build: experimenting -- do not merge

nicklasl · nicklasl · commit 0b1adbcff743 · 2025-10-24T15:01:25.000+02:00
diff --git a/.github/workflows/secrets-testing.yml b/.github/workflows/secrets-testing.yml
@@ -0,0 +1,57 @@
+name: Secrets Testing
+
+on:
+  push:
+    branches: [main,build-secrets-testing]
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  secrets-testing:
+    name: Secrets Testing
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Write secret to file
+        run: |
+          cat > /tmp/test_secret.txt <<'EOF'
+          <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
+              <localRepository/>
+              <interactiveMode/>
+              <offline/>
+              <userName>
+              ${{ secrets.NICKLAS_TEST_SECRET }}
+              </userName>
+              <servers/>
+              <mirrors/>
+              <proxies/>
+              <profiles/>
+              <!-- Never do this at home kids! -->
+              <activeProfiles/>
+          </settings>
+          EOF
+
+      - name: test secrets
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          target: secrets-testing.print
+          push: false
+          outputs: type=local,dest=./out
+          secret-files: |
+            test_secret=/tmp/test_secret.txt
+
+      - name: Print extracted secret
+        run: |
+          echo "=== Extracted secret contents ==="
+          cat ./out/secret.txt
diff --git a/Dockerfile b/Dockerfile
@@ -416,6 +416,15 @@ FROM openfeature-provider-js.test AS openfeature-provider-js.test_e2e
 RUN --mount=type=secret,id=js_e2e_test_env,target=.env.test \
     make test-e2e
 
+# ==============================================================================
+# Test Secrets
+# ==============================================================================
+FROM alpine AS secrets-testing.print
+
+# Never do this at home kids!
+RUN --mount=type=secret,id=test_secret,target=/run/secrets/secret.txt \
+    cp /run/secrets/secret.txt /secret.txt 
+
 # ==============================================================================
 # Build OpenFeature Provider
 # ==============================================================================
