feat: add support for docker build secrets (#282)

Author: moeen

_docs/data/data.yaml

@@ -265,3 +265,8 @@ properties:
     description: Generate [sbom](https://docs.docker.com/build/attestations/sbom/) attestation for the build (shorthand for `--attest type=sbom`).
     type: string
     required: false
+
+  - name: secrets
+    description: Pass [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) when building.
+    type: list
+    required: false

cmd/drone-docker-buildx/config.go

@@ -321,5 +321,12 @@ func settingsFlags(settings *plugin.Settings, category string) []cli.Flag {
 			Destination: &settings.Build.SBOM,
 			Category:    category,
 		},
+		&cli.StringSliceFlag{
+			Name:        "secrets",
+			EnvVars:     []string{"PLUGIN_SECRETS"},
+			Usage:       "secret key-value pairs",
+			Destination: &settings.Build.Secrets,
+			Category:    category,
+		},
 	}
 }

plugin/docker.go

@@ -160,6 +160,10 @@ func commandBuild(build Build, dryrun bool) *execabs.Cmd {
 		args = append(args, "--sbom", build.SBOM)
 	}
 
+	for _, secret := range build.Secrets.Value() {
+		args = append(args, "--secret", secret)
+	}
+
 	return execabs.Command(dockerBin, args...)
 }
 

plugin/impl.go

@@ -65,6 +65,7 @@ type Build struct {
 	Labels       cli.StringSlice // Docker build labels
 	Provenance   string          // Docker build provenance attestation
 	SBOM         string          // Docker build sbom attestation
+	Secrets      cli.StringSlice // Docker build secret key-pairs
 }
 
 // Settings for the Plugin.