#GCR auth

Hi @lusty gust , do you have a working setup for this on your local machine?

At a high level, the approach to getting it to work in Dagger, is to do the same thing in a container, orchestrated by the Dagger API

I have a setup but I would not say working as I cannot seem to connect to gcr. It works via docker compose since I use gcloud auth and have configured registries via gcloud. But it fails when I converted my setup to dagger with the above error

So, from memory you need to authenticate with a gcloud helper tool, right?

The idea is to do the same thing in a container. So you'll need to build a container with gcloud installed, run the helper, then get the docker registry auth tokens, and use that for your pull (this is from memory of how gcr auth works)

So take from a grain a salt, as it's been a while

Ok, I have ended for the day but will post back here with results in the following days if I get it working

Documentation on working with other registries would be great as well in general! 🙂

Agreed!

The major next feature we are working (codename Zenith) is a system of reusable modules, with a "daggerverse" where modules can be shared and reused within the community. A GCR module would make perfect sense, and will make all this much easier

See https://daggerverse.dev for a sneak preview. It's still in development, but it works 🙂 And lots of modules being developed already

👋 this guide on the dagger docs might also shed some light since it's integrated with gcr as well: https://docs.dagger.io/759201/gitlab-google-cloud/#step-5-create-a-gitlab-cicd-pipeline

The following snippet will build a gcloud image with your host config mounted

async function gcloudImage(client: Client) {
    // get config location & host dir
    const { stdout } = await exec("gcloud info --format='value(config. paths. global_config_dir)'")
    const cfg = stdout.trim()
    const d = client.host().directory(cfg);

    // create container with mounted volume &  var
    return client.container()
        .from("google/cloud-sdk").pipeline("gcloud")
        .withEnvVariable("CLOUDSDK_CONFIG", "/gcloud/config")
        .withMountedDirectory("/gcloud/config", d)

}

Should be relatively easy to translate to Go

The issue I'm having is pushing the image to the gcloud registry, I'd like to use the Docker credHelpers from the host without having to make / keep a SA key file around

This used to work, but broke somewhere in the last 2 minor version?

What error are you getting?

403 Forbidden

Getting a minimal snippet together

import { Client } from "@dagger.io/dagger"

export async function hack(client: Client) {

    const registry = "us-central1-docker.pkg.dev/hof-io--develop/testing"
    const name = "hello-world"
    const img = client.container().from(name)

    const remoteName = `${registry}/${name}`

    await img.publish(remoteName)
}

hmm, maybe my host does not have perms, even after auth'n

I wonder if GCP changes some permission settings...

oh... they stopped adding GAR to the credHelpers it looks like

that doesn't make sense, since they are deprecating GCR and forcing people to GAR (which costs 4x more...)

seems to be working now

one thing that would be nice is to see the push progress/logs, they done seem to show up anywhere

➜  webapp git:(main) ✗  
make dagger.hack   
dagger run yarn run tsx ./ci/dagger hack
█ [3.11s] yarn run tsx ./ci/dagger hack
┃ yarn run v1.22.21                                                                                                                  
┃ $ /Users/tony/ts/webapp/node_modules/.bin/tsx ./ci/dagger hack                                                                     
┃ (node:68055) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.         
┃ (Use `node --trace-deprecation ...` to show where the warning was created)                                                         
┃ Done in 2.98s.                                                                                                                     
┣─╮ 
│ ▽ from hello-world
│ █ [0.38s] resolve image config for docker.io/library/hello-world:latest
│ █ [0.25s] pull docker.io/library/hello-world:latest
│ ┣ [0.01s] resolve docker.io/library/hello-world@sha256:4bd78111b6914a99dbc560e6a20eab57ff6655aea4a80c50b0c5491968cbc2e6
│ ┣ [0.24s] ████████████████ sha256:478afc9190022e867bb857b1a25cc5abc7678287af6cb930562ec25be709f1b7
┻ ┻ 
• Engine: a8f1a7fe29b0 (version v0.9.9)
⧗ 3.73s ✔ 9

Huh, so it was a transient error on the GCP side?

no, the normal command gcloud auth configure-docker only sets you up for GCR, the way forward is GAR (Artifact Registry) now, so you need to do gcloud auth configure-docker us-central1-docker.pkg.dev (for each region you want to use)