forked from Ivasoft/drone-docker
Add support for multiple Buildkit secrets with env vars or files as source (#359)
This commit is contained in:
Stefano Arlandini
committed by
GitHub
GitHub
parent
d0b9da388f
commit
94f2f970db
42
docker.go
42
docker.go
@@ -59,6 +59,8 @@ type (
|
||||
Link string // Git repo link
|
||||
NoCache bool // Docker build no-cache
|
||||
Secret string // secret keypair
|
||||
SecretEnvs []string // Docker build secrets with env var as source
|
||||
SecretFiles []string // Docker build secrets with file as source
|
||||
AddHost []string // Docker build add-host
|
||||
Quiet bool // Docker build quiet
|
||||
}
|
||||
@@ -306,6 +308,16 @@ func commandBuild(build Build) *exec.Cmd {
|
||||
if build.Secret != "" {
|
||||
args = append(args, "--secret", build.Secret)
|
||||
}
|
||||
for _, secret := range build.SecretEnvs {
|
||||
if arg, err := getSecretStringCmdArg(secret); err == nil {
|
||||
args = append(args, "--secret", arg)
|
||||
}
|
||||
}
|
||||
for _, secret := range build.SecretFiles {
|
||||
if arg, err := getSecretFileCmdArg(secret); err == nil {
|
||||
args = append(args, "--secret", arg)
|
||||
}
|
||||
}
|
||||
if build.Target != "" {
|
||||
args = append(args, "--target", build.Target)
|
||||
}
|
||||
@@ -338,12 +350,40 @@ func commandBuild(build Build) *exec.Cmd {
|
||||
}
|
||||
|
||||
// we need to enable buildkit, for secret support
|
||||
if build.Secret != "" {
|
||||
if build.Secret != "" || len(build.SecretEnvs) > 0 || len(build.SecretFiles) > 0 {
|
||||
os.Setenv("DOCKER_BUILDKIT", "1")
|
||||
}
|
||||
return exec.Command(dockerExe, args...)
|
||||
}
|
||||
|
||||
func getSecretStringCmdArg(kvp string) (string, error) {
|
||||
return getSecretCmdArg(kvp, false)
|
||||
}
|
||||
|
||||
func getSecretFileCmdArg(kvp string) (string, error) {
|
||||
return getSecretCmdArg(kvp, true)
|
||||
}
|
||||
|
||||
func getSecretCmdArg(kvp string, file bool) (string, error) {
|
||||
delimIndex := strings.IndexByte(kvp, '=')
|
||||
if delimIndex == -1 {
|
||||
return "", fmt.Errorf("%s is not a valid secret", kvp)
|
||||
}
|
||||
|
||||
key := kvp[:delimIndex]
|
||||
value := kvp[delimIndex+1:]
|
||||
|
||||
if key == "" || value == "" {
|
||||
return "", fmt.Errorf("%s is not a valid secret", kvp)
|
||||
}
|
||||
|
||||
if file {
|
||||
return fmt.Sprintf("id=%s,src=%s", key, value), nil
|
||||
}
|
||||
|
||||
return fmt.Sprintf("id=%s,env=%s", key, value), nil
|
||||
}
|
||||
|
||||
// helper function to add proxy values from the environment
|
||||
func addProxyBuildArgs(build *Build) {
|
||||
addProxyValue(build, "http_proxy")
|
||||
|
||||
Reference in New Issue
Block a user