feat: add Docker credential helper for Cloudsmith registries#277
Open
cloudsmith-iduffy wants to merge 2 commits intoiduffy/credential-provider-chainfrom
Open
feat: add Docker credential helper for Cloudsmith registries#277cloudsmith-iduffy wants to merge 2 commits intoiduffy/credential-provider-chainfrom
cloudsmith-iduffy wants to merge 2 commits intoiduffy/credential-provider-chainfrom
Conversation
cloudsmith-iduffy
force-pushed
the
iduffy/credential-helper-base
branch
from
31f616c to
58327a3
Compare
cloudsmith-iduffy
force-pushed
the
iduffy/credential-provider-chain
branch
2 times, most recently
from
8b57884 to
0b0445c
Compare
cloudsmith-iduffy
force-pushed
the
iduffy/credential-helper-base
branch
from
58327a3 to
910a2cd
Compare
cloudsmith-iduffy
force-pushed
the
iduffy/credential-provider-chain
branch
from
0b0445c to
987c32f
Compare
cloudsmith-iduffy
force-pushed
the
iduffy/credential-helper-base
branch
from
910a2cd to
23ab3ad
Compare
cloudsmith-iduffy
force-pushed
the
iduffy/credential-provider-chain
branch
2 times, most recently
from
65d8c53 to
646c50a
Compare
cloudsmith-iduffy
force-pushed
the
iduffy/credential-helper-base
branch
from
23ab3ad to
0e03731
Compare
cloudsmith-iduffy
force-pushed
the
iduffy/credential-provider-chain
branch
from
646c50a to
5c2b23d
Compare
cloudsmith-iduffy
force-pushed
the
iduffy/credential-helper-base
branch
2 times, most recently
from
641bec5 to
5540a76
Compare
cloudsmith-iduffy
force-pushed
the
iduffy/credential-provider-chain
branch
from
6e1792c to
8862812
Compare
cloudsmith-iduffy
force-pushed
the
iduffy/credential-helper-base
branch
from
5540a76 to
2aad86a
Compare
cloudsmith-iduffy
force-pushed
the
iduffy/credential-provider-chain
branch
2 times, most recently
from
368db92 to
a60887d
Compare
cloudsmith-iduffy
force-pushed
the
iduffy/credential-helper-base
branch
2 times, most recently
from
4e72204 to
21fe5cf
Compare
cloudsmith-iduffy
force-pushed
the
iduffy/credential-provider-chain
branch
from
1cef871 to
b4b2583
Compare
Add a GitHub Actions workflow that builds and publishes pre-release packages to Cloudsmith for manual testing on a per-PR basis. Trigger by either: - Adding the 'pre-release' label to a PR - Commenting '/pre-release' on a PR (collaborators only) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
cloudsmith-iduffy
force-pushed
the
iduffy/credential-helper-base
branch
from
21fe5cf to
d2cd0d1
Compare
estebangarcia
requested changes
Mar 25, 2026
|
|
||
| return domains | ||
|
|
||
| except Exception as exc: # pylint: disable=broad-exception-caught |
Contributor
There was a problem hiding this comment.
issue: don't ignore this, except for the specific errors only
Comment on lines
+68
to
72
| "console_scripts": [ | ||
| "cloudsmith=cloudsmith_cli.cli.commands.main:main", | ||
| "docker-credential-cloudsmith=cloudsmith_cli.credential_helpers.docker.wrapper:main", | ||
| ] | ||
| }, |
Contributor
There was a problem hiding this comment.
question: Have you tested this with the pyz ?
Comment on lines
+8
to
+38
| from ..common import is_cloudsmith_domain | ||
|
|
||
|
|
||
| def get_credentials(server_url, credential=None, session=None, api_host=None): | ||
| """ | ||
| Get credentials for a Cloudsmith Docker registry. | ||
|
|
||
| Verifies the URL is a Cloudsmith registry (including custom domains) | ||
| and returns credentials if available. | ||
|
|
||
| Args: | ||
| server_url: The Docker registry server URL | ||
| credential: Pre-resolved CredentialResult from the provider chain | ||
| session: Pre-configured requests.Session with proxy/SSL settings | ||
| api_host: Cloudsmith API host URL | ||
|
|
||
| Returns: | ||
| dict: Credentials with 'Username' and 'Secret' keys, or None | ||
| """ | ||
| if not credential or not credential.api_key: | ||
| return None | ||
|
|
||
| if not is_cloudsmith_domain( | ||
| server_url, | ||
| session=session, | ||
| api_key=credential.api_key, | ||
| api_host=api_host, | ||
| ): | ||
| return None | ||
|
|
||
| return {"Username": "token", "Secret": credential.api_key} |
Contributor
There was a problem hiding this comment.
question: why are these in the init.py we try to only use this file for exposing the module's imports.
|
|
||
| click.echo(json.dumps(credentials)) | ||
|
|
||
| except Exception as e: # pylint: disable=broad-exception-caught |
Contributor
There was a problem hiding this comment.
issue: don't ignore this, except for the specific errors only
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Implement the Docker credential helper protocol so Docker can automatically authenticate with Cloudsmith registries (including custom domains) without manual
docker login.Key changes:
cloudsmith credential-helper dockerCLI commanddocker-credential-cloudsmithwrapper binary (entry point)Type of Change
Additional Notes
Manually tested with: