Supporting changes for new docker client (#2344)

* integration test for secrets

* move credentials logic off command.Command

the credential stuff isn't tied to the docker client. This moves logic to helper functions that both clients can use

* move CreateTarFile & CreateAptTarFile to helpers

The monobase helpers from command.Command were calling docker run, instead have them call the run functions on the client since the logic doesn't depend on client implementation

* error helpers

helpers to map errors from different backends to known types. needed to support both clients

* more docker integration tests

* Update go.mod

* fix for merge flub and correct new client func name

* remove some code that's only used in the sdk client

Author: michaeldwan

go.mod

@@ -29,6 +29,7 @@ require (
 	github.com/vincent-petithory/dataurl v1.0.0
 	github.com/xeipuuv/gojsonschema v1.2.0
 	github.com/xeonx/timeago v1.0.0-rc5
+	golang.org/x/crypto v0.37.0
 	golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0
 	golang.org/x/sync v0.14.0
 	golang.org/x/sys v0.33.0
@@ -272,7 +273,6 @@ require (
 	go.uber.org/automaxprocs v1.6.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
-	golang.org/x/crypto v0.37.0 // indirect
 	golang.org/x/exp/typeparams v0.0.0-20250210185358-939b2ce775ac // indirect
 	golang.org/x/mod v0.24.0 // indirect
 	golang.org/x/net v0.39.0 // indirect

pkg/docker/apt.go

@@ -15,8 +15,6 @@ type Command interface {
 	Pull(ctx context.Context, ref string, force bool) (*image.InspectResponse, error)
 	Push(ctx context.Context, ref string) error
 	LoadUserInformation(ctx context.Context, registryHost string) (*UserInfo, error)
-	CreateTarFile(ctx context.Context, ref string, tmpDir string, tarFile string, folder string) (string, error)
-	CreateAptTarFile(ctx context.Context, tmpDir string, aptTarFile string, packages ...string) (string, error)
 	Inspect(ctx context.Context, ref string) (*image.InspectResponse, error)
 	ImageExists(ctx context.Context, ref string) (bool, error)
 	ContainerLogs(ctx context.Context, containerID string, w io.Writer) error

pkg/docker/command/command.go

@@ -29,3 +29,5 @@ func (e *NotFoundError) Is(target error) bool {
 func IsNotFoundError(err error) bool {
 	return errors.Is(err, &NotFoundError{})
 }
+
+var ErrAuthorizationFailed = errors.New("authorization failed")

pkg/docker/command/errors.go

@@ -0,0 +1,88 @@
+package docker
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"os/exec"
+	"strings"
+
+	"github.com/docker/cli/cli/config"
+	"github.com/docker/cli/cli/config/configfile"
+	"github.com/docker/cli/cli/config/types"
+
+	"github.com/replicate/cog/pkg/docker/command"
+	"github.com/replicate/cog/pkg/util/console"
+)
+
+func loadUserInformation(ctx context.Context, registryHost string) (*command.UserInfo, error) {
+	conf := config.LoadDefaultConfigFile(os.Stderr)
+	credsStore := conf.CredentialsStore
+	if credsStore == "" {
+		authConf, err := loadAuthFromConfig(conf, registryHost)
+		if err != nil {
+			return nil, err
+		}
+		return &command.UserInfo{
+			Token:    authConf.Password,
+			Username: authConf.Username,
+		}, nil
+	}
+	credsHelper, err := loadAuthFromCredentialsStore(ctx, credsStore, registryHost)
+	if err != nil {
+		return nil, err
+	}
+	return &command.UserInfo{
+		Token:    credsHelper.Secret,
+		Username: credsHelper.Username,
+	}, nil
+}
+
+func loadAuthFromConfig(conf *configfile.ConfigFile, registryHost string) (types.AuthConfig, error) {
+	return conf.AuthConfigs[registryHost], nil
+}
+
+func loadAuthFromCredentialsStore(ctx context.Context, credsStore string, registryHost string) (*CredentialHelperInput, error) {
+	var out strings.Builder
+	binary := dockerCredentialBinary(credsStore)
+	cmd := exec.CommandContext(ctx, binary, "get")
+	cmd.Env = os.Environ()
+	cmd.Stdout = &out
+	cmd.Stderr = &out
+	stdin, err := cmd.StdinPipe()
+	if err != nil {
+		return nil, err
+	}
+	defer stdin.Close()
+	console.Debug("$ " + strings.Join(cmd.Args, " "))
+	err = cmd.Start()
+	if err != nil {
+		return nil, err
+	}
+	_, err = io.WriteString(stdin, registryHost)
+	if err != nil {
+		return nil, err
+	}
+	err = stdin.Close()
+	if err != nil {
+		return nil, err
+	}
+	err = cmd.Wait()
+	if err != nil {
+		return nil, fmt.Errorf("exec wait error: %w", err)
+	}
+
+	var config CredentialHelperInput
+	err = json.Unmarshal([]byte(out.String()), &config)
+	if err != nil {
+		return nil, err
+	}
+
+	return &config, nil
+}
+
+func dockerCredentialBinary(credsStore string) string {
+	return "docker-credential-" + credsStore
+}