container-diff should accept registry authentication via parameter

[kenotsolutions]

Hi,

container-diff tries to solve registry authentication via docker login or docker-credential-gcr but the tool can be used inside CICD pipeline so I think the "--registry-auth" and --registry-address could be useful here. Please consider the feature.

container-diff analyze ubuntu --registry-auth="base64 user:password" --registry-address="hub.docker.com"

container-diff diff ubuntu:v1 test/ubuntuv:2 --registry-auth-diff1="base64 user:password" --registry-address-diff1="hub.docker.com" --registry-auth-diff2="base64 user2:password2" --registry-address-diff2="test.docker.com"

[TBG-FR]

I agree, I'm building a CICD job that will use container-diff, but I don't have docker installed on that tool image, a parameter would be useful.

For now I'll be trying with https://github.com/docker/docker-credential-helpers but it looks like I will need docker to do a docker login 😵

[TBG-FR]

Alright, here is the workaround for a CICD pipeline that cannot use docker login or docker-credentials-helpers

# Manually build the configuration file, with "unsafe" storage with values in base64
REGISTRY_CFG="{'auths':{'${CI_REGISTRY}':{'auth':'$(echo -n ${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD}|base64)'}}}"

# Replace all simple quote with double quotes
REGISTRY_CFG=$(echo "${KANIKO_CFG}" | tr \' \")

# Make sure that the target directory exists
mkdir -p ~/.docker

# Write the configuration to the target file
echo $REGISTRY_CFG > ~/.docker/config.json

# And voilà, you can now use container-diff !
container-diff diff ${CI_REGISTRY}/your/repo/path/image-a:tag ${CI_REGISTRY}/your/repo/path/image-b:tag --type=apt --json > container-diff-apt.json;    

If you need multiple registries, I think you can adapt these lines, and write multiple entries in the ~/.docker/config.json 😉