From 31ba71dad79e149dfb6e15af9fc42ac645b016f1 Mon Sep 17 00:00:00 2001
From: Fedor Korotkov <fedor.korotkov@gmail.com>
Date: Fri, 11 Nov 2022 09:32:23 -0500
Subject: [PATCH] Option to provide registry credentials via environment
 variables (#320)

Fixes #124
---
 README.md                                         |  6 ++++++
 .../EnvironmentCredentialsProvider.swift          | 15 +++++++++++++++
 Sources/tart/OCI/Registry.swift                   |  4 ++--
 3 files changed, 23 insertions(+), 2 deletions(-)
 create mode 100644 Sources/tart/Credentials/EnvironmentCredentialsProvider.swift

diff --git a/README.md b/README.md
index 26477cd..02f18a0 100644
--- a/README.md
+++ b/README.md
@@ -228,6 +228,12 @@ tart login acme.io
 
 Credentials are securely stored in Keychain.
 
+In addition, Tart supports [Docker credential helpers](https://docs.docker.com/engine/reference/commandline/login/#credential-helpers)
+if defined in `~/.docker/config.json`.
+
+Finally, `TART_REGISTRY_USERNAME` and `TART_REGISTRY_PASSWORD` environment variables allow to override authorization
+for all registries which might useful for integrating with your CI's secret management.
+
 #### Pushing a Local Image
 
 Once credentials are saved for `acme.io`, run the following command to push a local images remotely with two tags:
diff --git a/Sources/tart/Credentials/EnvironmentCredentialsProvider.swift b/Sources/tart/Credentials/EnvironmentCredentialsProvider.swift
new file mode 100644
index 0000000..5deb949
--- /dev/null
+++ b/Sources/tart/Credentials/EnvironmentCredentialsProvider.swift
@@ -0,0 +1,15 @@
+import Foundation
+
+class EnvironmentCredentialsProvider: CredentialsProvider {
+  func retrieve(host: String) throws -> (String, String)? {
+    let username = ProcessInfo.processInfo.environment["TART_REGISTRY_USERNAME"]
+    let password = ProcessInfo.processInfo.environment["TART_REGISTRY_PASSWORD"]
+    if let username = username, let password = password {
+      return (username, password)
+    }
+    return nil
+  }
+
+  func store(host: String, user: String, password: String) throws {
+  }
+}
diff --git a/Sources/tart/OCI/Registry.swift b/Sources/tart/OCI/Registry.swift
index 79104a9..9e193e6 100644
--- a/Sources/tart/OCI/Registry.swift
+++ b/Sources/tart/OCI/Registry.swift
@@ -100,7 +100,7 @@ class Registry {
 
   init(urlComponents: URLComponents,
        namespace: String,
-       credentialsProviders: [CredentialsProvider] = [DockerConfigCredentialsProvider(), KeychainCredentialsProvider()]
+       credentialsProviders: [CredentialsProvider] = [EnvironmentCredentialsProvider(), DockerConfigCredentialsProvider(), KeychainCredentialsProvider()]
   ) throws {
     baseURL = urlComponents.url!
     self.namespace = namespace
@@ -111,7 +111,7 @@ class Registry {
     host: String,
     namespace: String,
     insecure: Bool = false,
-    credentialsProviders: [CredentialsProvider] = [DockerConfigCredentialsProvider(), KeychainCredentialsProvider()]
+    credentialsProviders: [CredentialsProvider] = [EnvironmentCredentialsProvider(), DockerConfigCredentialsProvider(), KeychainCredentialsProvider()]
   ) throws {
     let proto = insecure ? "http" : "https"
     let baseURLComponents = URLComponents(string: proto + "://" + host + "/v2/")!