From 9a156cab691dd30eac269cb842bc46bd4dfa1145 Mon Sep 17 00:00:00 2001
From: clay <clay@clbx.io>
Date: Thu, 9 Feb 2023 14:48:58 -0500
Subject: [PATCH] Add image-pull-secret option (#54)

Added image-pull-secret option to specify an image pull secret for a job that uses an image in a private registry.
---
 README.md       | 5 +++++
 lib/job.jsonnet | 9 +++++++++
 plugin.yml      | 2 ++
 3 files changed, 16 insertions(+)

diff --git a/README.md b/README.md
index a97890d..a75a5d7 100644
--- a/README.md
+++ b/README.md
@@ -79,6 +79,11 @@ Whether to always pull the latest image before running the command. Sets [imageP
 
 Default: `false`
 
+### ``image-pull-secret`` (optional, string)
+
+The name of the secret that holds the credentials for a remote container registry.
+
+
 ### `command` (optional, array)
 
 Sets the command for the container. Useful if the container image has an entrypoint, but requires extra arguments.
diff --git a/lib/job.jsonnet b/lib/job.jsonnet
index 6538457..1b584bc 100644
--- a/lib/job.jsonnet
+++ b/lib/job.jsonnet
@@ -30,6 +30,7 @@ function(jobName, agentEnv={}, stepEnvFile='', patchFunc=identity) patchFunc({
     BUILDKITE_PLUGIN_K8S_AGENT_TOKEN_SECRET_KEY: 'buildkite-agent-token',
     BUILDKITE_PLUGIN_K8S_INIT_IMAGE: 'embarkstudios/k8s-buildkite-agent@sha256:1d88791315ed6b0b49a64055bc71c5a9a0b1953e387f99d25299ed06ccea5dbd',
     BUILDKITE_PLUGIN_K8S_ALWAYS_PULL: false,
+    BUILDKITE_PLUGIN_K8S_IMAGE_PULL_SECRET: '',
     BUILDKITE_PLUGIN_K8S_BUILD_PATH_HOST_PATH: '',
     BUILDKITE_PLUGIN_K8S_BUILD_PATH_PVC: '',
     BUILDKITE_PLUGIN_K8S_GIT_MIRRORS_HOST_PATH: '',
@@ -273,6 +274,12 @@ function(jobName, agentEnv={}, stepEnvFile='', patchFunc=identity) patchFunc({
 
   local deadline = std.parseInt(env.BUILDKITE_TIMEOUT) * 60,
 
+  local imagePullSecrets = 
+    if env.BUILDKITE_PLUGIN_K8S_IMAGE_PULL_SECRET == '' then []
+    else [
+        {name: env.BUILDKITE_PLUGIN_K8S_IMAGE_PULL_SECRET},
+    ],
+
   apiVersion: 'batch/v1',
   kind: 'Job',
   metadata: {
@@ -297,6 +304,8 @@ function(jobName, agentEnv={}, stepEnvFile='', patchFunc=identity) patchFunc({
         restartPolicy: 'Never',
         serviceAccountName: env.BUILDKITE_PLUGIN_K8S_SERVICE_ACCOUNT_NAME,
         initContainers: initContainers,
+        imagePullSecrets: imagePullSecrets,
+
         containers: [
           {
             name: 'step',
diff --git a/plugin.yml b/plugin.yml
index a07c82f..5159fda 100644
--- a/plugin.yml
+++ b/plugin.yml
@@ -9,6 +9,8 @@ configuration:
   properties:
     image:
       type: string
+    image-pull-secret:
+      type: string
     always-pull:
       type: boolean
     command: