github
/
drone-docker-buildx
mirror of https://github.com/thegeeklab/drone-docker-buildx.git
0
0
Fork 0
Code Issues Projects Releases Wiki Activity

docs: move documentation for the secrets option to parameter list (#286)

This commit is contained in:
Robert Kaussow 2023-06-29 21:30:58 +02:00 committed by GitHub
parent 89db4c201e
commit d16fd6376b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 48 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
_docs/content/_index.md
View File

@ -27,7 +27,7 @@ The tags follow the major version of Docker, e.g. `20`, and the minor and patch
Be aware that the this plugin requires [privileged](https://docs.drone.io/pipeline/docker/syntax/steps/#privileged-mode) capabilities, otherwise the integrated Docker daemon is not able to start. Be aware that the this plugin requires [privileged](https://docs.drone.io/pipeline/docker/syntax/steps/#privileged-mode) capabilities, otherwise the integrated Docker daemon is not able to start.
{{< /hint >}} {{< /hint >}}
```YAML ```yaml
kind: pipeline kind: pipeline
name: default name: default
@ -58,7 +58,7 @@ If the created image is to be pushed to registries other than the default Docker
**GHCR:** **GHCR:**
```YAML ```yaml
kind: pipeline kind: pipeline
name: default name: default
@ -76,7 +76,7 @@ steps:
**AWS ECR:** **AWS ECR:**
```YAML ```yaml
kind: pipeline kind: pipeline
name: default name: default
@ -95,35 +95,11 @@ steps:
tags: latest tags: latest
``` ```
#### Expose secrets to the build
The [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) can be used by the build using `RUN --mount=type=secret` mount.
```Yaml
kind: pipeline
name: default
steps:
- name: docker
image: thegeeklab/drone-docker-buildx:23
privileged: true
environment:
SECURE_TOKEN:
from_secret: secure_token
settings:
secrets:
- "id=raw_file_secret\\\\,src=file.txt"
- 'id=other_raw_file_secret\\,src=other_file.txt'
- "id=SECRET_TOKEN"
```
To use secrets from files a [host volume](https://docs.drone.io/pipeline/docker/syntax/volumes/host/) is required. This should be used with caution and avoided whenever possible.
## Build ## Build
Build the binary with the following command: Build the binary with the following command:
```Shell ```shell
export GOOS=linux export GOOS=linux
export GOARCH=amd64 export GOARCH=amd64
export CGO_ENABLED=0 export CGO_ENABLED=0
@ -134,13 +110,13 @@ make build
Build the Docker image with the following command: Build the Docker image with the following command:
```Shell ```shell
docker build --file docker/Dockerfile.amd64 --tag thegeeklab/drone-docker-buildx . docker build --file docker/Dockerfile.amd64 --tag thegeeklab/drone-docker-buildx .
``` ```
## Test ## Test
```Shell ```shell
docker run --rm \ docker run --rm \
-e PLUGIN_TAG=latest \ -e PLUGIN_TAG=latest \
-e PLUGIN_REPO=octocat/hello-world \ -e PLUGIN_REPO=octocat/hello-world \

61
_docs/data/data.yaml
View File

@ -75,15 +75,16 @@ properties:
description: | description: |
Content of the docker buildkit toml [config](https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md). Example: Content of the docker buildkit toml [config](https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md). Example:
```TOML ```yaml
- name: Build steps:
image: thegeeklab/drone-docker-buildx:23 - name: Build
settings: image: thegeeklab/drone-docker-buildx:23
repo: example/repo settings:
buildkit_config: | repo: example/repo
[registry."registry.local:30081"] buildkit_config: |
http = true [registry."registry.local:30081"]
insecure = true http = true
insecure = true
``` ```
type: string type: string
defaultValue: false defaultValue: false
@ -163,15 +164,16 @@ properties:
Images to consider as [cache sources](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-from). To properly work, Images to consider as [cache sources](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-from). To properly work,
commas used in the cache source entries need to be escaped: commas used in the cache source entries need to be escaped:
```Yaml ```yaml
- name: Build steps:
image: thegeeklab/drone-docker-buildx:23 - name: Build
settings: image: thegeeklab/drone-docker-buildx:23
repo: example/repo settings:
cache_from: repo: example/repo
# using quotes double-escaping is required cache_from:
- "type=registry\\\\,ref=example" # while using quotes, double-escaping is required
- 'type=foo\\,ref=bar' - "type=registry\\\\,ref=example"
- 'type=foo\\,ref=bar'
``` ```
type: list type: list
required: false required: false
@ -267,6 +269,27 @@ properties:
required: false required: false
- name: secrets - name: secrets
description: Exposes [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to the build. description: |
Exposes [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to the build.
The secrets can be used by the build using `RUN --mount=type=secret` mount.
```yaml
steps:
- name: Build
image: thegeeklab/drone-docker-buildx:23
privileged: true
environment:
SECURE_TOKEN:
from_secret: secure_token
settings:
secrets:
# while using quotes, double-escaping is required
- "id=raw_file_secret\\\\,src=file.txt"
- 'id=other_raw_file_secret\\,src=other_file.txt'
- "id=SECRET_TOKEN"
```
To use secrets from files a [host volume](https://docs.drone.io/pipeline/docker/syntax/volumes/host/) is required.
This should be used with caution and avoided whenever possible.
type: list type: list
required: false required: false