feat: add support for gopass as a credential store

[sudoforge]

This change adds support for gopass as a credential store, based on
the pass implementation.

Closes #138
Closes #166

[crazy-max]

Thanks for your contrib, please check CI issues.

Also missing build-gopass make target in build-linux, build-darwin and build-windows stages in the Dockerfile.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 54.07407% with 62 lines in your changes missing coverage. Please review.

Project coverage is 52.41%. Comparing base (f9d3010) to head (5ae6a86).

Files with missing lines	Patch %	Lines
gopass/gopass.go	54.88%	42 Missing and 18 partials ⚠️
gopass/cmd/main.go	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #268      +/-   ##
==========================================
+ Coverage   52.08%   52.41%   +0.33%     
==========================================
  Files          13       15       +2     
  Lines         672      807     +135     
==========================================
+ Hits          350      423      +73     
- Misses        278      322      +44     
- Partials       44       62      +18     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[crazy-max]

Thanks for your contrib, please check CI issues.

@sudoforge ^

[sudoforge]

Thanks for your contrib, please check CI issues.

@sudoforge ^

Yep, I'm aware of this and have a WIP solution that should resolve the build/test matrice failures.

[sudoforge]

I have created a commit which restricts pipeline steps that upload artifacts and/or consume secrets to this upstream repository, allowing me to enable actions in my fork, so that I can iterate on this freely.

[sudoforge]

The Windows pipeline now passes: https://github.com/sudoforge/docker-credential-helpers/actions/runs/9899993331/job/27349937852

This tree will now pass all of the pipelines. It has (since the last time it was reviewed) received a few changes:

• A second commit was added that restricts the execution of several pipeline steps to this repository (docker/docker-credentials-helper). The commit message contains the full context for why this was done, and given the fact that worklows require maintainer approval in this repository, I think it is something that should make it in-tree. Please let me know if you'd rather have this submitted in a second PR (I'd greatly prefer this if you plan to squash merge this tree; this is a logically independent commit and should not be squashed with the other).

• The commit adding support for gopass also touches the workflow file, namely, enabling the import of the GPG key for the Windows pipeline. This is necessary for the gopass pipeline to succeed.

[sudoforge]

Due to the lack of response from any maintainer, I feel compelled to let people know that they are able to build from my fork and use it, if they desire gopass support. I will keep it up-to-date, and I've enabled issues in it. You are welcome to open issues for gopass, or requests to rebase on top of upstream, explicitly.

I will accept no other contributions to the fork at this point in time.

[jmacdonald]

@sudoforge thank you for chasing this! It's disappointing that it may not get merged in, but I can definitely use your fork. Appreciate the work you've put in here. 🍻

[sudoforge]

My fork (also tied to this PR) has been rebased on top of docker/docker-credential-helpers:f9d3010165b642df37215b1be945552f2c6f0e3b.

[sudoforge]

I spent some time today refactoring my tree in order to utilize an API from gopasspw/gopass instead of shelling out to the command line, which is faster, less error-prone, and simplifies interaction with the store.

An area that is still lackluster are tests. In particular, I have a desire to introduce a mocked git repository and gopass cli (wrt configuration, at least), in order to ensure that the tests are fully encapsulated and do not have side effects. This will have to wait until I have more time in the future.

[sudoforge]

Updated the pipeline to utilize the most recent release of gopass (1.15.15).

[sudoforge]

gopasspw/gopass:1.15.15 (as a library) requires go:1.23.2 at minimum. i updated go.mod to require 1.23.6, as it is the latest available release (and this is what's being used elsewhere in this repository - a767624).

if we'd prefer that i do not upgrade the required version of go, i could refactor this tree to use an older revision of the library.

also, yes, it added a few indirect dependencies. is there a particular reason we're vendoring deps?

[sudoforge]

The most recent push added backwards-compatibility for the pass helper (a key difference between the two is the secret schema: this tree base64-encodes the usernames in addition to the registry URLs).

[sudoforge]

The most recent pushes to my tree were me fighting with the build-deb pipeline. As of 9082d90, issues are fixed.