From 1016c06c0c88fae4f1752bee413fcba3a1c5a0b0 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Thu, 29 Jun 2023 21:24:00 +0200 Subject: [PATCH] docs: move documentation for the secrets option to parameter list --- _docs/content/_index.md | 36 ++++-------------------- _docs/data/data.yaml | 61 ++++++++++++++++++++++++++++------------- 2 files changed, 48 insertions(+), 49 deletions(-) diff --git a/_docs/content/_index.md b/_docs/content/_index.md index bc166f6..ce1585e 100644 --- a/_docs/content/_index.md +++ b/_docs/content/_index.md @@ -27,7 +27,7 @@ The tags follow the major version of Docker, e.g. `20`, and the minor and patch Be aware that the this plugin requires [privileged](https://docs.drone.io/pipeline/docker/syntax/steps/#privileged-mode) capabilities, otherwise the integrated Docker daemon is not able to start. {{< /hint >}} -```YAML +```yaml kind: pipeline name: default @@ -58,7 +58,7 @@ If the created image is to be pushed to registries other than the default Docker **GHCR:** -```YAML +```yaml kind: pipeline name: default @@ -76,7 +76,7 @@ steps: **AWS ECR:** -```YAML +```yaml kind: pipeline name: default @@ -95,35 +95,11 @@ steps: tags: latest ``` -#### Expose secrets to the build - -The [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) can be used by the build using `RUN --mount=type=secret` mount. - -```Yaml -kind: pipeline -name: default - -steps: - - name: docker - image: thegeeklab/drone-docker-buildx:23 - privileged: true - environment: - SECURE_TOKEN: - from_secret: secure_token - settings: - secrets: - - "id=raw_file_secret\\\\,src=file.txt" - - 'id=other_raw_file_secret\\,src=other_file.txt' - - "id=SECRET_TOKEN" -``` - -To use secrets from files a [host volume](https://docs.drone.io/pipeline/docker/syntax/volumes/host/) is required. This should be used with caution and avoided whenever possible. - ## Build Build the binary with the following command: -```Shell +```shell export GOOS=linux export GOARCH=amd64 export CGO_ENABLED=0 @@ -134,13 +110,13 @@ make build Build the Docker image with the following command: -```Shell +```shell docker build --file docker/Dockerfile.amd64 --tag thegeeklab/drone-docker-buildx . ``` ## Test -```Shell +```shell docker run --rm \ -e PLUGIN_TAG=latest \ -e PLUGIN_REPO=octocat/hello-world \ diff --git a/_docs/data/data.yaml b/_docs/data/data.yaml index 05dcaa8..a15ec01 100644 --- a/_docs/data/data.yaml +++ b/_docs/data/data.yaml @@ -75,15 +75,16 @@ properties: description: | Content of the docker buildkit toml [config](https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md). Example: - ```TOML - - name: Build - image: thegeeklab/drone-docker-buildx:23 - settings: - repo: example/repo - buildkit_config: | - [registry."registry.local:30081"] - http = true - insecure = true + ```yaml + steps: + - name: Build + image: thegeeklab/drone-docker-buildx:23 + settings: + repo: example/repo + buildkit_config: | + [registry."registry.local:30081"] + http = true + insecure = true ``` type: string defaultValue: false @@ -163,15 +164,16 @@ properties: Images to consider as [cache sources](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-from). To properly work, commas used in the cache source entries need to be escaped: - ```Yaml - - name: Build - image: thegeeklab/drone-docker-buildx:23 - settings: - repo: example/repo - cache_from: - # using quotes double-escaping is required - - "type=registry\\\\,ref=example" - - 'type=foo\\,ref=bar' + ```yaml + steps: + - name: Build + image: thegeeklab/drone-docker-buildx:23 + settings: + repo: example/repo + cache_from: + # while using quotes, double-escaping is required + - "type=registry\\\\,ref=example" + - 'type=foo\\,ref=bar' ``` type: list required: false @@ -267,6 +269,27 @@ properties: required: false - name: secrets - description: Exposes [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to the build. + description: | + The [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) can be used by the build + using `RUN --mount=type=secret` mount. + + ```yaml + steps: + - name: Build + image: thegeeklab/drone-docker-buildx:23 + privileged: true + environment: + SECURE_TOKEN: + from_secret: secure_token + settings: + secrets: + # while using quotes, double-escaping is required + - "id=raw_file_secret\\\\,src=file.txt" + - 'id=other_raw_file_secret\\,src=other_file.txt' + - "id=SECRET_TOKEN" + ``` + + To use secrets from files a [host volume](https://docs.drone.io/pipeline/docker/syntax/volumes/host/) is required. + This should be used with caution and avoided whenever possible. type: list required: false