github/wp-docker-buildx
0
0
Fork 0
mirror of https://github.com/thegeeklab/wp-docker-buildx.git synced 2024-11-24 12:50:41 +00:00
Code Issues Releases Activity

docs: add usage exaple for docker build secrets (#283)

Browse Source
This commit is contained in:
Robert Kaussow 2023-06-28 20:42:47 +02:00 committed by GitHub
parent a572b72527
commit c7c3ad6942
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
_docs/content/_index.md
View File

@ -95,6 +95,29 @@ steps:
tags: latest tags: latest
``` ```
#### Expose secrets to the build
The [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) can be used by the build using `RUN --mount=type=secret` mount.
```Yaml
kind: pipeline
name: default
steps:
- name: docker
image: thegeeklab/drone-docker-buildx:23
privileged: true
environment:
SECURE_TOKEN:
from_secret: secure_token
settings:
secrets:
- "id=raw_file_secret,src=file.txt"
- "id=SECRET_TOKEN"
```
To use secrets from files a [host volume](https://docs.drone.io/pipeline/docker/syntax/volumes/host/) is required. This should be used with caution and avoided whenever possible.
## Build ## Build
Build the binary with the following command: Build the binary with the following command:

2
_docs/data/data.yaml
View File

@ -267,6 +267,6 @@ properties:
required: false required: false
- name: secrets - name: secrets
description: Pass [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) when building. description: Exposes [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to the build.
type: list type: list
required: false required: false

2
cmd/drone-docker-buildx/config.go
View File

@ -324,7 +324,7 @@ func settingsFlags(settings *plugin.Settings, category string) []cli.Flag {
&cli.StringSliceFlag{ &cli.StringSliceFlag{
Name: "secrets", Name: "secrets",
EnvVars: []string{"PLUGIN_SECRETS"}, EnvVars: []string{"PLUGIN_SECRETS"},
Usage: "secret key-value pairs", Usage: "exposes secrets to the build",
Destination: &settings.Build.Secrets, Destination: &settings.Build.Secrets,
Category: category, Category: category,
}, },

2
plugin/impl.go
View File

@ -65,7 +65,7 @@ type Build struct {
Labels cli.StringSlice // Docker build labels Labels cli.StringSlice // Docker build labels
Provenance string // Docker build provenance attestation Provenance string // Docker build provenance attestation
SBOM string // Docker build sbom attestation SBOM string // Docker build sbom attestation
Secrets cli.StringSlice // Docker build secret key-pairs Secrets cli.StringSlice // Docker build secrets
} }
// Settings for the Plugin. // Settings for the Plugin.