This commit is contained in:
elias-lundgren 2023-10-05 08:02:10 +00:00 committed by GitHub
commit 6f674e8e36
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 70 additions and 32 deletions

View File

@ -393,6 +393,31 @@ jobs:
MYSECRET=foo MYSECRET=foo
INVALID_SECRET= INVALID_SECRET=
env-secret:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Docker buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./
env:
ENV_SECRET: foo
with:
context: .
file: ./test/secret.Dockerfile
env-secrets: |
MYSECRET=ENV_SECRET
INVALID_SECRET=
network: network:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:

View File

@ -214,7 +214,7 @@ Following inputs can be used as `step.with` keys
> ``` > ```
| Name | Type | Description | | Name | Type | Description |
|--------------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |--------------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `add-hosts` | List/CSV | List of [customs host-to-IP mapping](https://docs.docker.com/engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host) (e.g., `docker:10.180.0.1`) | | `add-hosts` | List/CSV | List of [customs host-to-IP mapping](https://docs.docker.com/engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host) (e.g., `docker:10.180.0.1`) |
| `allow` | List/CSV | List of [extra privileged entitlement](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow) (e.g., `network.host,security.insecure`) | | `allow` | List/CSV | List of [extra privileged entitlement](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow) (e.g., `network.host,security.insecure`) |
| `attests` | List | List of [attestation](https://docs.docker.com/build/attestations/) parameters (e.g., `type=sbom,generator=image`) | | `attests` | List | List of [attestation](https://docs.docker.com/build/attestations/) parameters (e.g., `type=sbom,generator=image`) |
@ -225,6 +225,7 @@ Following inputs can be used as `step.with` keys
| `cache-to` | List | List of [cache export destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-to) (e.g., `type=local,dest=path/to/dir`) | | `cache-to` | List | List of [cache export destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-to) (e.g., `type=local,dest=path/to/dir`) |
| `cgroup-parent` | String | Optional [parent cgroup](https://docs.docker.com/engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent) for the container used in the build | | `cgroup-parent` | String | Optional [parent cgroup](https://docs.docker.com/engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent) for the container used in the build |
| `context` | String | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) | | `context` | String | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) |
| `env-secrets` | List | List of [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build using environment variables from the GitHub runner (e.g., MY_SECRET=MY_ENV_VAR) |
| `file` | String | Path to the Dockerfile. (default `{context}/Dockerfile`) | | `file` | String | Path to the Dockerfile. (default `{context}/Dockerfile`) |
| `labels` | List | List of metadata for an image | | `labels` | List | List of metadata for an image |
| `load` | Bool | [Load](https://docs.docker.com/engine/reference/commandline/buildx_build/#load) is a shorthand for `--output=type=docker` (default `false`) | | `load` | Bool | [Load](https://docs.docker.com/engine/reference/commandline/buildx_build/#load) is a shorthand for `--output=type=docker` (default `false`) |

View File

@ -37,6 +37,9 @@ inputs:
context: context:
description: "Build's context is the set of files located in the specified PATH or URL" description: "Build's context is the set of files located in the specified PATH or URL"
required: false required: false
env-secrets:
description: "List of secrets to expose to the build using environment variables from the GitHub runner (e.g., MY_SECRET=MY_ENV_VAR)"
required: false
file: file:
description: "Path to the Dockerfile" description: "Path to the Dockerfile"
required: false required: false

View File

@ -17,6 +17,7 @@ export interface Inputs {
cacheTo: string[]; cacheTo: string[];
cgroupParent: string; cgroupParent: string;
context: string; context: string;
envSecrets: string[];
file: string; file: string;
labels: string[]; labels: string[];
load: boolean; load: boolean;
@ -51,6 +52,7 @@ export async function getInputs(): Promise<Inputs> {
cacheTo: Util.getInputList('cache-to', {ignoreComma: true}), cacheTo: Util.getInputList('cache-to', {ignoreComma: true}),
cgroupParent: core.getInput('cgroup-parent'), cgroupParent: core.getInput('cgroup-parent'),
context: core.getInput('context') || Context.gitContext(), context: core.getInput('context') || Context.gitContext(),
envSecrets: Util.getInputList('env-secrets', {ignoreComma: true}),
file: core.getInput('file'), file: core.getInput('file'),
labels: Util.getInputList('labels', {ignoreComma: true}), labels: Util.getInputList('labels', {ignoreComma: true}),
load: core.getBooleanInput('load'), load: core.getBooleanInput('load'),
@ -116,6 +118,13 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
if (inputs.cgroupParent) { if (inputs.cgroupParent) {
args.push('--cgroup-parent', inputs.cgroupParent); args.push('--cgroup-parent', inputs.cgroupParent);
} }
await Util.asyncForEach(inputs.envSecrets, async envSecret => {
try {
args.push('--secret', BuildxInputs.resolveBuildSecretEnv(envSecret));
} catch (err) {
core.warning(err.message);
}
});
if (inputs.file) { if (inputs.file) {
args.push('--file', inputs.file); args.push('--file', inputs.file);
} }