mirror of
https://github.com/thegeeklab/drone-docker-buildx.git
synced 2024-06-03 00:49:41 +02:00
Drop secrets-from-env
and secrets-from-file
This commit is contained in:
parent
775598c029
commit
5ffed577b2
|
@ -266,17 +266,7 @@ properties:
|
||||||
type: string
|
type: string
|
||||||
required: false
|
required: false
|
||||||
|
|
||||||
- name: secret
|
- name: secrets
|
||||||
description: Pass [secret](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) when building.
|
description: Pass [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) when building.
|
||||||
type: string
|
|
||||||
required: false
|
|
||||||
|
|
||||||
- name: secrets-from-env
|
|
||||||
description: Pass [env secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#env) when building (shorthand for `--secret id=SECRET_TOKEN`).
|
|
||||||
type: list
|
|
||||||
required: false
|
|
||||||
|
|
||||||
- name: secrets-from-file
|
|
||||||
description: Pass [file secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#file) when building (shorthand for `--secret id=file,src=FILE_NAME`).
|
|
||||||
type: list
|
type: list
|
||||||
required: false
|
required: false
|
|
@ -321,25 +321,11 @@ func settingsFlags(settings *plugin.Settings, category string) []cli.Flag {
|
||||||
Destination: &settings.Build.SBOM,
|
Destination: &settings.Build.SBOM,
|
||||||
Category: category,
|
Category: category,
|
||||||
},
|
},
|
||||||
&cli.StringFlag{
|
|
||||||
Name: "secret",
|
|
||||||
EnvVars: []string{"PLUGIN_SECRET"},
|
|
||||||
Usage: "secret key value pair eg id=MYSECRET",
|
|
||||||
Destination: &settings.Build.Secret,
|
|
||||||
Category: category,
|
|
||||||
},
|
|
||||||
&cli.StringSliceFlag{
|
&cli.StringSliceFlag{
|
||||||
Name: "secrets-from-env",
|
Name: "secrets",
|
||||||
EnvVars: []string{"PLUGIN_SECRETS_FROM_ENV"},
|
EnvVars: []string{"PLUGIN_SECRETS"},
|
||||||
Usage: "secret key value pair eg secret_name=secret",
|
Usage: "secret key-value pairs",
|
||||||
Destination: &settings.Build.SecretEnvs,
|
Destination: &settings.Build.Secrets,
|
||||||
Category: category,
|
|
||||||
},
|
|
||||||
&cli.StringSliceFlag{
|
|
||||||
Name: "secrets-from-file",
|
|
||||||
EnvVars: []string{"PLUGIN_SECRETS_FROM_FILE"},
|
|
||||||
Usage: "secret key value pairs eg secret_name=/path/to/secret",
|
|
||||||
Destination: &settings.Build.SecretFiles,
|
|
||||||
Category: category,
|
Category: category,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
@ -163,56 +163,13 @@ func commandBuild(build Build, dryrun bool) *execabs.Cmd {
|
||||||
args = append(args, "--sbom", build.SBOM)
|
args = append(args, "--sbom", build.SBOM)
|
||||||
}
|
}
|
||||||
|
|
||||||
if build.Secret != "" {
|
for _, secret := range build.Secrets.Value() {
|
||||||
args = append(args, "--secret", build.Secret)
|
args = append(args, "--secret", secret)
|
||||||
}
|
|
||||||
|
|
||||||
for _, secret := range build.SecretEnvs.Value() {
|
|
||||||
if arg, err := getSecretStringCmdArg(secret); err == nil {
|
|
||||||
args = append(args, "--secret", arg)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, secret := range build.SecretFiles.Value() {
|
|
||||||
if arg, err := getSecretFileCmdArg(secret); err == nil {
|
|
||||||
args = append(args, "--secret", arg)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return execabs.Command(dockerBin, args...)
|
return execabs.Command(dockerBin, args...)
|
||||||
}
|
}
|
||||||
|
|
||||||
// helper function to parse string secret key-pair.
|
|
||||||
func getSecretStringCmdArg(kvp string) (string, error) {
|
|
||||||
return getSecretCmdArg(kvp, false)
|
|
||||||
}
|
|
||||||
|
|
||||||
// helper function to parse file secret key-pair.
|
|
||||||
func getSecretFileCmdArg(kvp string) (string, error) {
|
|
||||||
return getSecretCmdArg(kvp, true)
|
|
||||||
}
|
|
||||||
|
|
||||||
// helper function to parse secret key-pair.
|
|
||||||
func getSecretCmdArg(kvp string, file bool) (string, error) {
|
|
||||||
delimIndex := strings.IndexByte(kvp, '=')
|
|
||||||
if delimIndex == -1 {
|
|
||||||
return "", errInvalidSecret
|
|
||||||
}
|
|
||||||
|
|
||||||
key := kvp[:delimIndex]
|
|
||||||
value := kvp[delimIndex+1:]
|
|
||||||
|
|
||||||
if key == "" || value == "" {
|
|
||||||
return "", errInvalidSecret
|
|
||||||
}
|
|
||||||
|
|
||||||
if file {
|
|
||||||
return fmt.Sprintf("id=%s,src=%s", key, value), nil
|
|
||||||
}
|
|
||||||
|
|
||||||
return fmt.Sprintf("id=%s,env=%s", key, value), nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// helper function to add proxy values from the environment.
|
// helper function to add proxy values from the environment.
|
||||||
func addProxyBuildArgs(build *Build) {
|
func addProxyBuildArgs(build *Build) {
|
||||||
addProxyValue(build, "http_proxy")
|
addProxyValue(build, "http_proxy")
|
||||||
|
|
|
@ -65,9 +65,7 @@ type Build struct {
|
||||||
Labels cli.StringSlice // Docker build labels
|
Labels cli.StringSlice // Docker build labels
|
||||||
Provenance string // Docker build provenance attestation
|
Provenance string // Docker build provenance attestation
|
||||||
SBOM string // Docker build sbom attestation
|
SBOM string // Docker build sbom attestation
|
||||||
Secret string // Docker build secret keypair
|
Secrets cli.StringSlice // Docker build secret key-pairs
|
||||||
SecretEnvs cli.StringSlice // Docker build secrets with env var as source
|
|
||||||
SecretFiles cli.StringSlice // Docker build secrets with file as source
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Settings for the Plugin.
|
// Settings for the Plugin.
|
||||||
|
|
Loading…
Reference in New Issue
Block a user