Allow to use secret file mount

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2025-04-22 14:46:39 +02:00 · 2021-02-15 10:08:19 +01:00 · 2021-02-15 10:08:19 +01:00 · 080cadd33e
commit 080cadd33e
parent e5f26cdae4
8 changed files with 115 additions and 29 deletions
--- a/tests/buildx.test.ts
+++ b/tests/buildx.test.ts
@ -119,21 +119,34 @@ describe('parseVersion', () => {

 describe('getSecret', () => {
  test.each([
-    ['A_SECRET=abcdef0123456789', 'A_SECRET', 'abcdef0123456789', false],
-    ['GIT_AUTH_TOKEN=abcdefghijklmno=0123456789', 'GIT_AUTH_TOKEN', 'abcdefghijklmno=0123456789', false],
-    ['MY_KEY=c3RyaW5nLXdpdGgtZXF1YWxzCg==', 'MY_KEY', 'c3RyaW5nLXdpdGgtZXF1YWxzCg==', false],
-    ['aaaaaaaa', '', '', true],
-    ['aaaaaaaa=', '', '', true],
-    ['=bbbbbbb', '', '', true]
-  ])('given %p key and %p secret', async (kvp, key, secret, invalid) => {
+    ['A_SECRET=abcdef0123456789', false, 'A_SECRET', 'abcdef0123456789', false],
+    ['GIT_AUTH_TOKEN=abcdefghijklmno=0123456789', false, 'GIT_AUTH_TOKEN', 'abcdefghijklmno=0123456789', false],
+    ['MY_KEY=c3RyaW5nLXdpdGgtZXF1YWxzCg==', false, 'MY_KEY', 'c3RyaW5nLXdpdGgtZXF1YWxzCg==', false],
+    ['aaaaaaaa', false, '', '', true],
+    ['aaaaaaaa=', false, '', '', true],
+    ['=bbbbbbb', false, '', '', true],
+    [
+      `foo=${path.join(__dirname, 'fixtures', 'secret.txt').split(path.sep).join(path.posix.sep)}`,
+      true,
+      'foo',
+      'bar',
+      false
+    ],
+    [`notfound=secret`, true, '', '', true]
+  ])('given %p key and %p secret', async (kvp, file, exKey, exValue, invalid) => {
    try {
-      const secretArgs = await buildx.getSecret(kvp);
+      let secret: string;
+      if (file) {
+        secret = await buildx.getSecretFile(kvp);
+      } else {
+        secret = await buildx.getSecretString(kvp);
+      }
      expect(true).toBe(!invalid);
-      console.log(`secretArgs: ${secretArgs}`);
-      expect(secretArgs).toEqual(`id=${key},src=${tmpNameSync}`);
-      const secretContent = await fs.readFileSync(tmpNameSync, 'utf-8');
-      console.log(`secretValue: ${secretContent}`);
-      expect(secretContent).toEqual(secret);
+      console.log(`secret: ${secret}`);
+      expect(secret).toEqual(`id=${exKey},src=${tmpNameSync}`);
+      const secretValue = await fs.readFileSync(tmpNameSync, 'utf-8');
+      console.log(`secretValue: ${secretValue}`);
+      expect(secretValue).toEqual(exValue);
    } catch (err) {
      expect(true).toBe(invalid);
    }
--- a/tests/context.test.ts
+++ b/tests/context.test.ts
@ -337,6 +337,27 @@ ccc`],
        '--push',
        'https://github.com/docker/build-push-action.git#heads/master'
      ]
+    ],
+    [
+      '0.5.1',
+      new Map<string, string>([
+        ['context', 'https://github.com/docker/build-push-action.git#heads/master'],
+        ['tag', 'localhost:5000/name/app:latest'],
+        ['secret-files', `MY_SECRET=${path.join(__dirname, 'fixtures', 'secret.txt').split(path.sep).join(path.posix.sep)}`],
+        ['file', './test/Dockerfile'],
+        ['builder', 'builder-git-context-2'],
+        ['push', 'true']
+      ]),
+      [
+        'buildx',
+        'build',
+        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
+        '--secret', 'id=MY_SECRET,src=/tmp/.docker-build-push-jest/.tmpname-jest',
+        '--file', './test/Dockerfile',
+        '--builder', 'builder-git-context-2',
+        '--push',
+        'https://github.com/docker/build-push-action.git#heads/master'
+      ]
    ]
  ])(
    'given %p with %p as inputs, returns %p',
--- a/tests/fixtures/secret.txt
+++ b/tests/fixtures/secret.txt
@ -0,0 +1 @@
+bar