Skip to content

Commit efcd6a2

Browse files
joshspicerjoshspicer
authored
Respect DOCKER_CONFIG environment variable
https://docs.docker.com/engine/reference/commandline/cli/#change-the-docker-directory
1 parent d52efe6 commit efcd6a2

1 file changed

Lines changed: 34 additions & 35 deletions

File tree

src/spec-configuration/httpOCIRegistry.ts

Lines changed: 34 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -212,45 +212,44 @@ async function getCredentialFromDockerConfigOrCredentialHelper(params: CommonPar
212212

213213
let configContainsAuth = false;
214214
try {
215-
const homeDir = os.homedir();
216-
if (homeDir) {
217-
const dockerConfigPath = path.join(homeDir, '.docker', 'config.json');
218-
if (await isLocalFile(dockerConfigPath)) {
219-
const dockerConfig: DockerConfigFile = jsonc.parse((await readLocalFile(dockerConfigPath)).toString());
220-
221-
configContainsAuth = Object.keys(dockerConfig.credHelpers || {}).length > 0 || !!dockerConfig.credsStore || Object.keys(dockerConfig.auths || {}).length > 0;
222-
if (dockerConfig.credHelpers && dockerConfig.credHelpers[registry]) {
223-
const credHelper = dockerConfig.credHelpers[registry];
224-
output.write(`[httpOci] Found credential helper '${credHelper}' in '${dockerConfigPath}' registry '${registry}'`, LogLevel.Trace);
225-
const auth = await getCredentialFromHelper(params, registry, credHelper);
226-
if (auth) {
227-
return auth;
228-
}
229-
} else if (dockerConfig.credsStore) {
230-
output.write(`[httpOci] Invoking credsStore credential helper '${dockerConfig.credsStore}'`, LogLevel.Trace);
231-
const auth = await getCredentialFromHelper(params, registry, dockerConfig.credsStore);
232-
if (auth) {
233-
return auth;
234-
}
215+
// https://docs.docker.com/engine/reference/commandline/cli/#change-the-docker-directory
216+
const dockerConfigRootDir = process.env.DOCKER_CONFIG || path.join(os.homedir(), '.docker');
217+
const dockerConfigFilePath = path.join(dockerConfigRootDir, 'config.json');
218+
if (await isLocalFile(dockerConfigFilePath)) {
219+
const dockerConfig: DockerConfigFile = jsonc.parse((await readLocalFile(dockerConfigFilePath)).toString());
220+
221+
configContainsAuth = Object.keys(dockerConfig.credHelpers || {}).length > 0 || !!dockerConfig.credsStore || Object.keys(dockerConfig.auths || {}).length > 0;
222+
if (dockerConfig.credHelpers && dockerConfig.credHelpers[registry]) {
223+
const credHelper = dockerConfig.credHelpers[registry];
224+
output.write(`[httpOci] Found credential helper '${credHelper}' in '${dockerConfigFilePath}' registry '${registry}'`, LogLevel.Trace);
225+
const auth = await getCredentialFromHelper(params, registry, credHelper);
226+
if (auth) {
227+
return auth;
235228
}
236-
if (dockerConfig.auths && dockerConfig.auths[registry]) {
237-
output.write(`[httpOci] Found auths entry in '${dockerConfigPath}' for registry '${registry}'`, LogLevel.Trace);
238-
const auth = dockerConfig.auths[registry].auth;
239-
const identityToken = dockerConfig.auths[registry].identitytoken; // Refresh token, seen when running: 'az acr login -n <registry>'
240-
241-
if (identityToken) {
242-
return {
243-
refreshToken: identityToken,
244-
base64EncodedCredential: undefined,
245-
};
246-
}
247-
248-
// Without the presence of an `identityToken`, assume auth is a base64-encoded 'user:token'.
229+
} else if (dockerConfig.credsStore) {
230+
output.write(`[httpOci] Invoking credsStore credential helper '${dockerConfig.credsStore}'`, LogLevel.Trace);
231+
const auth = await getCredentialFromHelper(params, registry, dockerConfig.credsStore);
232+
if (auth) {
233+
return auth;
234+
}
235+
}
236+
if (dockerConfig.auths && dockerConfig.auths[registry]) {
237+
output.write(`[httpOci] Found auths entry in '${dockerConfigFilePath}' for registry '${registry}'`, LogLevel.Trace);
238+
const auth = dockerConfig.auths[registry].auth;
239+
const identityToken = dockerConfig.auths[registry].identitytoken; // Refresh token, seen when running: 'az acr login -n <registry>'
240+
241+
if (identityToken) {
249242
return {
250-
base64EncodedCredential: auth,
251-
refreshToken: undefined,
243+
refreshToken: identityToken,
244+
base64EncodedCredential: undefined,
252245
};
253246
}
247+
248+
// Without the presence of an `identityToken`, assume auth is a base64-encoded 'user:token'.
249+
return {
250+
base64EncodedCredential: auth,
251+
refreshToken: undefined,
252+
};
254253
}
255254
}
256255
} catch (err) {

0 commit comments

Comments
 (0)