diff --git a/_docs/data/data.yaml b/_docs/data/data.yaml index 113b35a..181bda8 100644 --- a/_docs/data/data.yaml +++ b/_docs/data/data.yaml @@ -266,17 +266,7 @@ properties: type: string required: false - - name: secret - description: Pass [secret](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) when building. - type: string - required: false - - - name: secrets-from-env - description: Pass [env secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#env) when building (shorthand for `--secret id=SECRET_TOKEN`). + - name: secrets + description: Pass [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) when building. type: list required: false - - - name: secrets-from-file - description: Pass [file secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#file) when building (shorthand for `--secret id=file,src=FILE_NAME`). - type: list - required: false \ No newline at end of file diff --git a/cmd/drone-docker-buildx/config.go b/cmd/drone-docker-buildx/config.go index cc0ffe5..479d720 100644 --- a/cmd/drone-docker-buildx/config.go +++ b/cmd/drone-docker-buildx/config.go @@ -321,25 +321,11 @@ func settingsFlags(settings *plugin.Settings, category string) []cli.Flag { Destination: &settings.Build.SBOM, Category: category, }, - &cli.StringFlag{ - Name: "secret", - EnvVars: []string{"PLUGIN_SECRET"}, - Usage: "secret key value pair eg id=MYSECRET", - Destination: &settings.Build.Secret, - Category: category, - }, &cli.StringSliceFlag{ - Name: "secrets-from-env", - EnvVars: []string{"PLUGIN_SECRETS_FROM_ENV"}, - Usage: "secret key value pair eg secret_name=secret", - Destination: &settings.Build.SecretEnvs, - Category: category, - }, - &cli.StringSliceFlag{ - Name: "secrets-from-file", - EnvVars: []string{"PLUGIN_SECRETS_FROM_FILE"}, - Usage: "secret key value pairs eg secret_name=/path/to/secret", - Destination: &settings.Build.SecretFiles, + Name: "secrets", + EnvVars: []string{"PLUGIN_SECRETS"}, + Usage: "secret key-value pairs", + Destination: &settings.Build.Secrets, Category: category, }, } diff --git a/plugin/docker.go b/plugin/docker.go index fbb814c..7afb946 100644 --- a/plugin/docker.go +++ b/plugin/docker.go @@ -163,56 +163,13 @@ func commandBuild(build Build, dryrun bool) *execabs.Cmd { args = append(args, "--sbom", build.SBOM) } - if build.Secret != "" { - args = append(args, "--secret", build.Secret) - } - - for _, secret := range build.SecretEnvs.Value() { - if arg, err := getSecretStringCmdArg(secret); err == nil { - args = append(args, "--secret", arg) - } - } - - for _, secret := range build.SecretFiles.Value() { - if arg, err := getSecretFileCmdArg(secret); err == nil { - args = append(args, "--secret", arg) - } + for _, secret := range build.Secrets.Value() { + args = append(args, "--secret", secret) } return execabs.Command(dockerBin, args...) } -// helper function to parse string secret key-pair. -func getSecretStringCmdArg(kvp string) (string, error) { - return getSecretCmdArg(kvp, false) -} - -// helper function to parse file secret key-pair. -func getSecretFileCmdArg(kvp string) (string, error) { - return getSecretCmdArg(kvp, true) -} - -// helper function to parse secret key-pair. -func getSecretCmdArg(kvp string, file bool) (string, error) { - delimIndex := strings.IndexByte(kvp, '=') - if delimIndex == -1 { - return "", errInvalidSecret - } - - key := kvp[:delimIndex] - value := kvp[delimIndex+1:] - - if key == "" || value == "" { - return "", errInvalidSecret - } - - if file { - return fmt.Sprintf("id=%s,src=%s", key, value), nil - } - - return fmt.Sprintf("id=%s,env=%s", key, value), nil -} - // helper function to add proxy values from the environment. func addProxyBuildArgs(build *Build) { addProxyValue(build, "http_proxy") diff --git a/plugin/impl.go b/plugin/impl.go index 7a18398..b4cfeca 100644 --- a/plugin/impl.go +++ b/plugin/impl.go @@ -65,9 +65,7 @@ type Build struct { Labels cli.StringSlice // Docker build labels Provenance string // Docker build provenance attestation SBOM string // Docker build sbom attestation - Secret string // Docker build secret keypair - SecretEnvs cli.StringSlice // Docker build secrets with env var as source - SecretFiles cli.StringSlice // Docker build secrets with file as source + Secrets cli.StringSlice // Docker build secret key-pairs } // Settings for the Plugin.