From 0534ae9522d440d75d1c1897c48fe20cbfb3284c Mon Sep 17 00:00:00 2001
From: aegypius <innercircle@aegypius.com>
Date: Thu, 10 Oct 2024 15:19:27 +0000
Subject: [PATCH] feat: add env argument for secret mounts

https://docs.docker.com/reference/dockerfile/#run---mounttypesecret
---
 src/Language/Docker/Parser/Run.hs    | 13 ++++++++++---
 src/Language/Docker/Syntax.hs        |  4 ++--
 test/Language/Docker/ParseRunSpec.hs |  6 ++++--
 3 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/src/Language/Docker/Parser/Run.hs b/src/Language/Docker/Parser/Run.hs
index 4563b24..0a921e6 100644
--- a/src/Language/Docker/Parser/Run.hs
+++ b/src/Language/Docker/Parser/Run.hs
@@ -19,7 +19,8 @@ data RunFlag
   deriving (Show)
 
 data RunMountArg
-  = MountArgFromImage Text
+  = MountArgEnv Text
+  | MountArgFromImage Text
   | MountArgId Text
   | MountArgMode Text
   | MountArgReadOnly Bool
@@ -161,13 +162,14 @@ secretMount args =
     Left e -> customError e
     Right as -> return $ foldr secretOpts def as
   where
-    allowed = Set.fromList ["target", "id", "required", "source", "mode", "uid", "gid"]
+    allowed = Set.fromList ["target", "id", "required", "source", "mode", "uid", "gid", "env"]
     required = Set.empty
     secretOpts :: RunMountArg -> SecretOpts -> SecretOpts
     secretOpts (MountArgTarget path) co = co {sTarget = Just path}
     secretOpts (MountArgId i) co = co {sCacheId = Just i}
     secretOpts (MountArgRequired r) co = co {sIsRequired = Just r}
     secretOpts (MountArgSource path) co = co {sSource = Just path}
+    secretOpts (MountArgEnv e) co = co {sEnv = Just e}
     secretOpts (MountArgMode m) co = co {sMode = Just m}
     secretOpts (MountArgUid u) co = co {sUid = Just u}
     secretOpts (MountArgGid g) co = co {sGid = Just g}
@@ -223,7 +225,8 @@ mountChoices mountType =
           mountArgSource,
           mountArgMode,
           mountArgUid,
-          mountArgGid
+          mountArgGid,
+          mountArgEnv
         ]
 
 stringArg :: (?esc :: Char) => Parser Text
@@ -239,6 +242,9 @@ cacheSharing :: Parser CacheSharing
 cacheSharing =
   choice [Private <$ string "private", Shared <$ string "shared", Locked <$ string "locked"]
 
+mountArgEnv :: (?esc :: Char) => Parser RunMountArg
+mountArgEnv = MountArgEnv <$> key "env" stringArg
+
 mountArgFromImage :: (?esc :: Char) => Parser RunMountArg
 mountArgFromImage = MountArgFromImage <$> key "from" stringArg
 
@@ -317,6 +323,7 @@ mountArgUid :: (?esc :: Char) => Parser RunMountArg
 mountArgUid = MountArgUid <$> key "uid" stringArg
 
 toArgName :: RunMountArg -> Text
+toArgName (MountArgEnv _) = "env"
 toArgName (MountArgFromImage _) = "from"
 toArgName (MountArgGid _) = "gid"
 toArgName (MountArgId _) = "id"
diff --git a/src/Language/Docker/Syntax.hs b/src/Language/Docker/Syntax.hs
index 58588f1..3771ed0 100644
--- a/src/Language/Docker/Syntax.hs
+++ b/src/Language/Docker/Syntax.hs
@@ -297,6 +297,7 @@ data SecretOpts
         sCacheId :: !(Maybe Text),
         sIsRequired :: !(Maybe Bool),
         sSource :: !(Maybe SourcePath),
+        sEnv :: !(Maybe Text),
         sMode :: !(Maybe Text),
         sUid :: !(Maybe Text),
         sGid :: !(Maybe Text)
@@ -304,8 +305,7 @@ data SecretOpts
   deriving (Eq, Show, Ord)
 
 instance Default SecretOpts where
-  def = SecretOpts Nothing Nothing Nothing Nothing Nothing Nothing Nothing
-
+  def = SecretOpts Nothing Nothing Nothing Nothing Nothing Nothing Nothing Nothing
 data CacheSharing
   = Shared
   | Private
diff --git a/test/Language/Docker/ParseRunSpec.hs b/test/Language/Docker/ParseRunSpec.hs
index 3844492..d1ba0dd 100644
--- a/test/Language/Docker/ParseRunSpec.hs
+++ b/test/Language/Docker/ParseRunSpec.hs
@@ -186,7 +186,7 @@ spec = do
             [ Run $ RunArgs (ArgumentsText "echo foo") flags
             ]
     it "--mount=type=secret all modifiers" $
-      let file = Text.unlines ["RUN --mount=type=secret,target=/foo,id=a,required,source=/bar,mode=0700,uid=0,gid=0 echo foo"]
+      let file = Text.unlines ["RUN --mount=type=secret,target=/foo,env=baz,id=a,required,source=/bar,mode=0700,uid=0,gid=0 echo foo"]
           flags =
             def
               { mount =
@@ -194,6 +194,7 @@ spec = do
                     SecretMount
                       ( def
                           { sTarget = Just "/foo",
+                            sEnv = Just "baz",
                             sCacheId = Just "a",
                             sIsRequired = Just True,
                             sSource = Just "/bar",
@@ -208,7 +209,7 @@ spec = do
             [ Run $ RunArgs (ArgumentsText "echo foo") flags
             ]
     it "--mount=type=secret all modifiers, required explicit" $
-      let file = Text.unlines ["RUN --mount=type=secret,target=/foo,id=a,required=true,source=/bar,mode=0700,uid=0,gid=0 echo foo"]
+      let file = Text.unlines ["RUN --mount=type=secret,target=/foo,env=baz,id=a,required=true,source=/bar,mode=0700,uid=0,gid=0 echo foo"]
           flags =
             def
               { mount =
@@ -216,6 +217,7 @@ spec = do
                     SecretMount
                       ( def
                           { sTarget = Just "/foo",
+                            sEnv = Just "baz",
                             sCacheId = Just "a",
                             sIsRequired = Just True,
                             sSource = Just "/bar",