mirror of
https://github.com/docker/build-push-action.git
synced 2025-04-14 02:46:02 +02:00
enforce secrets input value as registered secret
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax
parent
84ad562665
commit
9a6e79724f
3 changed files with 32 additions and 17 deletions
|
|
@ -27,7 +27,7 @@
|
|||
"packageManager": "yarn@3.6.3",
|
||||
"dependencies": {
|
||||
"@actions/core": "^1.11.1",
|
||||
"@docker/actions-toolkit": "0.56.0",
|
||||
"@docker/actions-toolkit": "https://github.com/crazy-max/docker-actions-toolkit#secret-enforce-redact-test",
|
||||
"handlebars": "^4.7.7"
|
||||
},
|
||||
"devDependencies": {
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ export async function getInputs(): Promise<Inputs> {
|
|||
pull: core.getBooleanInput('pull'),
|
||||
push: core.getBooleanInput('push'),
|
||||
sbom: core.getInput('sbom'),
|
||||
secrets: Util.getInputList('secrets', {ignoreComma: true}),
|
||||
secrets: getSecretsInput(),
|
||||
'secret-envs': Util.getInputList('secret-envs'),
|
||||
'secret-files': Util.getInputList('secret-files', {ignoreComma: true}),
|
||||
'shm-size': core.getInput('shm-size'),
|
||||
|
|
@ -296,3 +296,18 @@ async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
|
|||
|
||||
return args;
|
||||
}
|
||||
|
||||
function getSecretsInput(): string[] {
|
||||
const secrets = Util.getInputList('secrets', {ignoreComma: true});
|
||||
|
||||
for (const secret of secrets) {
|
||||
try {
|
||||
// enforce value as registered GitHub Secret
|
||||
Build.parseSecretKvp(secret, true);
|
||||
} catch (err) {
|
||||
// ignore invalid secret
|
||||
}
|
||||
}
|
||||
|
||||
return secrets;
|
||||
}
|
||||
|
|
|
|||
30
yarn.lock
30
yarn.lock
|
|
@ -12,9 +12,9 @@ __metadata:
|
|||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"@actions/artifact@npm:^2.2.2":
|
||||
version: 2.2.2
|
||||
resolution: "@actions/artifact@npm:2.2.2"
|
||||
"@actions/artifact@npm:^2.3.2":
|
||||
version: 2.3.2
|
||||
resolution: "@actions/artifact@npm:2.3.2"
|
||||
dependencies:
|
||||
"@actions/core": ^1.10.0
|
||||
"@actions/github": ^5.1.1
|
||||
|
|
@ -28,13 +28,13 @@ __metadata:
|
|||
archiver: ^7.0.1
|
||||
jwt-decode: ^3.1.2
|
||||
unzip-stream: ^0.3.1
|
||||
checksum: 1501b3d0ceb671f370786ccf70014de9586c5a78c95d235248fc16c73bf928f8de2aa932a679258f6d9bc2f2e570648d830551af9f063298f05d19f3330b33bc
|
||||
checksum: 78ee41b43800accb2f3527e1733217c43d53693e7f96ce2470b16890fb84f5c2ebaaa6048ccdb6cfe188b54c02779ec99623c6932558e757f6829cfde203cf2c
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"@actions/cache@npm:^4.0.2":
|
||||
version: 4.0.2
|
||||
resolution: "@actions/cache@npm:4.0.2"
|
||||
"@actions/cache@npm:^4.0.3":
|
||||
version: 4.0.3
|
||||
resolution: "@actions/cache@npm:4.0.3"
|
||||
dependencies:
|
||||
"@actions/core": ^1.11.1
|
||||
"@actions/exec": ^1.0.1
|
||||
|
|
@ -46,7 +46,7 @@ __metadata:
|
|||
"@azure/storage-blob": ^12.13.0
|
||||
"@protobuf-ts/plugin": ^2.9.4
|
||||
semver: ^6.3.1
|
||||
checksum: 208f11238a26194f331b329bb99d50a87c1a3ccef1dbae181e5c142b3faf41715203e0c5cbc491519d3d97540a68fbd418c25fb6e16caabf76248c40867c02b4
|
||||
checksum: ee9c2a21a70bd3f35c63f302af478e23f135c26deb77ea2e4eed29c62766a4b201fc7435651c0d56fa504c02d203107e3bdfda1dba18a3ee09338e1dfc3f2fe8
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
|
|
@ -1072,12 +1072,12 @@ __metadata:
|
|||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"@docker/actions-toolkit@npm:0.56.0":
|
||||
version: 0.56.0
|
||||
resolution: "@docker/actions-toolkit@npm:0.56.0"
|
||||
"@docker/actions-toolkit@https://github.com/crazy-max/docker-actions-toolkit#secret-enforce-redact-test":
|
||||
version: 0.0.0+unknown
|
||||
resolution: "@docker/actions-toolkit@https://github.com/crazy-max/docker-actions-toolkit.git#commit=222f5b3354ec41cd22ed7c0f2f9e510bd90ccc3c"
|
||||
dependencies:
|
||||
"@actions/artifact": ^2.2.2
|
||||
"@actions/cache": ^4.0.2
|
||||
"@actions/artifact": ^2.3.2
|
||||
"@actions/cache": ^4.0.3
|
||||
"@actions/core": ^1.11.1
|
||||
"@actions/exec": ^1.1.1
|
||||
"@actions/github": ^6.0.0
|
||||
|
|
@ -1097,7 +1097,7 @@ __metadata:
|
|||
semver: ^7.7.1
|
||||
tar-stream: ^3.1.7
|
||||
tmp: ^0.2.3
|
||||
checksum: 0f1b569f8bb206399f8c26e566c78e30e4a311bbd64486016e7fa1d35fbbb4c94d4f55afa6b711afa4b41c5835b40b038f48c3d1bfdfdc6f7c6680973e922d9e
|
||||
checksum: d1b0b8f868d838f4f02a172c2dc34ae2855a6047efba739e68b693e129480b295b4059ba5802abfe9d3b1d62e794fccc408a2961720e9ff13b8b9db6c89bf085
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
|
|
@ -3143,7 +3143,7 @@ __metadata:
|
|||
resolution: "docker-build-push@workspace:."
|
||||
dependencies:
|
||||
"@actions/core": ^1.11.1
|
||||
"@docker/actions-toolkit": 0.56.0
|
||||
"@docker/actions-toolkit": "https://github.com/crazy-max/docker-actions-toolkit#secret-enforce-redact-test"
|
||||
"@types/node": ^20.12.12
|
||||
"@typescript-eslint/eslint-plugin": ^7.9.0
|
||||
"@typescript-eslint/parser": ^7.9.0
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue