Skip to content

Commit

Permalink
bake: handle git auth token when parsing remote definition
Browse files Browse the repository at this point in the history 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
  • Loading branch information
@crazy-max
crazy-max committed Mar 27, 2024
1 parent fdcc1cb commit f78f313
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 8 deletions.
8 changes: 7 additions & 1 deletion __tests__/buildx/bake.test.itg.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,12 +37,18 @@ maybe('getDefinition', () => {
['binaries-cross'],
path.join(fixturesDir, 'bake-buildx-0.10.4-binaries-cross.json')
],
[
'https://github.com/docker/test-docker-action.git#remote-private',
['default'],
path.join(fixturesDir, 'bake-buildx-0.10.4-binaries-cross.json')
]
])('given %p', async (source: string, targets: string[], out: string) => {
const bake = new Bake();
const expectedDef = <BakeDefinition>JSON.parse(fs.readFileSync(out, {encoding: 'utf-8'}).trim())
expect(await bake.getDefinition({
source: source,
targets: targets
targets: targets,
githubToken: process.env.GITHUB_TOKEN,
})).toEqual(expectedDef);
});
});
6 changes: 6 additions & 0 deletions src/buildx/bake.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ export interface BakeCmdOpts {
sbom?: string;
source?: string;
targets?: Array<string>;

githubToken?: string; // for auth with remote definitions on private repos
}

export class Bake {
Expand Down Expand Up @@ -80,6 +82,10 @@ export class Bake {
args.push('--set', override);
}
}
if (cmdOpts.githubToken) {
const gitAuthTokenSecret = Inputs.resolveBuildSecretString(`GIT_AUTH_TOKEN=${cmdOpts.githubToken}`);
args.push('--set', `*.secrets=${gitAuthTokenSecret}`);
}
if (cmdOpts.load) {
args.push('--load');
}
Expand Down
13 changes: 6 additions & 7 deletions src/buildx/inputs.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,24 +76,23 @@ export class Inputs {
}

public static resolveBuildSecretString(kvp: string): string {
return Inputs.resolveBuildSecret(kvp, false);
const [key, file] = Inputs.resolveBuildSecret(kvp, false);
return `id=${key},src=${file}`;
}

public static resolveBuildSecretFile(kvp: string): string {
return Inputs.resolveBuildSecret(kvp, true);
const [key, file] = Inputs.resolveBuildSecret(kvp, true);
return `id=${key},src=${file}`;
}

public static resolveBuildSecretEnv(kvp: string): string {
const [key, value] = parseKvp(kvp);

return `id=${key},env=${value}`;
}

public static resolveBuildSecret(kvp: string, file: boolean): string {
public static resolveBuildSecret(kvp: string, file: boolean): [string, string] {
const [key, _value] = parseKvp(kvp);

let value = _value;

if (file) {
if (!fs.existsSync(value)) {
throw new Error(`secret file ${value} not found`);
Expand All @@ -102,7 +101,7 @@ export class Inputs {
}
const secretFile = Context.tmpName({tmpdir: Context.tmpDir()});
fs.writeFileSync(secretFile, value);
return `id=${key},src=${secretFile}`;
return [key, secretFile];
}

public static getProvenanceInput(name: string): string {
Expand Down

0 comments on commit f78f313

Please sign in to comment.