feat: add support for docker build secrets (#282)

2023-06-28 21:26:07 +03:00 · 2023-06-28 21:26:07 +03:00 · a572b72527
parent 471b9e046d
commit a572b72527
4 changed files with 17 additions and 0 deletions
--- a/_docs/data/data.yaml
+++ b/_docs/data/data.yaml
@ -265,3 +265,8 @@ properties:
    description: Generate [sbom](https://docs.docker.com/build/attestations/sbom/) attestation for the build (shorthand for `--attest type=sbom`).
    type: string
    required: false
+
+  - name: secrets
+    description: Pass [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) when building.
+    type: list
+    required: false
--- a/cmd/drone-docker-buildx/config.go
+++ b/cmd/drone-docker-buildx/config.go
@ -321,5 +321,12 @@ func settingsFlags(settings *plugin.Settings, category string) []cli.Flag {
 			Destination: &settings.Build.SBOM,
 			Category:    category,
 		},
+		&cli.StringSliceFlag{
+			Name:        "secrets",
+			EnvVars:     []string{"PLUGIN_SECRETS"},
+			Usage:       "secret key-value pairs",
+			Destination: &settings.Build.Secrets,
+			Category:    category,
+		},
 	}
 }
--- a/plugin/docker.go
+++ b/plugin/docker.go
@ -160,6 +160,10 @@ func commandBuild(build Build, dryrun bool) *execabs.Cmd {
 		args = append(args, "--sbom", build.SBOM)
 	}

+	for _, secret := range build.Secrets.Value() {
+		args = append(args, "--secret", secret)
+	}
+
 	return execabs.Command(dockerBin, args...)
 }

--- a/plugin/impl.go
+++ b/plugin/impl.go
@ -65,6 +65,7 @@ type Build struct {
 	Labels       cli.StringSlice // Docker build labels
 	Provenance   string          // Docker build provenance attestation
 	SBOM         string          // Docker build sbom attestation
+	Secrets      cli.StringSlice // Docker build secret key-pairs
 }

 // Settings for the Plugin.