Connector CI: Ensure Crane has appropriate auth (#26812)

* Add crane login

* Save env state

* Add comments

* Run format

---------

Co-authored-by: Octavia Squidington III <octavia-squidington-iii@sers.noreply.github.com>

tools/ci_connector_ops/ci_connector_ops/pipelines/actions/environments.py

@@ -674,7 +674,6 @@ async def with_airbyte_java_connector(context: ConnectorContext, connector_java_
 
 
 async def get_cdk_version_from_python_connector(python_connector: Container) -> Optional[str]:
-
     pip_freeze_stdout = await python_connector.with_entrypoint("pip").with_exec(["freeze"]).stdout()
     pip_dependencies = [dep.split("==") for dep in pip_freeze_stdout.split("\n")]
     for package_name, package_version in pip_dependencies:
@@ -770,9 +769,29 @@ def with_airbyte_python_connector_full_dagger(context: ConnectorContext, build_p
     )
 
 
-def with_crane(context: PipelineContext) -> Container:
+def with_crane(
+    context: PipelineContext,
+) -> Container:
     """Crane is a tool to analyze and manipulate container images.
     We can use it to extract the image manifest and the list of layers or list the existing tags on an image repository.
     https://github.com/google/go-containerregistry/tree/main/cmd/crane
     """
-    return context.dagger_client.container().from_("gcr.io/go-containerregistry/crane:v0.15.1")
+
+    # We use the debug image as it contains a shell which we need to properly use environment variables
+    # https://github.com/google/go-containerregistry/tree/main/cmd/crane#images
+    base_container = context.dagger_client.container().from_("gcr.io/go-containerregistry/crane/debug:v0.15.1")
+
+    if context.docker_hub_username_secret and context.docker_hub_password_secret:
+        base_container = (
+            base_container.with_secret_variable("DOCKER_HUB_USERNAME", context.docker_hub_username_secret).with_secret_variable(
+                "DOCKER_HUB_PASSWORD", context.docker_hub_password_secret
+            )
+            # We need to use skip_entrypoint=True to avoid the entrypoint to be overridden by the crane command
+            # We use sh -c to be able to use environment variables in the command
+            # This is a workaround as the default crane entrypoint doesn't support environment variables
+            .with_exec(
+                ["sh", "-c", "crane auth login index.docker.io -u $DOCKER_HUB_USERNAME -p $DOCKER_HUB_PASSWORD"], skip_entrypoint=True
+            )
+        )
+
+    return base_container

tools/ci_connector_ops/ci_connector_ops/pipelines/publish.py

@@ -24,7 +24,11 @@ class CheckConnectorImageDoesNotExist(Step):
     async def _run(self) -> StepResult:
         docker_repository, docker_tag = self.context.docker_image_name.split(":")
         crane_ls = (
-            environments.with_crane(self.context).with_env_variable("CACHEBUSTER", str(uuid.uuid4())).with_exec(["ls", docker_repository])
+            environments.with_crane(
+                self.context,
+            )
+            .with_env_variable("CACHEBUSTER", str(uuid.uuid4()))
+            .with_exec(["ls", docker_repository])
         )
         crane_ls_exit_code = await with_exit_code(crane_ls)
         crane_ls_stderr = await with_stderr(crane_ls)
@@ -83,7 +87,6 @@ async def check_if_image_only_has_gzip_layers(self) -> bool:
         We use crane to inspect the manifest of the image and check if it only has gzip layers.
         """
         for platform in consts.BUILD_PLATFORMS:
-
             inspect = environments.with_crane(self.context).with_exec(
                 ["manifest", "--platform", f"{str(platform)}", f"docker.io/{self.context.docker_image_name}"]
             )
@@ -264,7 +267,6 @@ def create_connector_report(results: List[StepResult]) -> ConnectorReport:
                 metadata_upload_results = await metadata_upload_step.run()
                 results.append(metadata_upload_results)
 
-
             # Exit early if the connector image already exists or has failed to build
             if check_connector_image_results.status is not StepStatus.SUCCESS:
                 return create_connector_report(results)