Initial

Author: Bennett Goble

.dockerignore

@@ -0,0 +1 @@
+.git

.github/release.yaml

@@ -0,0 +1,18 @@
+changelog:
+  exclude:
+    labels:
+      - ignore-for-release
+    authors:
+      - dependabot
+  categories:
+    - title: Breaking Changes 🛠
+      labels:
+        - semver-major
+        - breaking-change
+    - title: New Features 🎉
+      labels:
+        - semver-minor
+        - enhancement
+    - title: Other Changes
+      labels:
+        - '*'

.github/workflows/test.yaml

@@ -0,0 +1,25 @@
+name: Run tests
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+      - uses: pre-commit/[email protected]
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Execute BATS
+        run: ./test/bats/bin/bats test/test.bats

.gitmodules

@@ -0,0 +1,9 @@
+[submodule "test/bats"]
+	path = test/bats
+	url = https://github.com/bats-core/bats-core.git
+[submodule "test/test_helper/bats-support"]
+	path = test/test_helper/bats-support
+	url = https://github.com/bats-core/bats-support.git
+[submodule "test/test_helper/bats-assert"]
+	path = test/test_helper/bats-assert
+	url = https://github.com/bats-core/bats-assert.git

.pre-commit-config.yaml

@@ -0,0 +1,18 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.5.0
+  hooks:
+  - id: trailing-whitespace
+  - id: end-of-file-fixer
+  - id: check-executables-have-shebangs
+  - id: check-shebang-scripts-are-executable
+  - id: check-yaml
+  - id: fix-byte-order-marker
+  - id: mixed-line-ending
+- repo: https://github.com/syntaqx/git-hooks
+  rev: v0.0.18
+  hooks:
+  - id: shellcheck
+    exclude: test

Dockerfile

@@ -0,0 +1,6 @@
+FROM debian:bookworm-slim
+
+COPY ./with-cloudsmith /usr/bin/
+
+RUN apt-get update \
+    && apt-get install -y apt-transport-https ca-certificates curl gnupg \

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Linden Research, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,62 @@
+# with-cloudsmith
+
+**with-cloudsmith** is a CLI tool for temporarily injecting Cloudsmith package
+source configurations into an environment. This can be useful when you want
+to consume private packages as part of a Dockerfile build but do not want to
+leave credentials behind in the resulting image.
+
+## Use
+
+First, add **with-cloudsmith** to your Dockerfile:
+```dockerfile
+FROM debian:bookworm-slim
+
+ADD https://raw.githubusercontent.com/secondlife/with-cloudsmith/v0.1.0/with-cloudsmith /usr/bin/
+```
+
+## Use with debian packages
+
+To install debian packages from a private Cloudsmith repository:
+```dockerfile
+# Install cloudsmith apt source dependencies
+RUN apt-get update \
+    && apt-get install -y apt-transport-https ca-certificates curl gnupg \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install private dependencies
+RUN --mount=type=secret,id=CLOUDSMITH_API_KEY \
+    with-cloudsmith -v --repo REPO --org ORG --deb \
+    apt-get install -y PACKAGE \
+    && rm -rf /var/lib/apt/lists/*
+```
+
+Then, assuming you have the environment variable CLOUDSMITH_API_KEY available, build the image:
+```
+$ docker build --secret id=CLOUDSMITH_API_KEY local/example .
+```
+
+## Use with pip
+
+Private python packages can be installed using **with-cloudsmith** like so:
+
+```dockerfile
+RUN --mount=type=secret,id=CLOUDSMITH_API_KEY \
+    with-cloudsmith --repo REPO --org ORG --pip pip install ...
+```
+
+Build the image the same as before, passing a build `--secret`.
+
+### Credentials
+
+**with-cloudsmith** desperately searches the following locations for credentials:
+
+- Environment variables: `CLOUDSMITH_API_KEY`, `CLOUDSMITH_TOKEN`, `CLOUDSMITH_USER`, `CLOUDSMITH_PASSWORD`
+- Ini files: `$HOME/.cloudsmith/credentials.ini`, `$HOME/.config/credentials.ini`, `$PWD/credentials.ini`
+- Docker build secrets: `/run/secrets/CLOUDSMITH_API_KEY`, et al.
+
+If you wish to use an OIDC token, you will want to use `CLOUDSMITH_TOKEN`.
+
+## Supported registry types
+
+- Debian packages
+- Python

test/bats

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+
+JESSIE_OS_RELEASE='PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
+NAME="Debian GNU/Linux"
+VERSION_ID="8"
+VERSION="8 (jessie)"
+ID=debian
+HOME_URL="http://www.debian.org/"
+SUPPORT_URL="http://www.debian.org/support"
+BUG_REPORT_URL="https://bugs.debian.org/"'
+
+BOOKWORM_OS_RELEASE='PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
+NAME="Debian GNU/Linux"
+VERSION_ID="12"
+VERSION="12 (bookworm)"
+VERSION_CODENAME=bookworm
+ID=debian
+HOME_URL="https://www.debian.org/"
+SUPPORT_URL="https://www.debian.org/support"
+BUG_REPORT_URL="https://bugs.debian.org/"'
+
+FOCAL_OS_RELEASE='NAME="Ubuntu"
+VERSION="20.04.6 LTS (Focal Fossa)"
+ID=ubuntu
+ID_LIKE=debian
+PRETTY_NAME="Ubuntu 20.04.6 LTS"
+VERSION_ID="20.04"
+HOME_URL="https://www.ubuntu.com/"
+SUPPORT_URL="https://help.ubuntu.com/"
+BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
+PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
+VERSION_CODENAME=focal
+UBUNTU_CODENAME=focal'
+
+PUBLIC_KEY='-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQGNBGYdqBwBDACvgTVXPt32ROKR++PnxJEHcSlnJdzegb5zQlz46FhCukxVtTOm\nI1AmITwz71XVqRF568utnYLSQTj0M+X+B9OXo04dTvEdOHIPs6cZgEY1oxq/Tfjb\nqwLy5hl9t183OJXCd7p1NjPmRC8jT/vvyM4BG//Etv6VgVRQiGa2+BDWfWPWQYGo\nLwYRmBmFOxuoZK55l/aNM0uJe3bNanrx5aSzXAJNqkfm9iKdnZrbtpSXx1KBvQ2Q\nh1kC7iwbIJnPa1dSlLOo+UrXem0FTqn2LvXoEn0jsYL2QInvHRLA57D3tVRlJwXl\n4hH6/YxIGEKQyw5Bgwrv5ESghzp/BsH0R4efbPH1EbSFf1x49fv5lRfOMtvfckDO\naqBvJzUKZiigN0HjR7it51jENqCjLbyqWpYNC5HqJezXI77a/Fze8c3cgm0gDNRS\nu/LpK3cGC+Ucolvo1qT/sr8POccEKhZztsnPtZEmmFufBF1W4FsZPubmxEUbjP/k\nHW6MNCQT74/aR+sAEQEAAbRCQ2xvdWRzbWl0aCBQYWNrYWdlIChzZWNvbmRsaWZl\nL3Byb2R1Y3Rpb24pIDxzdXBwb3J0QGNsb3Vkc21pdGguaW8+iQHOBBMBCAA4FiEE\nPwgLlNu0ypK1cYuzfqRPKy3+pvsFAmYdqBwCGy8FCwkIBwMFFQoJCAsFFgIDAQAC\nHgECF4AACgkQfqRPKy3+pvvShQwApv1jCK9NJdSYrYJdGIPDH5P1QqOHskegkMJc\ndprbMEs+xZDwRlY1kg5zbcP1CG26Z19wA65lcq/xCrgPoVOJ3T5FoqVAxgGRaOel\nbNxpl14AWBFgx/zePLUq2H0UpBp3mIwHVhuJCVk4b74gFauRTbA/jqXnd6GhcgpX\nYLgp4FblBAPdCh1anFDJVyMDy7AEneVpuujHGWar5EWxZeeAknZ/a92amUJ+ny20\nlqQcZRmk4rtzfCAeAIkLZRllKTYtabHRWdgrBf30xX6YozLIe6fSc0yri/ZUVV0T\npjpnhdl4Qd8//qdl/OpkvIsxBDzI2a53WKQZaHXclFjbtiFe17oPM5nhLYq2YegT\nXpeZTgGEDOthGZvqejk+Qp4L285JHRvf0KiS6yA1wEZr3CANxmnhLBig1j9u7ZKB\njB8+lqj4vt85rd3I3fAE/Iv5px12B8Me8vWiWwkN+/LpE/IxUojFWJhXjm/N0Kxr\nDpZR6ZtkHVsJwiq+bh0xeu8Mj+1A\n=8a3g\n-----END PGP PUBLIC KEY BLOCK-----\n'