Docker build support of secrets (#60)

tcarmet · web-flow · commit 06e437502f40 · 2024-03-29T23:49:17.000+01:00
diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
@@ -52,6 +52,9 @@ on:
         required: false
         type: boolean
         default: true
+      secrets:
+        required: false
+        type: string
     secrets:
       REGISTRY_LOGIN:
         required: false
@@ -94,3 +97,4 @@ jobs:
         no-cache: ${{ inputs.no-cache }}
         build-args: ${{ inputs.build-args }}
         file: ${{ env.FILE }}
+        secrets: ${{ inputs.secrets }}
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -12,6 +12,14 @@ jobs:
     with:
       context: tests/docker
       name: test
+  docker-build-with-secrets:
+    uses: ./.github/workflows/docker-build.yaml
+    with:
+      context: tests/docker-secrets
+      name: test-secrets
+      secrets: |
+        my_secret=toto
+        my_other_secret=tata
 
   trivy:
     needs: docker-build
diff --git a/tests/docker-secrets/Dockerfile b/tests/docker-secrets/Dockerfile
@@ -0,0 +1,10 @@
+FROM ubuntu
+
+RUN --mount=type=secret,id=my_secret \
+  cat /run/secrets/my_secret
+
+RUN --mount=type=secret,id=my_other_secret \
+  cat /run/secrets/my_other_secret
+
+RUN apt-get update && apt-get install -y \
+    git
