Drop `secrets-from-env` and `secrets-from-file`
This commit is contained in:
parent
775598c029
commit
5ffed577b2
|
@ -266,17 +266,7 @@ properties:
|
|||
type: string
|
||||
required: false
|
||||
|
||||
- name: secret
|
||||
description: Pass [secret](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) when building.
|
||||
type: string
|
||||
required: false
|
||||
|
||||
- name: secrets-from-env
|
||||
description: Pass [env secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#env) when building (shorthand for `--secret id=SECRET_TOKEN`).
|
||||
- name: secrets
|
||||
description: Pass [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) when building.
|
||||
type: list
|
||||
required: false
|
||||
|
||||
- name: secrets-from-file
|
||||
description: Pass [file secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#file) when building (shorthand for `--secret id=file,src=FILE_NAME`).
|
||||
type: list
|
||||
required: false
|
|
@ -321,25 +321,11 @@ func settingsFlags(settings *plugin.Settings, category string) []cli.Flag {
|
|||
Destination: &settings.Build.SBOM,
|
||||
Category: category,
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "secret",
|
||||
EnvVars: []string{"PLUGIN_SECRET"},
|
||||
Usage: "secret key value pair eg id=MYSECRET",
|
||||
Destination: &settings.Build.Secret,
|
||||
Category: category,
|
||||
},
|
||||
&cli.StringSliceFlag{
|
||||
Name: "secrets-from-env",
|
||||
EnvVars: []string{"PLUGIN_SECRETS_FROM_ENV"},
|
||||
Usage: "secret key value pair eg secret_name=secret",
|
||||
Destination: &settings.Build.SecretEnvs,
|
||||
Category: category,
|
||||
},
|
||||
&cli.StringSliceFlag{
|
||||
Name: "secrets-from-file",
|
||||
EnvVars: []string{"PLUGIN_SECRETS_FROM_FILE"},
|
||||
Usage: "secret key value pairs eg secret_name=/path/to/secret",
|
||||
Destination: &settings.Build.SecretFiles,
|
||||
Name: "secrets",
|
||||
EnvVars: []string{"PLUGIN_SECRETS"},
|
||||
Usage: "secret key-value pairs",
|
||||
Destination: &settings.Build.Secrets,
|
||||
Category: category,
|
||||
},
|
||||
}
|
||||
|
|
|
@ -163,56 +163,13 @@ func commandBuild(build Build, dryrun bool) *execabs.Cmd {
|
|||
args = append(args, "--sbom", build.SBOM)
|
||||
}
|
||||
|
||||
if build.Secret != "" {
|
||||
args = append(args, "--secret", build.Secret)
|
||||
}
|
||||
|
||||
for _, secret := range build.SecretEnvs.Value() {
|
||||
if arg, err := getSecretStringCmdArg(secret); err == nil {
|
||||
args = append(args, "--secret", arg)
|
||||
}
|
||||
}
|
||||
|
||||
for _, secret := range build.SecretFiles.Value() {
|
||||
if arg, err := getSecretFileCmdArg(secret); err == nil {
|
||||
args = append(args, "--secret", arg)
|
||||
}
|
||||
for _, secret := range build.Secrets.Value() {
|
||||
args = append(args, "--secret", secret)
|
||||
}
|
||||
|
||||
return execabs.Command(dockerBin, args...)
|
||||
}
|
||||
|
||||
// helper function to parse string secret key-pair.
|
||||
func getSecretStringCmdArg(kvp string) (string, error) {
|
||||
return getSecretCmdArg(kvp, false)
|
||||
}
|
||||
|
||||
// helper function to parse file secret key-pair.
|
||||
func getSecretFileCmdArg(kvp string) (string, error) {
|
||||
return getSecretCmdArg(kvp, true)
|
||||
}
|
||||
|
||||
// helper function to parse secret key-pair.
|
||||
func getSecretCmdArg(kvp string, file bool) (string, error) {
|
||||
delimIndex := strings.IndexByte(kvp, '=')
|
||||
if delimIndex == -1 {
|
||||
return "", errInvalidSecret
|
||||
}
|
||||
|
||||
key := kvp[:delimIndex]
|
||||
value := kvp[delimIndex+1:]
|
||||
|
||||
if key == "" || value == "" {
|
||||
return "", errInvalidSecret
|
||||
}
|
||||
|
||||
if file {
|
||||
return fmt.Sprintf("id=%s,src=%s", key, value), nil
|
||||
}
|
||||
|
||||
return fmt.Sprintf("id=%s,env=%s", key, value), nil
|
||||
}
|
||||
|
||||
// helper function to add proxy values from the environment.
|
||||
func addProxyBuildArgs(build *Build) {
|
||||
addProxyValue(build, "http_proxy")
|
||||
|
|
|
@ -65,9 +65,7 @@ type Build struct {
|
|||
Labels cli.StringSlice // Docker build labels
|
||||
Provenance string // Docker build provenance attestation
|
||||
SBOM string // Docker build sbom attestation
|
||||
Secret string // Docker build secret keypair
|
||||
SecretEnvs cli.StringSlice // Docker build secrets with env var as source
|
||||
SecretFiles cli.StringSlice // Docker build secrets with file as source
|
||||
Secrets cli.StringSlice // Docker build secret key-pairs
|
||||
}
|
||||
|
||||
// Settings for the Plugin.
|
||||
|
|
Loading…
Reference in New Issue