From f280ab0c6004c4567597b343787bf1acfad9b1dc Mon Sep 17 00:00:00 2001
From: Darren Shepherd <darren@acorn.io>
Date: Sat, 19 Aug 2023 20:18:30 -0700
Subject: [PATCH] Depot integration

This is hack to leverage depot.dev for building. This will change in
the future and this is only a quick experiment.

Signed-off-by: Darren Shepherd <darren@acorn.io>
---
 go.mod                             |   8 ++-
 go.sum                             |  20 +++---
 pkg/build/buildkit/build.go        |  49 +++++++------
 pkg/build/buildkit/client.go       |  27 +++++++
 pkg/build/depot/depot.go           | 109 +++++++++++++++++++++++++++++
 pkg/controller/builder/builder.go  |   7 +-
 pkg/controller/builder/depot.go    |  34 +++++++++
 pkg/imagesystem/buildertemplate.go |  38 +++++++++-
 8 files changed, 256 insertions(+), 36 deletions(-)
 create mode 100644 pkg/build/buildkit/client.go
 create mode 100644 pkg/build/depot/depot.go
 create mode 100644 pkg/controller/builder/depot.go

diff --git a/go.mod b/go.mod
index 651be0075..6fe5e3f7f 100644
--- a/go.mod
+++ b/go.mod
@@ -25,6 +25,7 @@ require (
 	github.com/containerd/console v1.0.3
 	github.com/containerd/containerd v1.6.20
 	github.com/denisbrodbeck/machineid v1.0.1
+	github.com/depot/depot-go v0.0.0-20230819013533-12cec5cbd2f9
 	github.com/docker/cli v23.0.5+incompatible
 	github.com/docker/docker-credential-helpers v0.7.0
 	github.com/go-acme/lego/v4 v4.9.1
@@ -52,7 +53,7 @@ require (
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.8.4
-	github.com/tonistiigi/fsutil v0.0.0-20230407161946-9e7a6df48576
+	github.com/tonistiigi/fsutil v0.0.0-20230629203738-36ef4d8c0dbb
 	github.com/wI2L/jsondiff v0.3.0
 	golang.org/x/crypto v0.11.0
 	golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1
@@ -103,13 +104,14 @@ require (
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/bmatcuk/doublestar v1.1.1 // indirect
 	github.com/bombsimon/logrusr/v4 v4.0.0 // indirect
+	github.com/bufbuild/connect-go v1.7.0 // indirect
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/cloudflare/circl v1.3.3 // indirect
 	github.com/cockroachdb/apd/v2 v2.0.2 // indirect
-	github.com/containerd/continuity v0.3.1-0.20230206214859-2a963a2f56e8 // indirect
+	github.com/containerd/continuity v0.4.1 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
-	github.com/containerd/typeurl v1.0.2 // indirect
+	github.com/containerd/typeurl v1.0.3-0.20220422153119-7f6e6d160d67 // indirect
 	github.com/coreos/go-semver v0.3.0 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
diff --git a/go.sum b/go.sum
index 0cfd1d92f..66b714181 100644
--- a/go.sum
+++ b/go.sum
@@ -169,6 +169,8 @@ github.com/bmatcuk/doublestar v1.1.1 h1:YroD6BJCZBYx06yYFEWvUuKVWQn3vLLQAVmDmvTS
 github.com/bmatcuk/doublestar v1.1.1/go.mod h1:UD6OnuiIn0yFxxA2le/rnRU1G4RaI4UvFv1sNto9p6w=
 github.com/bombsimon/logrusr/v4 v4.0.0 h1:Pm0InGphX0wMhPqC02t31onlq9OVyJ98eP/Vh63t1Oo=
 github.com/bombsimon/logrusr/v4 v4.0.0/go.mod h1:pjfHC5e59CvjTBIU3V3sGhFWFAnsnhOR03TRc6im0l8=
+github.com/bufbuild/connect-go v1.7.0 h1:MGp82v7SCza+3RhsVhV7aMikwxvI3ZfD72YiGt8FYJo=
+github.com/bufbuild/connect-go v1.7.0/go.mod h1:GmMJYR6orFqD0Y6ZgX8pwQ8j9baizDrIQMm1/a6LnHk=
 github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
 github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
@@ -202,15 +204,15 @@ github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARu
 github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
 github.com/containerd/containerd v1.6.20 h1:+itjwpdqXpzHB/QAiWc/BZCjjVfcNgw69w/oIeF4Oy0=
 github.com/containerd/containerd v1.6.20/go.mod h1:apei1/i5Ux2FzrK6+DM/suEsGuK/MeVOfy8tR2q7Wnw=
-github.com/containerd/continuity v0.3.1-0.20230206214859-2a963a2f56e8 h1:EdSQb65ohzz4jsyPOhxfu3/+c9nnU0euk0otferwl9A=
-github.com/containerd/continuity v0.3.1-0.20230206214859-2a963a2f56e8/go.mod h1:wJEAIwKOm/pBZuBd0JmeTvnLquTB1Ag8espWhkykbPM=
+github.com/containerd/continuity v0.4.1 h1:wQnVrjIyQ8vhU2sgOiL5T07jo+ouqc2bnKsv5/EqGhU=
+github.com/containerd/continuity v0.4.1/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
 github.com/containerd/fifo v1.0.0 h1:6PirWBr9/L7GDamKr+XM0IeUFXu5mf3M/BPpH9gaLBU=
 github.com/containerd/nydus-snapshotter v0.3.1 h1:b8WahTrPkt3XsabjG2o/leN4fw3HWZYr+qxo/Z8Mfzk=
 github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k=
 github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o=
-github.com/containerd/ttrpc v1.1.1 h1:NoRHS/z8UiHhpY1w0xcOqoJDGf2DHyzXrF0H4l5AE8c=
-github.com/containerd/typeurl v1.0.2 h1:Chlt8zIieDbzQFzXzAeBEF92KhExuE4p9p92/QmY7aY=
-github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s=
+github.com/containerd/ttrpc v1.2.2 h1:9vqZr0pxwOF5koz6N0N3kJ0zDHokrcPxIR/ZR2YFtOs=
+github.com/containerd/typeurl v1.0.3-0.20220422153119-7f6e6d160d67 h1:rQvjv7gRi6Ki/NS/U9oLZFhqyk4dh/GH2M3o/4BRkMM=
+github.com/containerd/typeurl v1.0.3-0.20220422153119-7f6e6d160d67/go.mod h1:HDkcKOXRnX6yKnXv3P0QrogFi0DoiauK/LpQi961f0A=
 github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
@@ -229,6 +231,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/denisbrodbeck/machineid v1.0.1 h1:geKr9qtkB876mXguW2X6TU4ZynleN6ezuMSRhl4D7AQ=
 github.com/denisbrodbeck/machineid v1.0.1/go.mod h1:dJUwb7PTidGDeYyUBmXZ2GphQBbjJCrnectwCyxcUSI=
+github.com/depot/depot-go v0.0.0-20230819013533-12cec5cbd2f9 h1:gDdcF3XMiwp+9Y2Dadvw9DoksTu0LAZa3fPM86kiquA=
+github.com/depot/depot-go v0.0.0-20230819013533-12cec5cbd2f9/go.mod h1:og+szXmMHfWHE0ivSLnYnbkVcSxTSuYc/hlRdDS/p2s=
 github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g=
 github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA=
 github.com/digitorus/pkcs7 v0.0.0-20221019075359-21b8b40e6bb4/go.mod h1:SKVExuS+vpu2l9IoOc0RwqE7NYnb0JlcFHFnEJkVDzc=
@@ -870,8 +874,8 @@ github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhso
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0=
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE=
-github.com/tonistiigi/fsutil v0.0.0-20230407161946-9e7a6df48576 h1:fZXPQDVh5fm2x7pA0CH1TtH80tiZ0L7i834kZqZN8Pw=
-github.com/tonistiigi/fsutil v0.0.0-20230407161946-9e7a6df48576/go.mod h1:q1CxMSzcAbjUkVGHoZeQUcCaALnaE4XdWk+zJcgMYFw=
+github.com/tonistiigi/fsutil v0.0.0-20230629203738-36ef4d8c0dbb h1:uUe8rNyVXM8moActoBol6Xf6xX2GMr7SosR2EywMvGg=
+github.com/tonistiigi/fsutil v0.0.0-20230629203738-36ef4d8c0dbb/go.mod h1:SxX/oNQ/ag6Vaoli547ipFK9J7BZn5JqJG0JE8lf8bA=
 github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea h1:SXhTLE6pb6eld/v/cCndK0AMpt1wiVFb/YYmqB3/QG0=
 github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea/go.mod h1:WPnis/6cRcDZSUvVmezrxJPkiO87ThFYsoUiMwWNDJk=
 github.com/tonistiigi/vt100 v0.0.0-20210615222946-8066bb97264f h1:DLpt6B5oaaS8jyXHa9VA4rrZloBVPVXeCtrOsrFauxc=
@@ -1420,7 +1424,7 @@ gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
-gotest.tools/v3 v3.1.0 h1:rVV8Tcg/8jHUkPUorwjaMTtemIMVXfIPKiOqnhEhakk=
+gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY=
 honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
diff --git a/pkg/build/buildkit/build.go b/pkg/build/buildkit/build.go
index c8d956388..bf41e1cdc 100644
--- a/pkg/build/buildkit/build.go
+++ b/pkg/build/buildkit/build.go
@@ -43,23 +43,14 @@ func Build(ctx context.Context, pushRepo string, local bool, cwd string, platfor
 	)
 
 	if len(platforms) == 0 {
-		workers, err := bkc.ListWorkers(ctx)
-		if err != nil {
-			return nil, nil, err
-		}
-		if len(workers) == 0 {
-			return nil, nil, fmt.Errorf("no workers found on buildkit server")
-		}
-		if len(workers[0].Platforms) == 0 {
-			return nil, nil, fmt.Errorf("no platforms found on workers on buildkit server")
-		}
+		defaultPlatform := cplatforms.DefaultSpec()
 		platforms = []v1.Platform{
 			{
-				Architecture: workers[0].Platforms[0].Architecture,
-				OS:           workers[0].Platforms[0].OS,
-				OSVersion:    workers[0].Platforms[0].OSVersion,
-				OSFeatures:   workers[0].Platforms[0].OSFeatures,
-				Variant:      workers[0].Platforms[0].Variant,
+				Architecture: defaultPlatform.Architecture,
+				OS:           defaultPlatform.OS,
+				OSVersion:    defaultPlatform.OSVersion,
+				OSFeatures:   defaultPlatform.OSFeatures,
+				Variant:      defaultPlatform.Variant,
 			},
 		}
 	}
@@ -114,22 +105,38 @@ func Build(ctx context.Context, pushRepo string, local bool, cwd string, platfor
 			options.FrontendAttrs["build-arg:"+key] = value
 		}
 
-		ch, progressDone := progress(messages)
-		defer func() { <-progressDone }()
-
-		res, err := bkc.Solve(ctx, nil, options, ch)
+		imageName, err := buildImage(ctx, pushRepo, options, messages)
 		if err != nil {
 			return nil, nil, err
 		}
 
-		imageName := pushRepo + "@" + res.ExporterResponse["containerimage.digest"]
 		result = append(result, imageName)
 	}
 
 	return platforms, result, nil
 }
 
-func progress(messages buildclient.Messages) (chan *buildkit.SolveStatus, chan struct{}) {
+func buildImage(ctx context.Context, pushRepo string, options buildkit.SolveOpt, messages buildclient.Messages) (imageName string, returnErr error) {
+	bkc, bkcClose, err := newClient(ctx, pushRepo, options.FrontendAttrs["platform"])
+	if err != nil {
+		return "", err
+	}
+	defer func() {
+		bkcClose(returnErr)
+	}()
+
+	ch, progressDone := progressWriter(messages)
+	defer func() { <-progressDone }()
+
+	res, err := bkc.Solve(ctx, nil, options, ch)
+	if err != nil {
+		return "", err
+	}
+
+	return pushRepo + "@" + res.ExporterResponse["containerimage.digest"], nil
+}
+
+func progressWriter(messages buildclient.Messages) (chan *buildkit.SolveStatus, chan struct{}) {
 	var (
 		done      = make(chan struct{})
 		ch        = make(chan *buildkit.SolveStatus, 1)
diff --git a/pkg/build/buildkit/client.go b/pkg/build/buildkit/client.go
new file mode 100644
index 000000000..58afe33d6
--- /dev/null
+++ b/pkg/build/buildkit/client.go
@@ -0,0 +1,27 @@
+package buildkit
+
+import (
+	"context"
+	"os"
+
+	"github.com/acorn-io/runtime/pkg/build/depot"
+	"github.com/moby/buildkit/client"
+)
+
+var (
+	depotToken   = os.Getenv("DEPOT_TOKEN")
+	depotProject = os.Getenv("DEPOT_PROJECT_ID")
+)
+
+func newClient(ctx context.Context, image, platform string) (*client.Client, func(error), error) {
+	if depotToken != "" && depotProject != "" {
+		return depot.Client(ctx, depotProject, depotToken, image, platform)
+	}
+	bkc, err := client.New(ctx, "")
+	if err != nil {
+		return nil, nil, err
+	}
+	return bkc, func(_ error) {
+		_ = bkc.Close()
+	}, nil
+}
diff --git a/pkg/build/depot/depot.go b/pkg/build/depot/depot.go
new file mode 100644
index 000000000..c0598a73d
--- /dev/null
+++ b/pkg/build/depot/depot.go
@@ -0,0 +1,109 @@
+package depot
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/depot/depot-go/build"
+	"github.com/depot/depot-go/machine"
+	cliv1 "github.com/depot/depot-go/proto/depot/cli/v1"
+	buildkit "github.com/moby/buildkit/client"
+	"github.com/sirupsen/logrus"
+)
+
+func Client(ctx context.Context, project, token, image, platform string) (*buildkit.Client, func(error), error) {
+	b, err := newBuilder(ctx, project, token, image, platform)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return b.client, b.Close, nil
+}
+
+type builder struct {
+	project string
+	token   string
+	machine *machine.Machine
+	build   *build.Build
+	client  *buildkit.Client
+}
+
+func (b *builder) Close(err error) {
+	if b.machine != nil {
+		if err := b.machine.Release(); err != nil {
+			logrus.Errorf("failed to release machine: %v", err)
+		}
+		b.machine = nil
+	}
+	if b.build != nil {
+		b.build.Finish(err)
+		b.build = nil
+	}
+	if b.client != nil {
+		_ = b.client.Close()
+		b.client = nil
+	}
+}
+
+func newBuilder(ctx context.Context, project, token, image, platform string) (_ *builder, returnErr error) {
+	if strings.Contains(platform, "arm64") {
+		platform = "arm64"
+	} else {
+		platform = "amd64"
+	}
+
+	req := &cliv1.CreateBuildRequest{
+		ProjectId: project,
+		Options: []*cliv1.BuildOptions{
+			{
+				Command: cliv1.Command_COMMAND_BUILD,
+				Tags:    []string{image},
+			},
+		},
+	}
+
+	build, err := build.NewBuild(ctx, req, token)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create depot build: %w", err)
+	}
+	defer func() {
+		if returnErr != nil {
+			build.Finish(returnErr)
+		}
+	}()
+
+	ctx, cancel := context.WithCancel(ctx)
+	defer func() {
+		if returnErr != nil {
+			cancel()
+		}
+	}()
+
+	buildkitMachine, err := machine.Acquire(ctx, build.ID, build.Token, platform)
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		if returnErr != nil {
+			_ = buildkitMachine.Release()
+		}
+	}()
+
+	timeoutCtx, timeoutCancel := context.WithTimeout(ctx, 5*time.Minute)
+	defer timeoutCancel()
+
+	buildkitClient, err := buildkitMachine.Connect(timeoutCtx)
+	if err != nil {
+		return nil, err
+	}
+
+	return &builder{
+		project: project,
+		token:   token,
+		machine: buildkitMachine,
+		build:   &build,
+		client:  buildkitClient,
+	}, nil
+}
diff --git a/pkg/controller/builder/builder.go b/pkg/controller/builder/builder.go
index 6c0997404..3809d7ee5 100644
--- a/pkg/controller/builder/builder.go
+++ b/pkg/controller/builder/builder.go
@@ -30,6 +30,11 @@ func createBuilderObjects(req router.Request, resp router.Response) (string, str
 		return "", "", nil, err
 	}
 
+	depotToken, depotProjectId, err := getDepotKey(req.Ctx, req.Client, builder.Namespace)
+	if err != nil {
+		return "", "", nil, err
+	}
+
 	registryDNS, err := imagesystem.GetClusterInternalRegistryDNSName(req.Ctx, req.Client)
 	if err != nil {
 		return "", "", nil, err
@@ -41,7 +46,7 @@ func createBuilderObjects(req router.Request, resp router.Response) (string, str
 	}
 
 	objs := imagesystem.BuilderObjects(name, system.ImagesNamespace, forNamespace, system.DefaultImage(),
-		pubKey, privKey, builder.Status.UUID, registryDNS, cfg)
+		pubKey, privKey, depotToken, depotProjectId, builder.Status.UUID, registryDNS, cfg)
 
 	if *cfg.BuilderPerProject {
 		resp.Objects(objs...)
diff --git a/pkg/controller/builder/depot.go b/pkg/controller/builder/depot.go
new file mode 100644
index 000000000..c5137458e
--- /dev/null
+++ b/pkg/controller/builder/depot.go
@@ -0,0 +1,34 @@
+package builder
+
+import (
+	"context"
+
+	"github.com/acorn-io/baaah/pkg/router"
+	"github.com/acorn-io/runtime/pkg/config"
+	"github.com/acorn-io/runtime/pkg/system"
+	corev1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	kclient "sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+func getDepotKey(ctx context.Context, c kclient.Client, namespace string) (string, string, error) {
+	cfg, err := config.Get(ctx, c)
+	if err != nil {
+		return "", "", err
+	}
+
+	if *cfg.InternalRegistryPrefix == "" {
+		return "", "", nil
+	}
+
+	sec := &corev1.Secret{}
+	if err := c.Get(ctx, router.Key(namespace, "depot-builder-key"), sec); apierrors.IsNotFound(err) {
+		if err := c.Get(ctx, router.Key(system.ImagesNamespace, "depot-builder-key"), sec); apierrors.IsNotFound(err) {
+			return "", "", nil
+		}
+		return "", "", nil
+	} else if err != nil {
+		return "", "", err
+	}
+	return string(sec.Data["token"]), string(sec.Data["projectId"]), nil
+}
diff --git a/pkg/imagesystem/buildertemplate.go b/pkg/imagesystem/buildertemplate.go
index cf0ac3ce4..76ddb94ae 100644
--- a/pkg/imagesystem/buildertemplate.go
+++ b/pkg/imagesystem/buildertemplate.go
@@ -18,15 +18,17 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
-func BuilderObjects(name, namespace, forNamespace, buildKitImage, pub, privKey, builderUID, forwardAddress string, cfg *apiv1.Config) []client.Object {
+func BuilderObjects(name, namespace, forNamespace, buildKitImage, pub, privKey, depotToken, depotProjectId, builderUID, forwardAddress string, cfg *apiv1.Config) []client.Object {
 	secret := &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
 			Namespace: namespace,
 		},
 		Data: map[string][]byte{
-			"pub":  []byte(pub),
-			"priv": []byte(privKey),
+			"pub":            []byte(pub),
+			"priv":           []byte(privKey),
+			"depotToken":     []byte(depotToken),
+			"depotProjectId": []byte(depotProjectId),
 		},
 	}
 
@@ -137,6 +139,28 @@ func BuilderObjects(name, namespace, forNamespace, buildKitImage, pub, privKey,
 										},
 									},
 								},
+								{
+									Name: "DEPOT_TOKEN",
+									ValueFrom: &corev1.EnvVarSource{
+										SecretKeyRef: &corev1.SecretKeySelector{
+											LocalObjectReference: corev1.LocalObjectReference{
+												Name: name,
+											},
+											Key: "depotToken",
+										},
+									},
+								},
+								{
+									Name: "DEPOT_PROJECT_ID",
+									ValueFrom: &corev1.EnvVarSource{
+										SecretKeyRef: &corev1.SecretKeySelector{
+											LocalObjectReference: corev1.LocalObjectReference{
+												Name: name,
+											},
+											Key: "depotProjectId",
+										},
+									},
+								},
 							},
 							Args: []string{
 								"build-server",
@@ -184,6 +208,13 @@ func BuilderObjects(name, namespace, forNamespace, buildKitImage, pub, privKey,
 		},
 	}
 
+	if depotToken != "" && depotProjectId != "" {
+		// Drop buildkit
+		deployment.Spec.Template.Spec.Containers = []corev1.Container{
+			deployment.Spec.Template.Spec.Containers[1],
+		}
+	}
+
 	pdb := &policyv1.PodDisruptionBudget{
 		ObjectMeta: deployment.ObjectMeta,
 		Spec: policyv1.PodDisruptionBudgetSpec{
@@ -239,5 +270,6 @@ func BuilderObjects(name, namespace, forNamespace, buildKitImage, pub, privKey,
 			},
 		})
 	}
+
 	return []client.Object{secret, deployment, pdb, svc}
 }