Use buildkit secret mount support on dockerfile

Author: calebkiage

Dockerfile

@@ -7,17 +7,16 @@ FROM mcr.microsoft.com/dotnet/sdk:6.0-alpine AS build-env
 
 ARG MS_NUGET_URL=https://nuget.pkg.github.com/microsoft/index.json
 ARG MSGRAPH_NUGET_URL=https://nuget.pkg.github.com/microsoftgraph/index.json
-ARG NUGET_USER
-ARG NUGET_PASSWORD
 
 WORKDIR /app
 
 COPY ./src ./msgraph-cli/src
 COPY ./msgraph-cli-core ./msgraph-cli/msgraph-cli-core
 WORKDIR /app/msgraph-cli
 
-RUN dotnet nuget add source ${MS_NUGET_URL} -n ms-gh -u ${NUGET_USER} -p ${NUGET_PASSWORD} --store-password-in-clear-text &&\
-    dotnet nuget add source ${MSGRAPH_NUGET_URL} -n msgraph-gh -u ${NUGET_USER} -p ${NUGET_PASSWORD} --store-password-in-clear-text
+RUN --mount=type=secret,id=user,required=true --mount=type=secret,id=token,required=true \
+    dotnet nuget add source ${MS_NUGET_URL} -n ms-gh -u $(cat /run/secrets/user) -p $(cat /run/secrets/token) --store-password-in-clear-text &&\
+    dotnet nuget add source ${MSGRAPH_NUGET_URL} -n msgraph-gh -u $(cat /run/secrets/user) -p $(cat /run/secrets/token) --store-password-in-clear-text
 
 RUN dotnet publish -p:PublishSingleFile=false -p:PublishReadyToRun=true -p:PublishReadyToRunShowWarnings=true ./src/msgraph-cli.csproj --configuration Release --no-self-contained --runtime linux-musl-x64 --output /app/output
 

docker/README.md

@@ -17,18 +17,22 @@ $ docker run -it --cap-add=IPC_LOCK --rm msgraph-cli sh
 > performs token encryption.
 
 #### Building an image
-Set the `NUGET_USER` and `NUGET_TOKEN` environment variables to a token that has pull package access to the [microsoft](https://github.com/microsoft) and [microsoftgraph](https://github.com/microsoftgraph) GitHub organizations.
+Ensure you have a docker engine with API access [1.39+](https://docs.docker.com/engine/api/v1.39/) and BuildKit enabled.
+Create 2 files `nuget_user.txt` and `nuget_token.txt` and set their content to a username and a matching personal access token
+that has pull access to both the [microsoft](https://github.com/microsoft) and [microsoftgraph](https://github.com/microsoftgraph)
+GitHub organizations' package registries.
 
 To build an image in windows powershell:
 ```powershell
-$ docker build \\?\$(Get-Location) -f . -t msgraph-cli --build-arg NUGET_USER=$env:NUGET_USER --build-arg NUGET_PASSWORD=$env:NUGET_TOKEN
+$ docker build \\?\$(Get-Location) -f . -t msgraph-cli --secret id=user,src=./tmp/nuget_user.txt --secret id=token,src=./tmp/nuget_token.txt
 ```
 
 > The `\\?\$(Get-Location)` section of the command is used to get around the 260 character
 > limitation on windows systems that could cause issues when copying files to the docker
-> context. This issue impacts buildkit builds. For more information, check [this issue](https://github.com/moby/buildkit/issues/1366).
+> context. This issue impacts buildkit builds. For more information, check
+> [this issue](https://github.com/moby/buildkit/issues/1366).
 
 To build an image in linux or WSL:
 ```sh
-$ docker build -t msgraph-cli --build-arg NUGET_USER=$NUGET_USER --build-arg NUGET_PASSWORD=$NUGET_TOKEN .
+$ docker build -t msgraph-cli --secret id=user,src=./tmp/nuget_user.txt --secret id=token,src=./tmp/nuget_token.txt .
 ```