use env based credentials first for docker

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
CycloneDX · Nov 20, 2023 · 0b53f6a · 0b53f6a
1 parent 89540a8
commit 0b53f6a
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 30 deletions.
diff --git a/docker.js b/docker.js
@@ -108,6 +108,7 @@ export const getOnlyDirs = (srcpath, dirName) => {
 };
 
 const getDefaultOptions = (forRegistry) => {
+  console.log("getDefaultOptions called with", forRegistry);
   let authTokenSet = false;
   if (!forRegistry && process.env.DOCKER_SERVER_ADDRESS) {
     forRegistry = process.env.DOCKER_SERVER_ADDRESS;
@@ -127,7 +128,36 @@ const getDefaultOptions = (forRegistry) => {
   };
   const DOCKER_CONFIG = process.env.DOCKER_CONFIG || join(homedir(), ".docker");
   // Support for private registry
-  if (existsSync(join(DOCKER_CONFIG, "config.json"))) {
+  if (process.env.DOCKER_AUTH_CONFIG) {
+    opts.headers = {
+      "X-Registry-Auth": process.env.DOCKER_AUTH_CONFIG
+    };
+    authTokenSet = true;
+  }
+  if (
+    !authTokenSet &&
+    process.env.DOCKER_USER &&
+    process.env.DOCKER_PASSWORD &&
+    process.env.DOCKER_EMAIL &&
+    forRegistry
+  ) {
+    const authPayload = {
+      username: process.env.DOCKER_USER,
+      email: process.env.DOCKER_EMAIL,
+      serveraddress: forRegistry
+    };
+    if (process.env.DOCKER_USER === "<token>") {
+      authPayload.IdentityToken = process.env.DOCKER_PASSWORD;
+    } else {
+      authPayload.password = process.env.DOCKER_PASSWORD;
+    }
+    opts.headers = {
+      "X-Registry-Auth": Buffer.from(JSON.stringify(authPayload)).toString(
+        "base64"
+      )
+    };
+  }
+  if (!authTokenSet && existsSync(join(DOCKER_CONFIG, "config.json"))) {
     const configData = readFileSync(
       join(DOCKER_CONFIG, "config.json"),
       "utf-8"
@@ -196,35 +226,6 @@ const getDefaultOptions = (forRegistry) => {
       }
     }
   }
-  if (!authTokenSet && process.env.DOCKER_AUTH_CONFIG) {
-    opts.headers = {
-      "X-Registry-Auth": process.env.DOCKER_AUTH_CONFIG
-    };
-    authTokenSet = true;
-  }
-  if (
-    !authTokenSet &&
-    process.env.DOCKER_USER &&
-    process.env.DOCKER_PASSWORD &&
-    process.env.DOCKER_EMAIL &&
-    forRegistry
-  ) {
-    const authPayload = {
-      username: process.env.DOCKER_USER,
-      email: process.env.DOCKER_EMAIL,
-      serveraddress: forRegistry
-    };
-    if (process.env.DOCKER_USER === "<token>") {
-      authPayload.IdentityToken = process.env.DOCKER_PASSWORD;
-    } else {
-      authPayload.password = process.env.DOCKER_PASSWORD;
-    }
-    opts.headers = {
-      "X-Registry-Auth": Buffer.from(JSON.stringify(authPayload)).toString(
-        "base64"
-      )
-    };
-  }
   const userInfo = _userInfo();
   opts.podmanPrefixUrl = isWin ? "" : `http://unix:/run/podman/podman.sock:`;
   opts.podmanRootlessPrefixUrl = isWin

diff --git a/docker.test.js b/docker.test.js
@@ -54,6 +54,15 @@ test("parseImageName tests", () => {
     digest: "",
     platform: ""
   });
+  expect(
+    parseImageName("foocorp.jfrog.io/docker/library/eclipse-temurin:latest")
+  ).toEqual({
+    registry: "foocorp.jfrog.io",
+    repo: "docker/library/eclipse-temurin",
+    tag: "latest",
+    digest: "",
+    platform: ""
+  });
   expect(
     parseImageName(
       "quay.io/shiftleft/scan-java@sha256:5d008306a7c5d09ba0161a3408fa3839dc2c9dd991ffb68adecc1040399fe9e1"