Registry tokens screen: imagePullSecret snippet + packages link
a4513e0 · gmorell · 2026-06-25 20:47
Message
{commit_body(@commit)}
Files changed
modified
lib/git_gud_web/live/registry_token_live/index.ex
+47
−7
@@ -80,6 +80,28 @@ defmodule GitGudWeb.RegistryTokenLive.Index do
| 80 | 80 | |
| 81 | 81 | defp image_ref(assigns), do: "#{assigns.registry_host}/#{assigns.handle}/#{assigns.repo.name}" |
| 82 | 82 | |
| 83 | + # Ready-to-apply kubernetes.io/dockerconfigjson secret for pulling this | |
| 84 | + # repo's images with the freshly-minted token. | |
| 85 | + defp pull_secret_yaml(assigns) do | |
| 86 | + %{registry_host: host, repo: repo, new_token: %{name: user, secret: pass}} = assigns | |
| 87 | + auth = Base.encode64("#{user}:#{pass}") | |
| 88 | + | |
| 89 | + dockercfg = | |
| 90 | + Jason.encode!(%{ | |
| 91 | + "auths" => %{host => %{"username" => user, "password" => pass, "auth" => auth}} | |
| 92 | + }) | |
| 93 | + | |
| 94 | + """ | |
| 95 | + apiVersion: v1 | |
| 96 | + kind: Secret | |
| 97 | + metadata: | |
| 98 | + name: #{repo.name}-pull | |
| 99 | + type: kubernetes.io/dockerconfigjson | |
| 100 | + data: | |
| 101 | + .dockerconfigjson: #{Base.encode64(dockercfg)} | |
| 102 | + """ | |
| 103 | + end | |
| 104 | + | |
| 83 | 105 | @impl true |
| 84 | 106 | def render(assigns) do |
| 85 | 107 | ~H""" |
@@ -96,13 +118,22 @@ defmodule GitGudWeb.RegistryTokenLive.Index do
| 96 | 118 | <.repo_settings_header handle={@handle} repo={@repo} current={:registry_tokens} /> |
| 97 | 119 | |
| 98 | 120 | <section class="max-w-2xl space-y-4"> |
| 99 | − <div> | |
| 100 | − <h2 class="font-semibold">Registry deploy tokens</h2> | |
| 101 | − <p class="text-sm opacity-70"> | |
| 102 | − Long-lived credentials to <code>pull</code>/<code>push</code> | |
| 103 | − this repo's container images outside CI. CI itself doesn't need one — | |
| 104 | − it uses the per-job token automatically. | |
| 105 | − </p> | |
| 121 | + <div class="flex items-start justify-between gap-3"> | |
| 122 | + <div> | |
| 123 | + <h2 class="font-semibold">Registry deploy tokens</h2> | |
| 124 | + <p class="text-sm opacity-70"> | |
| 125 | + Long-lived credentials to <code>pull</code>/<code>push</code> | |
| 126 | + this repo's container images outside CI. CI itself doesn't need one — | |
| 127 | + it uses the per-job token automatically. | |
| 128 | + </p> | |
| 129 | + </div> | |
| 130 | + <.link | |
| 131 | + :if={@has_packages?} | |
| 132 | + navigate={~p"/r/#{@handle}/#{@repo.name}/packages"} | |
| 133 | + class="link link-hover text-sm whitespace-nowrap" | |
| 134 | + > | |
| 135 | + View packages → | |
| 136 | + </.link> | |
| 106 | 137 | </div> |
| 107 | 138 | |
| 108 | 139 | <div :if={@new_token} class="rounded border border-success/40 bg-success/10 p-3 space-y-2"> |
@@ -111,6 +142,15 @@ defmodule GitGudWeb.RegistryTokenLive.Index do
| 111 | 142 | <p :if={@registry_host} class="text-xs opacity-80"> |
| 112 | 143 | <span class="font-mono select-all">podman login {@registry_host} -u {@new_token.name} -p {@new_token.secret}</span> |
| 113 | 144 | </p> |
| 145 | + <details :if={@registry_host} class="text-xs"> | |
| 146 | + <summary class="cursor-pointer opacity-80">Kubernetes imagePullSecret</summary> | |
| 147 | + <pre class="bg-black text-green-300 p-2 rounded overflow-auto select-all mt-1">{pull_secret_yaml(assigns)}</pre> | |
| 148 | + <p class="opacity-70 mt-1"> | |
| 149 | + Apply it, then set <code>imagePullSecrets</code> to | |
| 150 | + <code>{@repo.name}-pull</code> for image | |
| 151 | + <code>{image_ref(assigns)}:thetag</code>. | |
| 152 | + </p> | |
| 153 | + </details> | |
| 114 | 154 | </div> |
| 115 | 155 | |
| 116 | 156 | <form :if={@can_admin?} phx-submit="create_token" class="flex flex-wrap items-end gap-3"> |
Parents: 2e7dd83