): bump softprops/action-gh-release from 1 to 2 Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 1 to 2. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/de2c0eb89ae2a093876385947365aca7b0e5f844...d99959edae48b5ffffd7b00da66dcdb0a33a52ee) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2024-03-11 09:10:25 +00:00
Sebastiaan van Stijn	5be670a285	Merge pull request #316 from crazy-max/codecov-token ci: set codecov token	2024-02-22 23:44:22 +01:00
CrazyMax	73aa8c0daa	ci: set codecov token Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2024-02-22 23:25:37 +01:00
Sebastiaan van Stijn	c23afb6c37	Merge pull request #313 from crazy-max/bump-gha ci: update github actions to latest stable	2024-02-06 10:11:41 +01:00
CrazyMax	d622133060	Merge pull request #310 from thaJeztah/update_xx Dockerfile: update xx to v1.4.0	2024-02-06 10:05:26 +01:00
CrazyMax	12500fb753	chore: dependabot to keep gha up to date Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2024-02-06 10:03:08 +01:00
CrazyMax	bf726a0656	ci: update github actions to latest stable Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2024-02-06 10:02:31 +01:00
Sebastiaan van Stijn	d9632f6a08	Dockerfile: update xx to v1.4.0 full diff: https://github.com/tonistiigi/xx/compare/v1.2.1...v1.4.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2024-02-06 09:55:36 +01:00