Publish warn display env vars

cmd/compose/publish.go

@@ -29,6 +29,8 @@ type publishOptions struct {
 	*ProjectOptions
 	resolveImageDigests bool
 	ociVersion          string
+	withEnvironment     bool
+	force               bool
 }
 
 func publishCommand(p *ProjectOptions, dockerCli command.Cli, backend api.Service) *cobra.Command {
@@ -45,7 +47,10 @@ func publishCommand(p *ProjectOptions, dockerCli command.Cli, backend api.Servic
 	}
 	flags := cmd.Flags()
 	flags.BoolVar(&opts.resolveImageDigests, "resolve-image-digests", false, "Pin image tags to digests")
-	flags.StringVar(&opts.ociVersion, "oci-version", "", "OCI Image/Artifact specification version (automatically determined by default)")
+	flags.StringVar(&opts.ociVersion, "oci-version", "", "OCI image/artifact specification version (automatically determined by default)")
+	flags.BoolVar(&opts.withEnvironment, "with-env", false, "Include environment variables in the published OCI artifact")
+	flags.BoolVarP(&opts.force, "force", "f", false, "Force publish without asking for confirmation")
+
 	return cmd
 }
 
@@ -58,5 +63,7 @@ func runPublish(ctx context.Context, dockerCli command.Cli, backend api.Service,
 	return backend.Publish(ctx, project, repository, api.PublishOptions{
 		ResolveImageDigests: opts.resolveImageDigests,
 		OCIVersion:          api.OCIVersion(opts.ociVersion),
+		WithEnvironment:     opts.withEnvironment,
+		Force:               opts.force,
 	})
 }

docs/reference/compose_alpha_publish.md

@@ -8,8 +8,9 @@ Publish compose application
 | Name                      | Type     | Default | Description                                                                    |
 |:--------------------------|:---------|:--------|:-------------------------------------------------------------------------------|
 | `--dry-run`               | `bool`   |         | Execute command in dry run mode                                                |
-| `--oci-version`           | `string` |         | OCI Image/Artifact specification version (automatically determined by default) |
+| `--oci-version`           | `string` |         | OCI image/artifact specification version (automatically determined by default) |
 | `--resolve-image-digests` | `bool`   |         | Pin image tags to digests                                                      |
+| `--with-env`              | `bool`   |         | Include environment variables in the published OCI artifact                    |
 
 
 <!---MARKER_GEN_END-->

docs/reference/docker_compose_alpha_publish.yaml

@@ -8,7 +8,7 @@ options:
     - option: oci-version
       value_type: string
       description: |
-        OCI Image/Artifact specification version (automatically determined by default)
+        OCI image/artifact specification version (automatically determined by default)
       deprecated: false
       hidden: false
       experimental: false
@@ -25,6 +25,16 @@ options:
       experimentalcli: false
       kubernetes: false
       swarm: false
+    - option: with-env
+      value_type: bool
+      default_value: "false"
+      description: Include environment variables in the published OCI artifact
+      deprecated: false
+      hidden: false
+      experimental: false
+      experimentalcli: false
+      kubernetes: false
+      swarm: false
 inherited_options:
     - option: dry-run
       value_type: bool

pkg/api/api.go

@@ -420,6 +420,8 @@ const (
 // PublishOptions group options of the Publish API
 type PublishOptions struct {
 	ResolveImageDigests bool
+	WithEnvironment     bool
+	Force               bool
 
 	OCIVersion OCIVersion
 }

pkg/compose/publish.go

@@ -17,8 +17,14 @@
 package compose
 
 import (
+	"bufio"
 	"context"
+	"fmt"
+	"golang.org/x/exp/maps"
 	"os"
+	"strings"
+
+	"github.com/docker/cli/cli/command"
 
 	"github.com/compose-spec/compose-go/v2/types"
 	"github.com/distribution/reference"
@@ -35,7 +41,14 @@ func (s *composeService) Publish(ctx context.Context, project *types.Project, re
 }
 
 func (s *composeService) publish(ctx context.Context, project *types.Project, repository string, options api.PublishOptions) error {
-	err := s.Push(ctx, project, api.PushOptions{IgnoreFailures: true, ImageMandatory: true})
+	accept, err := s.preChecks(project, options)
+	if err != nil {
+		return err
+	}
+	if !accept {
+		return nil
+	}
+	err = s.Push(ctx, project, api.PushOptions{IgnoreFailures: true, ImageMandatory: true})
 	if err != nil {
 		return err
 	}
@@ -120,3 +133,56 @@ func (s *composeService) generateImageDigestsOverride(ctx context.Context, proje
 	}
 	return override.MarshalYAML()
 }
+
+func (s *composeService) preChecks(project *types.Project, options api.PublishOptions) (bool, error) {
+	envVariables := types.MappingWithEquals{}
+	for _, service := range project.Services {
+		if err := s.checkEnvironmentVariables(service, options); err != nil {
+			return false, err
+		}
+		maps.Copy(envVariables, service.Environment)
+	}
+	if !options.Force && len(envVariables) > 0 {
+		fmt.Println("you are about to publish environment variables within your OCI artifact.\n" +
+			"please double check that you are not leaking sensitive data")
+		for key, val := range envVariables {
+			fmt.Fprintf(s.dockerCli.Out(), "%s=%v\n", key, *val)
+		}
+		return acceptPublishEnvVariables(s.dockerCli)
+	}
+	return true, nil
+}
+
+func (s *composeService) checkEnvironmentVariables(service types.ServiceConfig, options api.PublishOptions) error {
+	if !options.WithEnvironment {
+		if len(service.EnvFiles) > 0 {
+			return fmt.Errorf("service %q has env_file declared. To avoid leaking sensitive data, "+
+				"you must either explicitly allow the sending of environment variables by using the --with-env flag,"+
+				" or remove sensitive data from your Compose configuration", service.Name)
+		}
+		if len(service.Environment) > 0 {
+			return fmt.Errorf("service %q has environment variable(s) declared. To avoid leaking sensitive data, "+
+				"you must either explicitly allow the sending of environment variables by using the --with-env flag,"+
+				" or remove sensitive data from your Compose configuration", service.Name)
+		}
+	}
+	return nil
+}
+
+func acceptPublishEnvVariables(cli command.Cli) (bool, error) {
+	fmt.Fprint(cli.Out(), "Are you ok to publish these environment variables? [y/N]: ")
+	reader := bufio.NewReader(cli.In())
+	input, err := reader.ReadString('\n')
+	if err != nil {
+		return false, err
+	}
+	input = strings.ToLower(strings.TrimSpace(input))
+	switch input {
+	case "", "n", "no":
+		return false, nil
+	case "y", "yes":
+		return true, nil
+	default: // anything else reject the consent
+		return false, nil
+	}
+}

pkg/e2e/fixtures/publish/compose-env-file.yml

@@ -0,0 +1,7 @@
+services:
+  serviceA:
+    image: "alpine:3.12"
+    env_file:
+      - publish.env
+  serviceB:
+    image: "alpine:3.12"

pkg/e2e/fixtures/publish/compose-environment.yml

@@ -0,0 +1,7 @@
+services:
+  serviceA:
+    image: "alpine:3.12"
+    environment:
+        - "FOO=bar"
+  serviceB:
+    image: "alpine:3.12"

pkg/e2e/fixtures/publish/publish.env

@@ -0,0 +1,2 @@
+FOO=bar
+QUIX=

pkg/e2e/publish_test.go

@@ -0,0 +1,78 @@
+/*
+   Copyright 2020 Docker Compose CLI authors
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package e2e
+
+import (
+	"strings"
+	"testing"
+
+	"gotest.tools/v3/assert"
+	"gotest.tools/v3/icmd"
+)
+
+func TestPublishChecks(t *testing.T) {
+	c := NewParallelCLI(t)
+	const projectName = "compose-e2e-explicit-profiles"
+
+	t.Run("publish error environment", func(t *testing.T) {
+		res := c.RunDockerComposeCmdNoCheck(t, "-f", "./fixtures/publish/compose-environment.yml",
+			"-p", projectName, "alpha", "publish", "test/test")
+		res.Assert(t, icmd.Expected{ExitCode: 1, Err: `service "serviceA" has environment variable(s) declared. To avoid leaking sensitive data,`})
+	})
+
+	t.Run("publish error env_file", func(t *testing.T) {
+		res := c.RunDockerComposeCmdNoCheck(t, "-f", "./fixtures/publish/compose-env-file.yml",
+			"-p", projectName, "alpha", "publish", "test/test")
+		res.Assert(t, icmd.Expected{ExitCode: 1, Err: `service "serviceA" has env_file declared. To avoid leaking sensitive data,`})
+	})
+
+	t.Run("publish success environment", func(t *testing.T) {
+		res := c.RunDockerComposeCmd(t, "-f", "./fixtures/publish/compose-environment.yml",
+			"-p", projectName, "alpha", "publish", "test/test", "--with-env", "-f", "--dry-run")
+		assert.Assert(t, strings.Contains(res.Combined(), "test/test publishing"), res.Combined())
+		assert.Assert(t, strings.Contains(res.Combined(), "test/test published"), res.Combined())
+	})
+
+	t.Run("publish success env_file", func(t *testing.T) {
+		res := c.RunDockerComposeCmd(t, "-f", "./fixtures/publish/compose-env-file.yml",
+			"-p", projectName, "alpha", "publish", "test/test", "--with-env", "-f", "--dry-run")
+		assert.Assert(t, strings.Contains(res.Combined(), "test/test publishing"), res.Combined())
+		assert.Assert(t, strings.Contains(res.Combined(), "test/test published"), res.Combined())
+	})
+
+	t.Run("publish approve validation message", func(t *testing.T) {
+		cmd := c.NewDockerComposeCmd(t, "-f", "./fixtures/publish/compose-env-file.yml",
+			"-p", projectName, "alpha", "publish", "test/test", "--with-env", "--dry-run")
+		cmd.Stdin = strings.NewReader("y\n")
+		res := icmd.RunCmd(cmd)
+		res.Assert(t, icmd.Expected{ExitCode: 0})
+		assert.Assert(t, strings.Contains(res.Combined(), "Are you ok to publish these environment variables? [y/N]:"), res.Combined())
+		assert.Assert(t, strings.Contains(res.Combined(), "test/test publishing"), res.Combined())
+		assert.Assert(t, strings.Contains(res.Combined(), "test/test published"), res.Combined())
+	})
+
+	t.Run("publish refuse validation message", func(t *testing.T) {
+		cmd := c.NewDockerComposeCmd(t, "-f", "./fixtures/publish/compose-env-file.yml",
+			"-p", projectName, "alpha", "publish", "test/test", "--with-env", "--dry-run")
+		cmd.Stdin = strings.NewReader("n\n")
+		res := icmd.RunCmd(cmd)
+		res.Assert(t, icmd.Expected{ExitCode: 0})
+		assert.Assert(t, strings.Contains(res.Combined(), "Are you ok to publish these environment variables? [y/N]:"), res.Combined())
+		assert.Assert(t, !strings.Contains(res.Combined(), "test/test publishing"), res.Combined())
+		assert.Assert(t, !strings.Contains(res.Combined(), "test/test published"), res.Combined())
+	})
+}