Drop `secrets-from-env` and `secrets-from-file`

2023-06-28 16:19:46 +03:00 · 2023-06-28 16:19:46 +03:00 · 5ffed577b2
parent 775598c029
commit 5ffed577b2
4 changed files with 9 additions and 78 deletions
--- a/_docs/data/data.yaml
+++ b/_docs/data/data.yaml
@ -266,17 +266,7 @@ properties:
    type: string
    required: false

-  - name: secret
-    description: Pass [secret](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) when building.
-    type: string
-    required: false
-
-  - name: secrets-from-env
-    description: Pass [env secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#env) when building (shorthand for `--secret id=SECRET_TOKEN`).
+  - name: secrets
+    description: Pass [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) when building.
    type: list
    required: false
-
-  - name: secrets-from-file
-    description: Pass [file secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#file) when building (shorthand for `--secret id=file,src=FILE_NAME`).
-    type: list
-    required: false
--- a/cmd/drone-docker-buildx/config.go
+++ b/cmd/drone-docker-buildx/config.go
@ -321,25 +321,11 @@ func settingsFlags(settings *plugin.Settings, category string) []cli.Flag {
 			Destination: &settings.Build.SBOM,
 			Category:    category,
 		},
-		&cli.StringFlag{
-			Name:        "secret",
-			EnvVars:     []string{"PLUGIN_SECRET"},
-			Usage:       "secret key value pair eg id=MYSECRET",
-			Destination: &settings.Build.Secret,
-			Category:    category,
-		},
 		&cli.StringSliceFlag{
-			Name:        "secrets-from-env",
-			EnvVars:     []string{"PLUGIN_SECRETS_FROM_ENV"},
-			Usage:       "secret key value pair eg secret_name=secret",
-			Destination: &settings.Build.SecretEnvs,
-			Category:    category,
-		},
-		&cli.StringSliceFlag{
-			Name:        "secrets-from-file",
-			EnvVars:     []string{"PLUGIN_SECRETS_FROM_FILE"},
-			Usage:       "secret key value pairs eg secret_name=/path/to/secret",
-			Destination: &settings.Build.SecretFiles,
+			Name:        "secrets",
+			EnvVars:     []string{"PLUGIN_SECRETS"},
+			Usage:       "secret key-value pairs",
+			Destination: &settings.Build.Secrets,
 			Category:    category,
 		},
 	}
--- a/plugin/docker.go
+++ b/plugin/docker.go
@ -163,56 +163,13 @@ func commandBuild(build Build, dryrun bool) *execabs.Cmd {
 		args = append(args, "--sbom", build.SBOM)
 	}

-	if build.Secret != "" {
-		args = append(args, "--secret", build.Secret)
-	}
-
-	for _, secret := range build.SecretEnvs.Value() {
-		if arg, err := getSecretStringCmdArg(secret); err == nil {
-			args = append(args, "--secret", arg)
-		}
-	}
-
-	for _, secret := range build.SecretFiles.Value() {
-		if arg, err := getSecretFileCmdArg(secret); err == nil {
-			args = append(args, "--secret", arg)
-		}
+	for _, secret := range build.Secrets.Value() {
+		args = append(args, "--secret", secret)
 	}

 	return execabs.Command(dockerBin, args...)
 }

-// helper function to parse string secret key-pair.
-func getSecretStringCmdArg(kvp string) (string, error) {
-	return getSecretCmdArg(kvp, false)
-}
-
-// helper function to parse file secret key-pair.
-func getSecretFileCmdArg(kvp string) (string, error) {
-	return getSecretCmdArg(kvp, true)
-}
-
-// helper function to parse secret key-pair.
-func getSecretCmdArg(kvp string, file bool) (string, error) {
-	delimIndex := strings.IndexByte(kvp, '=')
-	if delimIndex == -1 {
-		return "", errInvalidSecret
-	}
-
-	key := kvp[:delimIndex]
-	value := kvp[delimIndex+1:]
-
-	if key == "" || value == "" {
-		return "", errInvalidSecret
-	}
-
-	if file {
-		return fmt.Sprintf("id=%s,src=%s", key, value), nil
-	}
-
-	return fmt.Sprintf("id=%s,env=%s", key, value), nil
-}
-
 // helper function to add proxy values from the environment.
 func addProxyBuildArgs(build *Build) {
 	addProxyValue(build, "http_proxy")
--- a/plugin/impl.go
+++ b/plugin/impl.go
@ -65,9 +65,7 @@ type Build struct {
 	Labels       cli.StringSlice // Docker build labels
 	Provenance   string          // Docker build provenance attestation
 	SBOM         string          // Docker build sbom attestation
-	Secret       string          // Docker build secret keypair
-	SecretEnvs   cli.StringSlice // Docker build secrets with env var as source
-	SecretFiles  cli.StringSlice // Docker build secrets with file as source
+	Secrets      cli.StringSlice // Docker build secret key-pairs
 }

 // Settings for the Plugin.