mirror of
https://github.com/thegeeklab/drone-docker-buildx.git
synced 2024-11-16 09:30:41 +00:00
docs: add usage exaple for docker build secrets
This commit is contained in:
parent
a572b72527
commit
b184024ef9
@ -95,6 +95,29 @@ steps:
|
||||
tags: latest
|
||||
```
|
||||
|
||||
#### Expose secrets to the build
|
||||
|
||||
The [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) can be used by the build using `RUN --mount=type=secret` mount.
|
||||
|
||||
```Yaml
|
||||
kind: pipeline
|
||||
name: default
|
||||
|
||||
steps:
|
||||
- name: docker
|
||||
image: thegeeklab/drone-docker-buildx:23
|
||||
privileged: true
|
||||
environment:
|
||||
SECURE_TOKEN:
|
||||
from_secret: secure_token
|
||||
settings:
|
||||
secrets:
|
||||
- "id=raw_file_secret,src=file.txt"
|
||||
- "id=SECRET_TOKEN"
|
||||
```
|
||||
|
||||
To use secrets from files a [host volume](https://docs.drone.io/pipeline/docker/syntax/volumes/host/) is required. This should be used with caution and avoided whenever possible.
|
||||
|
||||
## Build
|
||||
|
||||
Build the binary with the following command:
|
||||
|
@ -267,6 +267,6 @@ properties:
|
||||
required: false
|
||||
|
||||
- name: secrets
|
||||
description: Pass [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) when building.
|
||||
description: Exposes [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to the build.
|
||||
type: list
|
||||
required: false
|
||||
|
@ -324,7 +324,7 @@ func settingsFlags(settings *plugin.Settings, category string) []cli.Flag {
|
||||
&cli.StringSliceFlag{
|
||||
Name: "secrets",
|
||||
EnvVars: []string{"PLUGIN_SECRETS"},
|
||||
Usage: "secret key-value pairs",
|
||||
Usage: "exposes secrets to the build",
|
||||
Destination: &settings.Build.Secrets,
|
||||
Category: category,
|
||||
},
|
||||
|
@ -65,7 +65,7 @@ type Build struct {
|
||||
Labels cli.StringSlice // Docker build labels
|
||||
Provenance string // Docker build provenance attestation
|
||||
SBOM string // Docker build sbom attestation
|
||||
Secrets cli.StringSlice // Docker build secret key-pairs
|
||||
Secrets cli.StringSlice // Docker build secrets
|
||||
}
|
||||
|
||||
// Settings for the Plugin.
|
||||
|
Loading…
Reference in New Issue
Block a user