docs: add usage exaple for docker build secrets

This commit is contained in:
Robert Kaussow 2023-06-28 20:37:07 +02:00
parent a572b72527
commit b184024ef9
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
4 changed files with 26 additions and 3 deletions

View File

@ -95,6 +95,29 @@ steps:
tags: latest
```
#### Expose secrets to the build
The [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) can be used by the build using `RUN --mount=type=secret` mount.
```Yaml
kind: pipeline
name: default
steps:
- name: docker
image: thegeeklab/drone-docker-buildx:23
privileged: true
environment:
SECURE_TOKEN:
from_secret: secure_token
settings:
secrets:
- "id=raw_file_secret,src=file.txt"
- "id=SECRET_TOKEN"
```
To use secrets from files a [host volume](https://docs.drone.io/pipeline/docker/syntax/volumes/host/) is required. This should be used with caution and avoided whenever possible.
## Build
Build the binary with the following command:

View File

@ -267,6 +267,6 @@ properties:
required: false
- name: secrets
description: Pass [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) when building.
description: Exposes [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to the build.
type: list
required: false

View File

@ -324,7 +324,7 @@ func settingsFlags(settings *plugin.Settings, category string) []cli.Flag {
&cli.StringSliceFlag{
Name: "secrets",
EnvVars: []string{"PLUGIN_SECRETS"},
Usage: "secret key-value pairs",
Usage: "exposes secrets to the build",
Destination: &settings.Build.Secrets,
Category: category,
},

View File

@ -65,7 +65,7 @@ type Build struct {
Labels cli.StringSlice // Docker build labels
Provenance string // Docker build provenance attestation
SBOM string // Docker build sbom attestation
Secrets cli.StringSlice // Docker build secret key-pairs
Secrets cli.StringSlice // Docker build secrets
}
// Settings for the Plugin.