--plugin-secret support for Cloud Run

datasette/publish/cloudrun.py

@@ -1,6 +1,7 @@
 from datasette import hookimpl
 import click
 import json
+import os
 from subprocess import check_call, check_output
 
 from .common import (
@@ -24,6 +25,11 @@ def publish_subcommand(publish):
         "--service", default="", help="Cloud Run service to deploy (or over-write)"
     )
     @click.option("--spatialite", is_flag=True, help="Enable SpatialLite extension")
+    @click.option(
+        "--show-files",
+        is_flag=True,
+        help="Output the generated Dockerfile and metadata.json",
+    )
     def cloudrun(
         files,
         metadata,
@@ -45,6 +51,7 @@ def publish_subcommand(publish):
         name,
         service,
         spatialite,
+        show_files,
     ):
         fail_if_publish_binary_not_installed(
             "gcloud", "Google Cloud", "https://cloud.google.com/sdk/"
@@ -53,6 +60,30 @@ def publish_subcommand(publish):
             "gcloud config get-value project", shell=True, universal_newlines=True
         ).strip()
 
+        extra_metadata = {
+            "title": title,
+            "license": license,
+            "license_url": license_url,
+            "source": source,
+            "source_url": source_url,
+            "about": about,
+            "about_url": about_url,
+        }
+
+        environment_variables = {}
+        if plugin_secret:
+            extra_metadata["plugins"] = {}
+            for plugin_name, plugin_setting, setting_value in plugin_secret:
+                environment_variable = (
+                    "{}_{}".format(plugin_name, plugin_setting)
+                    .upper()
+                    .replace("-", "_")
+                )
+                environment_variables[environment_variable] = setting_value
+                extra_metadata["plugins"].setdefault(plugin_name, {})[
+                    plugin_setting
+                ] = {"$env": environment_variable}
+
         with temporary_docker_directory(
             files,
             name,
@@ -65,16 +96,17 @@ def publish_subcommand(publish):
             install,
             spatialite,
             version_note,
-            {
+            extra_metadata,
-                "title": title,
+            environment_variables,
-                "license": license,
-                "license_url": license_url,
-                "source": source,
-                "source_url": source_url,
-                "about": about,
-                "about_url": about_url,
-            },
         ):
+            if show_files:
+                if os.path.exists("metadata.json"):
+                    print("=== metadata.json ===\n")
+                    print(open("metadata.json").read())
+                print("\n==== Dockerfile ====\n")
+                print(open("Dockerfile").read())
+                print("\n====================\n")
+
             image_id = "gcr.io/{project}/{name}".format(project=project, name=name)
             check_call("gcloud builds submit --tag {}".format(image_id), shell=True)
         check_call(

docs/datasette-publish-cloudrun-help.txt

@@ -24,4 +24,5 @@ Options:
   -n, --name TEXT                 Application name to use when building
   --service TEXT                  Cloud Run service to deploy (or over-write)
   --spatialite                    Enable SpatialLite extension
+  --show-files                    Output the generated Dockerfile and metadata.json
   --help                          Show this message and exit.

tests/test_publish_cloudrun.py

@@ -1,6 +1,7 @@
 from click.testing import CliRunner
 from datasette import cli
 from unittest import mock
+import json
 
 
 @mock.patch("shutil.which")
@@ -46,3 +47,56 @@ def test_publish_cloudrun(mock_call, mock_output, mock_which):
                 ),
             ]
         )
+
+
+@mock.patch("shutil.which")
+@mock.patch("datasette.publish.cloudrun.check_output")
+@mock.patch("datasette.publish.cloudrun.check_call")
+def test_publish_cloudrun_plugin_secrets(mock_call, mock_output, mock_which):
+    mock_which.return_value = True
+    mock_output.return_value = "myproject"
+
+    runner = CliRunner()
+    with runner.isolated_filesystem():
+        open("test.db", "w").write("data")
+        result = runner.invoke(
+            cli.cli,
+            [
+                "publish",
+                "cloudrun",
+                "test.db",
+                "--plugin-secret",
+                "datasette-auth-github",
+                "client_id",
+                "x-client-id",
+                "--show-files",
+            ],
+        )
+        dockerfile = (
+            result.output.split("==== Dockerfile ====\n")[1]
+            .split("\n====================\n")[0]
+            .strip()
+        )
+        expected = """FROM python:3.6
+COPY . /app
+WORKDIR /app
+
+ENV DATASETTE_AUTH_GITHUB_CLIENT_ID 'x-client-id'
+RUN pip install -U datasette
+RUN datasette inspect test.db --inspect-file inspect-data.json
+ENV PORT 8001
+EXPOSE 8001
+CMD datasette serve --host 0.0.0.0 -i test.db --cors --inspect-file inspect-data.json --metadata metadata.json --port $PORT""".strip()
+        assert expected == dockerfile
+        metadata = (
+            result.output.split("=== metadata.json ===\n")[1]
+            .split("\n==== Dockerfile ====\n")[0]
+            .strip()
+        )
+        assert {
+            "plugins": {
+                "datasette-auth-github": {
+                    "client_id": {"$env": "DATASETTE_AUTH_GITHUB_CLIENT_ID"}
+                }
+            }
+        } == json.loads(metadata)