Rename env-secrets to secrets-env add tests

Signed-off-by: Elias Lundgren <145569914+elias-lundgren@users.noreply.github.com>
This commit is contained in:
Elias Lundgren 2023-10-09 15:20:27 +02:00
parent 507ffcdb88
commit a9c205dd7c
No known key found for this signature in database
6 changed files with 89 additions and 46 deletions

View File

@ -213,39 +213,39 @@ Following inputs can be used as `step.with` keys
> tags: name/app:latest,name/app:1.0.0 > tags: name/app:latest,name/app:1.0.0
> ``` > ```
| Name | Type | Description | | Name | Type | Description |
|--------------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |--------------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `add-hosts` | List/CSV | List of [customs host-to-IP mapping](https://docs.docker.com/engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host) (e.g., `docker:10.180.0.1`) | | `add-hosts` | List/CSV | List of [customs host-to-IP mapping](https://docs.docker.com/engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host) (e.g., `docker:10.180.0.1`) |
| `allow` | List/CSV | List of [extra privileged entitlement](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow) (e.g., `network.host,security.insecure`) | | `allow` | List/CSV | List of [extra privileged entitlement](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow) (e.g., `network.host,security.insecure`) |
| `attests` | List | List of [attestation](https://docs.docker.com/build/attestations/) parameters (e.g., `type=sbom,generator=image`) | | `attests` | List | List of [attestation](https://docs.docker.com/build/attestations/) parameters (e.g., `type=sbom,generator=image`) |
| `builder` | String | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) | | `builder` | String | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) |
| `build-args` | List | List of [build-time variables](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-arg) | | `build-args` | List | List of [build-time variables](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-arg) |
| `build-contexts` | List | List of additional [build contexts](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-context) (e.g., `name=path`) | | `build-contexts` | List | List of additional [build contexts](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-context) (e.g., `name=path`) |
| `cache-from` | List | List of [external cache sources](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-from) (e.g., `type=local,src=path/to/dir`) | | `cache-from` | List | List of [external cache sources](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-from) (e.g., `type=local,src=path/to/dir`) |
| `cache-to` | List | List of [cache export destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-to) (e.g., `type=local,dest=path/to/dir`) | | `cache-to` | List | List of [cache export destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-to) (e.g., `type=local,dest=path/to/dir`) |
| `cgroup-parent` | String | Optional [parent cgroup](https://docs.docker.com/engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent) for the container used in the build | | `cgroup-parent` | String | Optional [parent cgroup](https://docs.docker.com/engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent) for the container used in the build |
| `context` | String | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) | | `context` | String | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) |
| `env-secrets` | List | List of [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build using environment variables from the GitHub runner (e.g., MY_SECRET=MY_ENV_VAR) | | `file` | String | Path to the Dockerfile. (default `{context}/Dockerfile`) |
| `file` | String | Path to the Dockerfile. (default `{context}/Dockerfile`) | | `labels` | List | List of metadata for an image |
| `labels` | List | List of metadata for an image | | `load` | Bool | [Load](https://docs.docker.com/engine/reference/commandline/buildx_build/#load) is a shorthand for `--output=type=docker` (default `false`) |
| `load` | Bool | [Load](https://docs.docker.com/engine/reference/commandline/buildx_build/#load) is a shorthand for `--output=type=docker` (default `false`) | | `network` | String | Set the networking mode for the `RUN` instructions during build |
| `network` | String | Set the networking mode for the `RUN` instructions during build | | `no-cache` | Bool | Do not use cache when building the image (default `false`) |
| `no-cache` | Bool | Do not use cache when building the image (default `false`) | | `no-cache-filters` | List/CSV | Do not cache specified stages |
| `no-cache-filters` | List/CSV | Do not cache specified stages | | `outputs`¹ | List | List of [output destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#output) (format: `type=local,dest=path`) |
| `outputs`¹ | List | List of [output destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#output) (format: `type=local,dest=path`) | | `platforms` | List/CSV | List of [target platforms](https://docs.docker.com/engine/reference/commandline/buildx_build/#platform) for build |
| `platforms` | List/CSV | List of [target platforms](https://docs.docker.com/engine/reference/commandline/buildx_build/#platform) for build | | `provenance` | Bool/String | Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build (shorthand for `--attest=type=provenance`) |
| `provenance` | Bool/String | Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build (shorthand for `--attest=type=provenance`) | | `pull` | Bool | Always attempt to pull all referenced images (default `false`) |
| `pull` | Bool | Always attempt to pull all referenced images (default `false`) | | `push` | Bool | [Push](https://docs.docker.com/engine/reference/commandline/buildx_build/#push) is a shorthand for `--output=type=registry` (default `false`) |
| `push` | Bool | [Push](https://docs.docker.com/engine/reference/commandline/buildx_build/#push) is a shorthand for `--output=type=registry` (default `false`) | | `sbom` | Bool/String | Generate [SBOM](https://docs.docker.com/build/attestations/sbom/) attestation for the build (shorthand for `--attest=type=sbom`) |
| `sbom` | Bool/String | Generate [SBOM](https://docs.docker.com/build/attestations/sbom/) attestation for the build (shorthand for `--attest=type=sbom`) | | `secrets` | List | List of [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=string`, `GIT_AUTH_TOKEN=mytoken`) |
| `secrets` | List | List of [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=string`, `GIT_AUTH_TOKEN=mytoken`) | | `secret-envs` | List/CSV | List of [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build using environment variables (e.g., MY_SECRET=MY_ENV_VAR) |
| `secret-files` | List | List of [secret files](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=filename`, `MY_SECRET=./secret.txt`) | | `secret-files` | List | List of [secret files](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=filename`, `MY_SECRET=./secret.txt`) |
| `shm-size` | String | Size of [`/dev/shm`](https://docs.docker.com/engine/reference/commandline/buildx_build/#shm-size) (e.g., `2g`) | | `shm-size` | String | Size of [`/dev/shm`](https://docs.docker.com/engine/reference/commandline/buildx_build/#shm-size) (e.g., `2g`) |
| `ssh` | List | List of [SSH agent socket or keys](https://docs.docker.com/engine/reference/commandline/buildx_build/#ssh) to expose to the build | | `ssh` | List | List of [SSH agent socket or keys](https://docs.docker.com/engine/reference/commandline/buildx_build/#ssh) to expose to the build |
| `tags` | List/CSV | List of tags | | `tags` | List/CSV | List of tags |
| `target` | String | Sets the target stage to build | | `target` | String | Sets the target stage to build |
| `ulimit` | List | [Ulimit](https://docs.docker.com/engine/reference/commandline/buildx_build/#ulimit) options (e.g., `nofile=1024:1024`) | | `ulimit` | List | [Ulimit](https://docs.docker.com/engine/reference/commandline/buildx_build/#ulimit) options (e.g., `nofile=1024:1024`) |
| `github-token` | String | GitHub Token used to authenticate against a repository for [Git context](#git-context) (default `${{ github.token }}`) | | `github-token` | String | GitHub Token used to authenticate against a repository for [Git context](#git-context) (default `${{ github.token }}`) |
> **Note** > **Note**
> >

View File

@ -619,6 +619,49 @@ nproc=3`],
'.' '.'
] ]
], ],
[
25,
'0.10.0',
new Map<string, string>([
['context', '.'],
['no-cache', 'false'],
['load', 'true'],
['push', 'false'],
['pull', 'false'],
['secret-envs', `MY_SECRET=MY_SECRET_ENV
ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
]),
[
'build',
'--secret', 'id=MY_SECRET,env=MY_SECRET_ENV',
'--secret', 'id=ANOTHER_SECRET,env=ANOTHER_SECRET_ENV',
'--iidfile', path.join(tmpDir, 'iidfile'),
'--load',
'--metadata-file', path.join(tmpDir, 'metadata-file'),
'.'
]
],
[
26,
'0.10.0',
new Map<string, string>([
['context', '.'],
['no-cache', 'false'],
['load', 'true'],
['push', 'false'],
['pull', 'false'],
['secret-envs', 'MY_SECRET=MY_SECRET_ENV,ANOTHER_SECRET=ANOTHER_SECRET_ENV']
]),
[
'build',
'--secret', 'id=MY_SECRET,env=MY_SECRET_ENV',
'--secret', 'id=ANOTHER_SECRET,env=ANOTHER_SECRET_ENV',
'--iidfile', path.join(tmpDir, 'iidfile'),
'--load',
'--metadata-file', path.join(tmpDir, 'metadata-file'),
'.'
]
],
])( ])(
'[%d] given %p with %p as inputs, returns %p', '[%d] given %p with %p as inputs, returns %p',
async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => { async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => {

View File

@ -37,9 +37,6 @@ inputs:
context: context:
description: "Build's context is the set of files located in the specified PATH or URL" description: "Build's context is the set of files located in the specified PATH or URL"
required: false required: false
env-secrets:
description: "List of secrets to expose to the build using environment variables from the GitHub runner (e.g., MY_SECRET=MY_ENV_VAR)"
required: false
file: file:
description: "Path to the Dockerfile" description: "Path to the Dockerfile"
required: false required: false
@ -83,6 +80,9 @@ inputs:
secrets: secrets:
description: "List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)" description: "List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)"
required: false required: false
secret-envs:
description: "List of secrets to expose to the build using environment variables (e.g., MY_SECRET=MY_ENV_VAR)"
required: false
secret-files: secret-files:
description: "List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)" description: "List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)"
required: false required: false

10
dist/index.js generated vendored

File diff suppressed because one or more lines are too long

2
dist/index.js.map generated vendored

File diff suppressed because one or more lines are too long

View File

@ -17,7 +17,6 @@ export interface Inputs {
cacheTo: string[]; cacheTo: string[];
cgroupParent: string; cgroupParent: string;
context: string; context: string;
envSecrets: string[];
file: string; file: string;
labels: string[]; labels: string[];
load: boolean; load: boolean;
@ -31,6 +30,7 @@ export interface Inputs {
push: boolean; push: boolean;
sbom: string; sbom: string;
secrets: string[]; secrets: string[];
secretEnvs: string[];
secretFiles: string[]; secretFiles: string[];
shmSize: string; shmSize: string;
ssh: string[]; ssh: string[];
@ -52,7 +52,6 @@ export async function getInputs(): Promise<Inputs> {
cacheTo: Util.getInputList('cache-to', {ignoreComma: true}), cacheTo: Util.getInputList('cache-to', {ignoreComma: true}),
cgroupParent: core.getInput('cgroup-parent'), cgroupParent: core.getInput('cgroup-parent'),
context: core.getInput('context') || Context.gitContext(), context: core.getInput('context') || Context.gitContext(),
envSecrets: Util.getInputList('env-secrets', {ignoreComma: true}),
file: core.getInput('file'), file: core.getInput('file'),
labels: Util.getInputList('labels', {ignoreComma: true}), labels: Util.getInputList('labels', {ignoreComma: true}),
load: core.getBooleanInput('load'), load: core.getBooleanInput('load'),
@ -66,6 +65,7 @@ export async function getInputs(): Promise<Inputs> {
push: core.getBooleanInput('push'), push: core.getBooleanInput('push'),
sbom: core.getInput('sbom'), sbom: core.getInput('sbom'),
secrets: Util.getInputList('secrets', {ignoreComma: true}), secrets: Util.getInputList('secrets', {ignoreComma: true}),
secretEnvs: Util.getInputList('secret-envs'),
secretFiles: Util.getInputList('secret-files', {ignoreComma: true}), secretFiles: Util.getInputList('secret-files', {ignoreComma: true}),
shmSize: core.getInput('shm-size'), shmSize: core.getInput('shm-size'),
ssh: Util.getInputList('ssh'), ssh: Util.getInputList('ssh'),
@ -118,9 +118,9 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
if (inputs.cgroupParent) { if (inputs.cgroupParent) {
args.push('--cgroup-parent', inputs.cgroupParent); args.push('--cgroup-parent', inputs.cgroupParent);
} }
await Util.asyncForEach(inputs.envSecrets, async envSecret => { await Util.asyncForEach(inputs.secretEnvs, async secretEnv => {
try { try {
args.push('--secret', BuildxInputs.resolveBuildSecretEnv(envSecret)); args.push('--secret', BuildxInputs.resolveBuildSecretEnv(secretEnv));
} catch (err) { } catch (err) {
core.warning(err.message); core.warning(err.message);
} }