diff --git a/__tests__/.fixtures/bake-03-default.json b/__tests__/.fixtures/bake-03-default.json index b251fa72..89ddf047 100644 --- a/__tests__/.fixtures/bake-03-default.json +++ b/__tests__/.fixtures/bake-03-default.json @@ -42,6 +42,19 @@ "ref": "user/app", "type": "registry" } + ], + "secret": [ + { + "env": "GITHUB_TOKEN", + "id": "GITHUB_TOKEN" + }, + { + "id": "aws", + "src": "__tests__/.fixtures/secret.txt" + }, + { + "id": "GITHUB_REPOSITORY" + } ] } } diff --git a/__tests__/.fixtures/bake-03.hcl b/__tests__/.fixtures/bake-03.hcl index 260da752..4e322c2a 100644 --- a/__tests__/.fixtures/bake-03.hcl +++ b/__tests__/.fixtures/bake-03.hcl @@ -29,4 +29,9 @@ target "default" { "./release-out", "type=registry,ref=user/app" ] + secret = [ + "id=GITHUB_TOKEN,env=GITHUB_TOKEN", + "id=aws,src=__tests__/.fixtures/secret.txt", + "id=GITHUB_REPOSITORY" + ] } diff --git a/__tests__/buildx/bake.test.ts b/__tests__/buildx/bake.test.ts index 022b6346..873231a7 100644 --- a/__tests__/buildx/bake.test.ts +++ b/__tests__/buildx/bake.test.ts @@ -444,3 +444,44 @@ describe('hasDockerExporter', () => { expect(Bake.hasDockerExporter(def, load)).toEqual(expected); }); }); + +describe('hasGitAuthTokenSecret', () => { + // prettier-ignore + test.each([ + [ + { + "target": { + "reg": { + "secret": [ + { + "id": "A_SECRET", + "env": "A_SECRET" + } + ] + }, + } + } as unknown as BakeDefinition, + false + ], + [ + { + "target": { + "reg": { + "secret": [ + { + "id": "A_SECRET", + "env": "A_SECRET" + }, + { + "id": "GIT_AUTH_TOKEN" + } + ] + }, + } + } as unknown as BakeDefinition, + true + ], + ])('given %o returns %p', async (def: BakeDefinition, expected: boolean) => { + expect(Bake.hasGitAuthTokenSecret(def)).toEqual(expected); + }); +}); diff --git a/src/buildx/bake.ts b/src/buildx/bake.ts index 7a5efdd2..ebb67e0c 100644 --- a/src/buildx/bake.ts +++ b/src/buildx/bake.ts @@ -348,6 +348,7 @@ export class Bake { secretEntry.src = value; break; case 'env': + secretEntry.env = value; break; } } @@ -406,4 +407,18 @@ export class Bake { } return exporters; } + + public static hasGitAuthTokenSecret(def: BakeDefinition): boolean { + for (const key in def.target) { + const target = def.target[key]; + if (target.secret) { + for (const secret of target.secret) { + if (Bake.parseSecretEntry(secret).id === 'GIT_AUTH_TOKEN') { + return true; + } + } + } + } + return false; + } }