From e066ddb93e8098bbef9561c61ffe7b0e0bd4cbe6 Mon Sep 17 00:00:00 2001 From: Euan Harris Date: Mon, 28 Apr 2025 13:12:13 +0100 Subject: [PATCH] containertool: Read default username and password from the environment Add environment variable equivalents for the `--username` and `--password` command line flags. These variables are more convenient than .netrc when working with registries which use short-lived credentials, such as ECR: export CONTAINERTOOL_USERNAME=AWS export CONTAINERTOOL_PASSWORD=$(aws ecr get-login-password --region us-west-2)w0 swift run containertool --repository \ 123456789012.dkr.ecr.us-west-2.amazonaws.com/hello/world \ .build/x86_64-swift-linux-musl/debug/hello-world N.B. These flags are used as default credentials if no matching entries are found in .netrc - potentially they should be called `--default-username` and `--default-password` to make this clearer. In the example above, if .netrc contains credentials for 123456789012.dkr.ecr.us-west-2.amazonaws.com they will be used in preference to the credentials in the environment variables. To avoid this, credentials which are not intended to be used should be removed from .netrc. Fixes #105 --- Sources/containertool/containertool.swift | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Sources/containertool/containertool.swift b/Sources/containertool/containertool.swift index d69f6e4..1ed3b37 100644 --- a/Sources/containertool/containertool.swift +++ b/Sources/containertool/containertool.swift @@ -40,10 +40,10 @@ enum AllowHTTP: String, ExpressibleByArgument, CaseIterable { case source, desti @Option(help: "Resource bundle directory") private var resources: [String] = [] - @Option(help: "Username") + @Option(help: "Default username, used if there are no matching entries in .netrc") private var username: String? - @Option(help: "Password") + @Option(help: "Default password, used if there are no matching entries in .netrc") private var password: String? @Flag(name: .shortAndLong, help: "Verbose output") @@ -75,6 +75,8 @@ enum AllowHTTP: String, ExpressibleByArgument, CaseIterable { case source, desti let env = ProcessInfo.processInfo.environment let defaultRegistry = defaultRegistry ?? env["CONTAINERTOOL_DEFAULT_REGISTRY"] ?? "docker.io" + let username = username ?? env["CONTAINERTOOL_USERNAME"] + let password = password ?? env["CONTAINERTOOL_PASSWORD"] let from = from ?? env["CONTAINERTOOL_BASE_IMAGE"] ?? "swift:slim" let os = os ?? env["CONTAINERTOOL_OS"] ?? "linux"