Add Docker configuration authentication to Maven and Gradle plugins

Update the Maven and Gradle plugins to make use of the new Docker
configuration authentication support.

See gh-45269

Signed-off-by: Dmytro Nosan <[email protected]>
Co-authored-by: Phillip Webb <[email protected]>

Author: nosan

spring-boot-project/spring-boot-tools/spring-boot-gradle-plugin/src/docs/antora/modules/gradle-plugin/pages/packaging-oci-image.adoc

@@ -100,6 +100,18 @@ The following table summarizes the available properties for `docker.builderRegis
 
 For more details, see also xref:packaging-oci-image.adoc#build-image.examples.docker[examples].
 
+[NOTE]
+====
+If credentials are not provided, the plugin reads the user's existing Docker configuration file (typically located at `$HOME/.docker/config.json`) to determine authentication methods.
+Using these methods, the plugin attempts to provide authentication credentials for the requested image.
+
+The plugin supports the following authentication methods:
+
+- *Credential Helpers*: External tools configured in the Docker configuration file to provide credentials for specific registries. For example, tools like `osxkeychain` or `ecr-login` handle authentication for certain registries.
+- *Credential Store*: A default fallback mechanism that securely stores and retrieves credentials (e.g., `desktop` for Docker Desktop).
+- *Static Credentials*: Credentials that are stored directly in the Docker configuration file under the `auths` section.
+====
+
 
 
 [[build-image.customization]]

spring-boot-project/spring-boot-tools/spring-boot-gradle-plugin/src/main/java/org/springframework/boot/gradle/tasks/bundling/DockerSpec.java

@@ -145,13 +145,14 @@ private BuilderDockerConfiguration customizeHost(BuilderDockerConfiguration dock
 	}
 
 	private BuilderDockerConfiguration customizeBuilderAuthentication(BuilderDockerConfiguration dockerConfiguration) {
-		return dockerConfiguration
-			.withBuilderRegistryAuthentication(getRegistryAuthentication("builder", this.builderRegistry, null));
+		return dockerConfiguration.withBuilderRegistryAuthentication(getRegistryAuthentication("builder",
+				this.builderRegistry, DockerRegistryAuthentication.configuration(null)));
 	}
 
 	private BuilderDockerConfiguration customizePublishAuthentication(BuilderDockerConfiguration dockerConfiguration) {
-		return dockerConfiguration.withPublishRegistryAuthentication(
-				getRegistryAuthentication("publish", this.publishRegistry, DockerRegistryAuthentication.EMPTY_USER));
+		return dockerConfiguration
+			.withPublishRegistryAuthentication(getRegistryAuthentication("publish", this.publishRegistry,
+					DockerRegistryAuthentication.configuration(DockerRegistryAuthentication.EMPTY_USER)));
 	}
 
 	private DockerRegistryAuthentication getRegistryAuthentication(String type, DockerRegistrySpec registry,

spring-boot-project/spring-boot-tools/spring-boot-gradle-plugin/src/test/java/org/springframework/boot/gradle/tasks/bundling/DockerSpecTests.java

@@ -54,7 +54,7 @@ void prepareDockerSpec(@TempDir File temp) {
 	void asDockerConfigurationWithDefaults() {
 		BuilderDockerConfiguration dockerConfiguration = this.dockerSpec.asDockerConfiguration();
 		assertThat(dockerConfiguration.connection()).isNull();
-		assertThat(dockerConfiguration.builderRegistryAuthentication()).isNull();
+		assertThat(dockerConfiguration.builderRegistryAuthentication().getAuthHeader()).isNull();
 		assertThat(decoded(dockerConfiguration.publishRegistryAuthentication().getAuthHeader()))
 			.contains("\"username\" : \"\"")
 			.contains("\"password\" : \"\"")
@@ -73,7 +73,7 @@ void asDockerConfigurationWithHostConfiguration() {
 		assertThat(host.secure()).isTrue();
 		assertThat(host.certificatePath()).isEqualTo("/tmp/ca-cert");
 		assertThat(dockerConfiguration.bindHostToBuilder()).isFalse();
-		assertThat(dockerConfiguration.builderRegistryAuthentication()).isNull();
+		assertThat(dockerConfiguration.builderRegistryAuthentication().getAuthHeader()).isNull();
 		assertThat(decoded(dockerConfiguration.publishRegistryAuthentication().getAuthHeader()))
 			.contains("\"username\" : \"\"")
 			.contains("\"password\" : \"\"")
@@ -90,7 +90,7 @@ void asDockerConfigurationWithHostConfigurationNoTlsVerify() {
 		assertThat(host.secure()).isFalse();
 		assertThat(host.certificatePath()).isNull();
 		assertThat(dockerConfiguration.bindHostToBuilder()).isFalse();
-		assertThat(dockerConfiguration.builderRegistryAuthentication()).isNull();
+		assertThat(dockerConfiguration.builderRegistryAuthentication().getAuthHeader()).isNull();
 		assertThat(decoded(dockerConfiguration.publishRegistryAuthentication().getAuthHeader()))
 			.contains("\"username\" : \"\"")
 			.contains("\"password\" : \"\"")
@@ -106,7 +106,7 @@ void asDockerConfigurationWithContextConfiguration() {
 			.connection();
 		assertThat(host.context()).isEqualTo("test-context");
 		assertThat(dockerConfiguration.bindHostToBuilder()).isFalse();
-		assertThat(dockerConfiguration.builderRegistryAuthentication()).isNull();
+		assertThat(dockerConfiguration.builderRegistryAuthentication().getAuthHeader()).isNull();
 		assertThat(decoded(dockerConfiguration.publishRegistryAuthentication().getAuthHeader()))
 			.contains("\"username\" : \"\"")
 			.contains("\"password\" : \"\"")
@@ -132,7 +132,7 @@ void asDockerConfigurationWithBindHostToBuilder() {
 		assertThat(host.secure()).isFalse();
 		assertThat(host.certificatePath()).isNull();
 		assertThat(dockerConfiguration.bindHostToBuilder()).isTrue();
-		assertThat(dockerConfiguration.builderRegistryAuthentication()).isNull();
+		assertThat(dockerConfiguration.builderRegistryAuthentication().getAuthHeader()).isNull();
 		assertThat(decoded(dockerConfiguration.publishRegistryAuthentication().getAuthHeader()))
 			.contains("\"username\" : \"\"")
 			.contains("\"password\" : \"\"")
@@ -213,7 +213,7 @@ void asDockerConfigurationWithUserAndTokenAuthFails() {
 	}
 
 	String decoded(String value) {
-		return new String(Base64.getDecoder().decode(value));
+		return (value != null) ? new String(Base64.getDecoder().decode(value)) : value;
 	}
 
 }

spring-boot-project/spring-boot-tools/spring-boot-maven-plugin/src/docs/antora/modules/maven-plugin/pages/build-image.adoc

@@ -115,6 +115,18 @@ The following table summarizes the available parameters for `docker.builderRegis
 
 For more details, see also xref:build-image.adoc#build-image.examples.docker[examples].
 
+[NOTE]
+====
+If credentials are not provided, the plugin reads the user's existing Docker configuration file (typically located at `$HOME/.docker/config.json`) to determine authentication methods.
+Using these methods, the plugin attempts to provide authentication credentials for the requested image.
+
+The plugin supports the following authentication methods:
+
+- *Credential Helpers*: External tools configured in the Docker configuration file to provide credentials for specific registries. For example, tools like `osxkeychain` or `ecr-login` handle authentication for certain registries.
+- *Credential Store*: A default fallback mechanism that securely stores and retrieves credentials (e.g., `desktop` for Docker Desktop).
+- *Static Credentials*: Credentials that are stored directly in the Docker configuration file under the `auths` section.
+====
+
 
 
 [[build-image.customization]]

spring-boot-project/spring-boot-tools/spring-boot-maven-plugin/src/main/java/org/springframework/boot/maven/BuildImageMojo.java

@@ -262,9 +262,9 @@ private void buildImage() throws MojoExecutionException {
 		Libraries libraries = getLibraries(Collections.emptySet());
 		try {
 			BuildRequest request = getBuildRequest(libraries);
-			BuilderDockerConfiguration dockerConfiguration = (this.docker != null)
-					? this.docker.asDockerConfiguration(request.isPublish())
-					: new Docker().asDockerConfiguration(request.isPublish());
+			Docker docker = (this.docker != null) ? this.docker : new Docker();
+			BuilderDockerConfiguration dockerConfiguration = docker.asDockerConfiguration(getLog(),
+					request.isPublish());
 			Builder builder = new Builder(new MojoBuildLog(this::getLog), dockerConfiguration);
 			builder.build(request);
 		}

spring-boot-project/spring-boot-tools/spring-boot-maven-plugin/src/main/java/org/springframework/boot/maven/Docker.java

@@ -16,6 +16,8 @@
 
 package org.springframework.boot.maven;
 
+import org.apache.maven.plugin.logging.Log;
+
 import org.springframework.boot.buildpack.platform.build.BuilderDockerConfiguration;
 import org.springframework.boot.buildpack.platform.docker.configuration.DockerRegistryAuthentication;
 
@@ -141,15 +143,16 @@ void setPublishRegistry(DockerRegistry builderRegistry) {
 	 * Returns this configuration as a {@link BuilderDockerConfiguration} instance. This
 	 * method should only be called when the configuration is complete and will no longer
 	 * be changed.
+	 * @param log the output log
 	 * @param publish whether the image should be published
 	 * @return the Docker configuration
 	 */
-	BuilderDockerConfiguration asDockerConfiguration(boolean publish) {
+	BuilderDockerConfiguration asDockerConfiguration(Log log, boolean publish) {
 		BuilderDockerConfiguration dockerConfiguration = new BuilderDockerConfiguration();
 		dockerConfiguration = customizeHost(dockerConfiguration);
 		dockerConfiguration = dockerConfiguration.withBindHostToBuilder(this.bindHostToBuilder);
-		dockerConfiguration = customizeBuilderAuthentication(dockerConfiguration);
-		dockerConfiguration = customizePublishAuthentication(dockerConfiguration, publish);
+		dockerConfiguration = customizeBuilderAuthentication(log, dockerConfiguration);
+		dockerConfiguration = customizePublishAuthentication(log, dockerConfiguration, publish);
 		return dockerConfiguration;
 	}
 
@@ -167,18 +170,23 @@ private BuilderDockerConfiguration customizeHost(BuilderDockerConfiguration dock
 		return dockerConfiguration;
 	}
 
-	private BuilderDockerConfiguration customizeBuilderAuthentication(BuilderDockerConfiguration dockerConfiguration) {
-		return dockerConfiguration
-			.withBuilderRegistryAuthentication(getRegistryAuthentication("builder", this.builderRegistry, null));
+	private BuilderDockerConfiguration customizeBuilderAuthentication(Log log,
+			BuilderDockerConfiguration dockerConfiguration) {
+		DockerRegistryAuthentication authentication = DockerRegistryAuthentication.configuration(null,
+				(message, ex) -> log.warn(message));
+		return dockerConfiguration.withBuilderRegistryAuthentication(
+				getRegistryAuthentication("builder", this.builderRegistry, authentication));
 	}
 
-	private BuilderDockerConfiguration customizePublishAuthentication(BuilderDockerConfiguration dockerConfiguration,
-			boolean publish) {
+	private BuilderDockerConfiguration customizePublishAuthentication(Log log,
+			BuilderDockerConfiguration dockerConfiguration, boolean publish) {
 		if (!publish) {
 			return dockerConfiguration;
 		}
+		DockerRegistryAuthentication authentication = DockerRegistryAuthentication
+			.configuration(DockerRegistryAuthentication.EMPTY_USER, (message, ex) -> log.warn(message));
 		return dockerConfiguration.withPublishRegistryAuthentication(
-				getRegistryAuthentication("publish", this.publishRegistry, DockerRegistryAuthentication.EMPTY_USER));
+				getRegistryAuthentication("publish", this.publishRegistry, authentication));
 	}
 
 	private DockerRegistryAuthentication getRegistryAuthentication(String type, DockerRegistry registry,

spring-boot-project/spring-boot-tools/spring-boot-maven-plugin/src/test/java/org/springframework/boot/maven/DockerTests.java

@@ -18,6 +18,8 @@
 
 import java.util.Base64;
 
+import org.apache.maven.plugin.logging.Log;
+import org.apache.maven.plugin.logging.SystemStreamLog;
 import org.junit.jupiter.api.Test;
 
 import org.springframework.boot.buildpack.platform.build.BuilderDockerConfiguration;
@@ -34,12 +36,14 @@
  */
 class DockerTests {
 
+	private final Log log = new SystemStreamLog();
+
 	@Test
 	void asDockerConfigurationWithDefaults() {
 		Docker docker = new Docker();
 		BuilderDockerConfiguration dockerConfiguration = createDockerConfiguration(docker);
 		assertThat(dockerConfiguration.connection()).isNull();
-		assertThat(dockerConfiguration.builderRegistryAuthentication()).isNull();
+		assertThat(dockerConfiguration.builderRegistryAuthentication().getAuthHeader()).isNull();
 		assertThat(decoded(dockerConfiguration.publishRegistryAuthentication().getAuthHeader()))
 			.contains("\"username\" : \"\"")
 			.contains("\"password\" : \"\"")
@@ -59,7 +63,7 @@ void asDockerConfigurationWithHostConfiguration() {
 		assertThat(host.secure()).isTrue();
 		assertThat(host.certificatePath()).isEqualTo("/tmp/ca-cert");
 		assertThat(dockerConfiguration.bindHostToBuilder()).isFalse();
-		assertThat(createDockerConfiguration(docker).builderRegistryAuthentication()).isNull();
+		assertThat(createDockerConfiguration(docker).builderRegistryAuthentication().getAuthHeader()).isNull();
 		assertThat(decoded(dockerConfiguration.publishRegistryAuthentication().getAuthHeader()))
 			.contains("\"username\" : \"\"")
 			.contains("\"password\" : \"\"")
@@ -76,7 +80,7 @@ void asDockerConfigurationWithContextConfiguration() {
 			.connection();
 		assertThat(context.context()).isEqualTo("test-context");
 		assertThat(dockerConfiguration.bindHostToBuilder()).isFalse();
-		assertThat(createDockerConfiguration(docker).builderRegistryAuthentication()).isNull();
+		assertThat(createDockerConfiguration(docker).builderRegistryAuthentication().getAuthHeader()).isNull();
 		assertThat(decoded(dockerConfiguration.publishRegistryAuthentication().getAuthHeader()))
 			.contains("\"username\" : \"\"")
 			.contains("\"password\" : \"\"")
@@ -106,7 +110,7 @@ void asDockerConfigurationWithBindHostToBuilder() {
 		assertThat(host.secure()).isTrue();
 		assertThat(host.certificatePath()).isEqualTo("/tmp/ca-cert");
 		assertThat(dockerConfiguration.bindHostToBuilder()).isTrue();
-		assertThat(createDockerConfiguration(docker).builderRegistryAuthentication()).isNull();
+		assertThat(createDockerConfiguration(docker).builderRegistryAuthentication().getAuthHeader()).isNull();
 		assertThat(decoded(dockerConfiguration.publishRegistryAuthentication().getAuthHeader()))
 			.contains("\"username\" : \"\"")
 			.contains("\"password\" : \"\"")
@@ -157,7 +161,7 @@ void asDockerConfigurationWithIncompletePublishUserAuthDoesNotFailIfPublishIsDis
 		Docker docker = new Docker();
 		docker.setPublishRegistry(
 				new Docker.DockerRegistry("user", null, "https://docker.example.com", "[email protected]"));
-		BuilderDockerConfiguration dockerConfiguration = docker.asDockerConfiguration(false);
+		BuilderDockerConfiguration dockerConfiguration = docker.asDockerConfiguration(this.log, false);
 		assertThat(dockerConfiguration.publishRegistryAuthentication()).isNull();
 	}
 
@@ -193,12 +197,12 @@ void asDockerConfigurationWithUserAndTokenAuthDoesNotFailIfPublishingIsDisabled(
 		dockerRegistry.setToken("token");
 		Docker docker = new Docker();
 		docker.setPublishRegistry(dockerRegistry);
-		BuilderDockerConfiguration dockerConfiguration = docker.asDockerConfiguration(false);
+		BuilderDockerConfiguration dockerConfiguration = docker.asDockerConfiguration(this.log, false);
 		assertThat(dockerConfiguration.publishRegistryAuthentication()).isNull();
 	}
 
 	private BuilderDockerConfiguration createDockerConfiguration(Docker docker) {
-		return docker.asDockerConfiguration(true);
+		return docker.asDockerConfiguration(this.log, true);
 	}
 
 	String decoded(String value) {