docs: move documentation for the secrets option to parameter list

This commit is contained in:
Robert Kaussow 2023-06-29 21:24:00 +02:00
parent 89db4c201e
commit 1016c06c0c
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
2 changed files with 48 additions and 49 deletions

View File

@ -27,7 +27,7 @@ The tags follow the major version of Docker, e.g. `20`, and the minor and patch
Be aware that the this plugin requires [privileged](https://docs.drone.io/pipeline/docker/syntax/steps/#privileged-mode) capabilities, otherwise the integrated Docker daemon is not able to start.
{{< /hint >}}
```YAML
```yaml
kind: pipeline
name: default
@ -58,7 +58,7 @@ If the created image is to be pushed to registries other than the default Docker
**GHCR:**
```YAML
```yaml
kind: pipeline
name: default
@ -76,7 +76,7 @@ steps:
**AWS ECR:**
```YAML
```yaml
kind: pipeline
name: default
@ -95,35 +95,11 @@ steps:
tags: latest
```
#### Expose secrets to the build
The [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) can be used by the build using `RUN --mount=type=secret` mount.
```Yaml
kind: pipeline
name: default
steps:
- name: docker
image: thegeeklab/drone-docker-buildx:23
privileged: true
environment:
SECURE_TOKEN:
from_secret: secure_token
settings:
secrets:
- "id=raw_file_secret\\\\,src=file.txt"
- 'id=other_raw_file_secret\\,src=other_file.txt'
- "id=SECRET_TOKEN"
```
To use secrets from files a [host volume](https://docs.drone.io/pipeline/docker/syntax/volumes/host/) is required. This should be used with caution and avoided whenever possible.
## Build
Build the binary with the following command:
```Shell
```shell
export GOOS=linux
export GOARCH=amd64
export CGO_ENABLED=0
@ -134,13 +110,13 @@ make build
Build the Docker image with the following command:
```Shell
```shell
docker build --file docker/Dockerfile.amd64 --tag thegeeklab/drone-docker-buildx .
```
## Test
```Shell
```shell
docker run --rm \
-e PLUGIN_TAG=latest \
-e PLUGIN_REPO=octocat/hello-world \

View File

@ -75,15 +75,16 @@ properties:
description: |
Content of the docker buildkit toml [config](https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md). Example:
```TOML
- name: Build
image: thegeeklab/drone-docker-buildx:23
settings:
repo: example/repo
buildkit_config: |
[registry."registry.local:30081"]
http = true
insecure = true
```yaml
steps:
- name: Build
image: thegeeklab/drone-docker-buildx:23
settings:
repo: example/repo
buildkit_config: |
[registry."registry.local:30081"]
http = true
insecure = true
```
type: string
defaultValue: false
@ -163,15 +164,16 @@ properties:
Images to consider as [cache sources](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-from). To properly work,
commas used in the cache source entries need to be escaped:
```Yaml
- name: Build
image: thegeeklab/drone-docker-buildx:23
settings:
repo: example/repo
cache_from:
# using quotes double-escaping is required
- "type=registry\\\\,ref=example"
- 'type=foo\\,ref=bar'
```yaml
steps:
- name: Build
image: thegeeklab/drone-docker-buildx:23
settings:
repo: example/repo
cache_from:
# while using quotes, double-escaping is required
- "type=registry\\\\,ref=example"
- 'type=foo\\,ref=bar'
```
type: list
required: false
@ -267,6 +269,27 @@ properties:
required: false
- name: secrets
description: Exposes [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to the build.
description: |
The [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) can be used by the build
using `RUN --mount=type=secret` mount.
```yaml
steps:
- name: Build
image: thegeeklab/drone-docker-buildx:23
privileged: true
environment:
SECURE_TOKEN:
from_secret: secure_token
settings:
secrets:
# while using quotes, double-escaping is required
- "id=raw_file_secret\\\\,src=file.txt"
- 'id=other_raw_file_secret\\,src=other_file.txt'
- "id=SECRET_TOKEN"
```
To use secrets from files a [host volume](https://docs.drone.io/pipeline/docker/syntax/volumes/host/) is required.
This should be used with caution and avoided whenever possible.
type: list
required: false