diff --git a/_docs/data/data.yaml b/_docs/data/data.yaml index 3fcc79c..181bda8 100644 --- a/_docs/data/data.yaml +++ b/_docs/data/data.yaml @@ -265,3 +265,8 @@ properties: description: Generate [sbom](https://docs.docker.com/build/attestations/sbom/) attestation for the build (shorthand for `--attest type=sbom`). type: string required: false + + - name: secrets + description: Pass [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) when building. + type: list + required: false diff --git a/cmd/drone-docker-buildx/config.go b/cmd/drone-docker-buildx/config.go index ac41ddb..479d720 100644 --- a/cmd/drone-docker-buildx/config.go +++ b/cmd/drone-docker-buildx/config.go @@ -321,5 +321,12 @@ func settingsFlags(settings *plugin.Settings, category string) []cli.Flag { Destination: &settings.Build.SBOM, Category: category, }, + &cli.StringSliceFlag{ + Name: "secrets", + EnvVars: []string{"PLUGIN_SECRETS"}, + Usage: "secret key-value pairs", + Destination: &settings.Build.Secrets, + Category: category, + }, } } diff --git a/plugin/docker.go b/plugin/docker.go index 7ad7499..cd44a2f 100644 --- a/plugin/docker.go +++ b/plugin/docker.go @@ -160,6 +160,10 @@ func commandBuild(build Build, dryrun bool) *execabs.Cmd { args = append(args, "--sbom", build.SBOM) } + for _, secret := range build.Secrets.Value() { + args = append(args, "--secret", secret) + } + return execabs.Command(dockerBin, args...) } diff --git a/plugin/impl.go b/plugin/impl.go index ce530b7..b4cfeca 100644 --- a/plugin/impl.go +++ b/plugin/impl.go @@ -65,6 +65,7 @@ type Build struct { Labels cli.StringSlice // Docker build labels Provenance string // Docker build provenance attestation SBOM string // Docker build sbom attestation + Secrets cli.StringSlice // Docker build secret key-pairs } // Settings for the Plugin.