From 7c5f14a957effe809f155f2e8e5898111e241de3 Mon Sep 17 00:00:00 2001 From: Simon Vieille Date: Fri, 9 Feb 2024 15:18:45 +0100 Subject: [PATCH] add secret option add documentation --- cmd/docker-buildx/config.go | 6 +++ docs.md | 87 +++++++++++++++++++------------------ plugin/docker.go | 3 ++ plugin/impl.go | 1 + 4 files changed, 54 insertions(+), 43 deletions(-) diff --git a/cmd/docker-buildx/config.go b/cmd/docker-buildx/config.go index 05705f3..7c7b219 100644 --- a/cmd/docker-buildx/config.go +++ b/cmd/docker-buildx/config.go @@ -183,6 +183,12 @@ func settingsFlags(settings *plugin.Settings) []cli.Flag { Usage: "forwards environment variables as custom arguments to the build", Destination: &settings.Build.ArgsEnv, }, + &cli.StringFlag{ + Name: "secret", + EnvVars: []string{"PLUGIN_SECRET"}, + Usage: "sets custom secret argument for the build", + Destination: &settings.Build.Secret, + }, &cli.BoolFlag{ Name: "quiet", EnvVars: []string{"PLUGIN_QUIET"}, diff --git a/docs.md b/docs.md index 3f8ce32..ea8b7fa 100644 --- a/docs.md +++ b/docs.md @@ -92,50 +92,51 @@ docker-build: ## Advanced Settings -| Settings Name | Default | Description | +| Settings Name | Default | Description | | ------------------------------------- | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | -| `mirror` | _none_ | sets a registry mirror to pull images | -| `storage_driver` | _none_ | sets the docker daemon storage driver | -| `storage_path` | `/var/lib/docker` | sets the docker daemon storage path | -| `bip` | _none_ | allows the docker daemon to bride ip address | -| `mtu` | _none_ | sets docker daemon custom mtu setting | -| `custom_dns` | _none_ | sets custom docker daemon dns server | -| `custom_dns_search` | _none_ | sets custom docker daemon dns search domain | -| `insecure` | `false` | allows the docker daemon to use insecure registries | -| `ipv6` | `false` | enables docker daemon IPv6 support | -| `experimental` | `false` | enables docker daemon experimental mode | -| `debug` | `false` | enables verbose debug mode for the docker daemon | -| `daemon_off` | `false` | disables the startup of the docker daemon | -| `buildkit_debug` | `false` | enables debug output of buildkit | -| `buildkit_config` | _none_ | sets content of the docker[buildkit TOML config](https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md) | -| `buildkit_driveropt` | _none_ | adds one or multiple`--driver-opt` buildx arguments for the default buildkit builder instance | -| `tags_file` | _none_ | overrides the`tags` option with values in a file named `.tags`; multiple tags can be specified separated by a newline | -| `context` | `.` | sets the path of the build context to use | -| `auto_tag` | `false` | generates tag names automatically based on git branch and git tag, tags supplied via`tags` are additionally added to the auto_tags without suffix | -| `default_suffix"`/`auto_tag_suffix` | _none_ | generates tag names with the given suffix | -| `default_tag` | `latest` | overrides the default tag name used when generating with`auto_tag` enabled | -| `label`/`labels` | _none_ | sets labels to use for the image in format`=` | -| `default_labels`/`auto_labels` | `true` | sets docker image labels based on git information | -| `build_args` | _none_ | sets custom build arguments for the build | -| `build_args_from_env` | _none_ | forwards environment variables as custom arguments to the build | -| `quiet` | `false` | enables suppression of the build output | -| `target` | _none_ | sets the build target to use | -| `cache_from` | _none_ | sets configuration for cache source | -| `cache_to` | _none_ | sets configuration for cache export | -| `cache_images` | _none_ | a list of images to use as cache. | -| `pull_image` | `true` | enforces to pull base image at build time | -| `compress` | `false` | enables compression of the build context using gzip | -| `config` | _none_ | sets content of the docker daemon json config | -| `purge` | `true` | enables cleanup of the docker environment at the end of a build | -| `no_cache` | `false` | disables the usage of cached intermediate containers | -| `add_host` | _none_ | sets additional host:ip mapping | -| `output` | _none_ | sets build output in format`type=[,=]` | -| `logins` | _none_ | option to log into multiple registries | -| `env_file` | _none_ | load env vars from specified file | -| `ecr_create_repository` | `false` | creates the ECR repository if it does not exist | -| `ecr_lifecycle_policy` | _none_ | AWS ECR lifecycle policy | -| `ecr_repository_policy` | _none_ | AWS ECR repository policy | -| `ecr_scan_on_push` | _none_ | AWS: whether to enable image scanning on push | +| `mirror` | _none_ | sets a registry mirror to pull images | +| `storage_driver` | _none_ | sets the docker daemon storage driver | +| `storage_path` | `/var/lib/docker` | sets the docker daemon storage path | +| `bip` | _none_ | allows the docker daemon to bride ip address | +| `mtu` | _none_ | sets docker daemon custom mtu setting | +| `custom_dns` | _none_ | sets custom docker daemon dns server | +| `custom_dns_search` | _none_ | sets custom docker daemon dns search domain | +| `insecure` | `false` | allows the docker daemon to use insecure registries | +| `ipv6` | `false` | enables docker daemon IPv6 support | +| `experimental` | `false` | enables docker daemon experimental mode | +| `debug` | `false` | enables verbose debug mode for the docker daemon | +| `daemon_off` | `false` | disables the startup of the docker daemon | +| `buildkit_debug` | `false` | enables debug output of buildkit | +| `buildkit_config` | _none_ | sets content of the docker[buildkit TOML config](https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md) | +| `buildkit_driveropt` | _none_ | adds one or multiple`--driver-opt` buildx arguments for the default buildkit builder instance | +| `tags_file` | _none_ | overrides the`tags` option with values in a file named `.tags`; multiple tags can be specified separated by a newline | +| `context` | `.` | sets the path of the build context to use | +| `auto_tag` | `false` | generates tag names automatically based on git branch and git tag, tags supplied via`tags` are additionally added to the auto_tags without suffix | +| `default_suffix"`/`auto_tag_suffix` | _none_ | generates tag names with the given suffix | +| `default_tag` | `latest` | overrides the default tag name used when generating with`auto_tag` enabled | +| `label`/`labels` | _none_ | sets labels to use for the image in format`=` | +| `default_labels`/`auto_labels` | `true` | sets docker image labels based on git information | +| `build_args` | _none_ | sets custom build arguments for the build | +| `build_args_from_env` | _none_ | forwards environment variables as custom arguments to the build | +| `secret` | _none_ | Sets the build secret for the build | +| `quiet` | `false` | enables suppression of the build output | +| `target` | _none_ | sets the build target to use | +| `cache_from` | _none_ | sets configuration for cache source | +| `cache_to` | _none_ | sets configuration for cache export | +| `cache_images` | _none_ | a list of images to use as cache. | +| `pull_image` | `true` | enforces to pull base image at build time | +| `compress` | `false` | enables compression of the build context using gzip | +| `config` | _none_ | sets content of the docker daemon json config | +| `purge` | `true` | enables cleanup of the docker environment at the end of a build | +| `no_cache` | `false` | disables the usage of cached intermediate containers | +| `add_host` | _none_ | sets additional host:ip mapping | +| `output` | _none_ | sets build output in format`type=[,=]` | +| `logins` | _none_ | option to log into multiple registries | +| `env_file` | _none_ | load env vars from specified file | +| `ecr_create_repository` | `false` | creates the ECR repository if it does not exist | +| `ecr_lifecycle_policy` | _none_ | AWS ECR lifecycle policy | +| `ecr_repository_policy` | _none_ | AWS ECR repository policy | +| `ecr_scan_on_push` | _none_ | AWS: whether to enable image scanning on push | ## Multi registry push example diff --git a/plugin/docker.go b/plugin/docker.go index e966b37..43ea8d7 100644 --- a/plugin/docker.go +++ b/plugin/docker.go @@ -94,6 +94,9 @@ func commandBuild(build Build, dryrun bool) *exec.Cmd { for _, arg := range append(defaultBuildArgs, build.Args.Value()...) { args = append(args, "--build-arg", arg) } + if build.Secret != "" { + args = append(args, "--secret", build.Secret) + } for _, host := range build.AddHost.Value() { args = append(args, "--add-host", host) } diff --git a/plugin/impl.go b/plugin/impl.go index 563d03d..9546e0a 100644 --- a/plugin/impl.go +++ b/plugin/impl.go @@ -69,6 +69,7 @@ type Build struct { Platforms cli.StringSlice // Docker build target platforms Args cli.StringSlice // Docker build args ArgsEnv cli.StringSlice // Docker build args from env + Secret string // Docker build secret Target string // Docker build target Output string // Docker build output Pull bool // Docker build pull