docker/build-push-action
1
0
Fork 0
mirror of https://github.com/docker/build-push-action.git synced 2025-04-29 18:29:15 +02:00
Code Activity

Allow to use secret file mount

Browse source 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax 2021-02-15 10:08:19 +01:00
parent e5f26cdae4
commit 080cadd33e
No known key found for this signature in database
GPG key ID: 3248E46B6BB8C7F7
8 changed files with 115 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

23
src/buildx.ts
View file

@ -18,17 +18,34 @@ export async function getImageID(): Promise<string | undefined> {
return fs.readFileSync(iidFile, {encoding: 'utf-8'});
}
export async function getSecret(kvp: string): Promise<string> {
export async function getSecretString(kvp: string): Promise<string> {
return getSecret(kvp, false);
}
export async function getSecretFile(kvp: string): Promise<string> {
return getSecret(kvp, true);
}
export async function getSecret(kvp: string, file: boolean): Promise<string> {
const delimiterIndex = kvp.indexOf('=');
const key = kvp.substring(0, delimiterIndex);
const value = kvp.substring(delimiterIndex + 1);
let value = kvp.substring(delimiterIndex + 1);
if (key.length == 0 || value.length == 0) {
throw new Error(`${kvp} is not a valid secret`);
}
if (file) {
if (!fs.existsSync(value)) {
throw new Error(`secret file ${value} not found`);
}
value = fs.readFileSync(value, {encoding: 'utf-8'});
}
const secretFile = context.tmpNameSync({
tmpdir: context.tmpDir()
});
await fs.writeFileSync(secretFile, value);
fs.writeFileSync(secretFile, value);
return `id=${key},src=${secretFile}`;
}

13
src/context.ts
View file

@ -30,6 +30,7 @@ export interface Inputs {
cacheFrom: string[];
cacheTo: string[];
secrets: string[];
secretFiles: string[];
githubToken: string;
ssh: string[];
}
@ -73,6 +74,7 @@ export async function getInputs(defaultContext: string): Promise<Inputs> {
cacheFrom: await getInputList('cache-from', true),
cacheTo: await getInputList('cache-to', true),
secrets: await getInputList('secrets', true),
secretFiles: await getInputList('secret-files', true),
githubToken: core.getInput('github-token'),
ssh: await getInputList('ssh')
};
@ -123,13 +125,20 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersio
});
await asyncForEach(inputs.secrets, async secret => {
try {
args.push('--secret', await buildx.getSecret(secret));
args.push('--secret', await buildx.getSecretString(secret));
} catch (err) {
core.warning(err.message);
}
});
await asyncForEach(inputs.secretFiles, async secretFile => {
try {
args.push('--secret', await buildx.getSecretFile(secretFile));
} catch (err) {
core.warning(err.message);
}
});
if (inputs.githubToken && !buildx.hasGitAuthToken(inputs.secrets) && inputs.context == defaultContext) {
args.push('--secret', await buildx.getSecret(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
args.push('--secret', await buildx.getSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
}
await asyncForEach(inputs.ssh, async ssh => {
args.push('--ssh', ssh);