docker/bake-action
0
0
Fork 0
mirror of https://github.com/docker/bake-action.git synced 2026-01-22 12:22:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

git auth token support for private repos

Browse Source 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax
2024-04-13 15:20:19 +02:00
parent b6cc37d5b9
commit 908c98f276
4 changed files with 53 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
README.md
View File

@@ -117,6 +117,26 @@ to the default Git context:
push: true push: true
``` ```
Building from the current repository automatically uses the `GITHUB_TOKEN`
secret that GitHub [automatically creates for workflows](https://docs.github.com/en/actions/security-guides/automatic-token-authentication),
so you don't need to pass that manually. If you want to authenticate against
another private repository for remote definitions, you can set the
[`BUILDX_BAKE_GIT_AUTH_TOKEN` environment variable](https://docs.docker.com/build/building/variables/#buildx_bake_git_auth_token).
> [!NOTE]
> Supported since Buildx 0.14.0
```yaml
-
name: Build and push
uses: docker/bake-action@v4
with:
source: "${{ github.server_url }}/${{ github.repository }}.git#${{ github.ref }}"
push: true
env:
BUILDX_BAKE_GIT_AUTH_TOKEN: ${{ secrets.MYTOKEN }}
```
## Customizing ## Customizing
### inputs ### inputs
@@ -138,20 +158,21 @@ The following inputs can be used as `step.with` keys
> targets: default,release > targets: default,release
> ``` > ```
| Name | Type | Description | | Name | Type | Description |
|--------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------| |----------------|-------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `builder` | String | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) | | `builder` | String | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) |
| `source` | String | Context to build from. Can be either local (`.`) or a [remote bake definition](https://docs.docker.com/build/customize/bake/file-definition/#remote-definition) | | `source` | String | Context to build from. Can be either local (`.`) or a [remote bake definition](https://docs.docker.com/build/customize/bake/file-definition/#remote-definition) |
| `files` | List/CSV | List of [bake definition files](https://docs.docker.com/build/customize/bake/file-definition/) | | `files` | List/CSV | List of [bake definition files](https://docs.docker.com/build/customize/bake/file-definition/) |
| `workdir` | String | Working directory of execution | | `workdir` | String | Working directory of execution |
| `targets` | List/CSV | List of bake targets (`default` target used if empty) | | `targets` | List/CSV | List of bake targets (`default` target used if empty) |
| `no-cache` | Bool | Do not use cache when building the image (default `false`) | | `no-cache` | Bool | Do not use cache when building the image (default `false`) |
| `pull` | Bool | Always attempt to pull a newer version of the image (default `false`) | | `pull` | Bool | Always attempt to pull a newer version of the image (default `false`) |
| `load` | Bool | Load is a shorthand for `--set=*.output=type=docker` (default `false`) | | `load` | Bool | Load is a shorthand for `--set=*.output=type=docker` (default `false`) |
| `provenance` | Bool/String | [Provenance](https://docs.docker.com/build/attestations/slsa-provenance/) is a shorthand for `--set=*.attest=type=provenance` | | `provenance` | Bool/String | [Provenance](https://docs.docker.com/build/attestations/slsa-provenance/) is a shorthand for `--set=*.attest=type=provenance` |
| `push` | Bool | Push is a shorthand for `--set=*.output=type=registry` (default `false`) | | `push` | Bool | Push is a shorthand for `--set=*.output=type=registry` (default `false`) |
| `sbom` | Bool/String | [SBOM](https://docs.docker.com/build/attestations/sbom/) is a shorthand for `--set=*.attest=type=sbom` | | `sbom` | Bool/String | [SBOM](https://docs.docker.com/build/attestations/sbom/) is a shorthand for `--set=*.attest=type=sbom` |
| `set` | List | List of [targets values to override](https://docs.docker.com/engine/reference/commandline/buildx_bake/#set) (eg: `targetpattern.key=value`) | | `set` | List | List of [targets values to override](https://docs.docker.com/engine/reference/commandline/buildx_bake/#set) (eg: `targetpattern.key=value`) |
| `github-token` | String | API token used to authenticate to a Git repository for [remote definitions](https://docs.docker.com/build/bake/remote-definition/) (default `${{ github.token }}`) |
### outputs ### outputs

4
action.yml
View File

@@ -48,6 +48,10 @@ inputs:
set: set:
description: "List of targets values to override (eg. targetpattern.key=value)" description: "List of targets values to override (eg. targetpattern.key=value)"
required: false required: false
github-token:
description: "API token used to authenticate to a Git repository for remote definitions"
default: ${{ github.token }}
required: false
outputs: outputs:
metadata: metadata:

4
src/context.ts
View File

@@ -21,6 +21,7 @@ export interface Inputs {
sbom: string; sbom: string;
set: string[]; set: string[];
source: string; source: string;
githubToken: string;
} }
export async function getInputs(): Promise<Inputs> { export async function getInputs(): Promise<Inputs> {
@@ -36,7 +37,8 @@ export async function getInputs(): Promise<Inputs> {
push: core.getBooleanInput('push'), push: core.getBooleanInput('push'),
sbom: core.getInput('sbom'), sbom: core.getInput('sbom'),
set: Util.getInputList('set', {ignoreComma: true, quote: false}), set: Util.getInputList('set', {ignoreComma: true, quote: false}),
source: getSourceInput('source') source: getSourceInput('source'),
githubToken: core.getInput('github-token')
}; };
} }

13
src/main.ts
View File

@@ -19,6 +19,7 @@ actionsToolkit.run(
async () => { async () => {
const inputs: context.Inputs = await context.getInputs(); const inputs: context.Inputs = await context.getInputs();
const toolkit = new Toolkit(); const toolkit = new Toolkit();
const gitAuthToken = process.env.BUILDX_BAKE_GIT_AUTH_TOKEN ?? inputs.githubToken;
await core.group(`GitHub Actions runtime token ACs`, async () => { await core.group(`GitHub Actions runtime token ACs`, async () => {
try { try {
@@ -85,7 +86,8 @@ actionsToolkit.run(
push: inputs.push, push: inputs.push,
sbom: inputs.sbom, sbom: inputs.sbom,
source: inputs.source, source: inputs.source,
targets: inputs.targets targets: inputs.targets,
githubToken: gitAuthToken
}, },
{ {
cwd: inputs.workdir cwd: inputs.workdir
@@ -98,15 +100,22 @@ actionsToolkit.run(
const args: string[] = await context.getArgs(inputs, definition, toolkit); const args: string[] = await context.getArgs(inputs, definition, toolkit);
const buildCmd = await toolkit.buildx.getCommand(args); const buildCmd = await toolkit.buildx.getCommand(args);
const buildEnv = Object.assign({}, process.env, {
BUILDX_BAKE_GIT_AUTH_TOKEN: gitAuthToken
}) as {
[key: string]: string;
};
await core.group(`Bake definition`, async () => { await core.group(`Bake definition`, async () => {
await Exec.exec(buildCmd.command, [...buildCmd.args, '--print'], { await Exec.exec(buildCmd.command, [...buildCmd.args, '--print'], {
cwd: inputs.workdir cwd: inputs.workdir,
env: buildEnv
}); });
}); });
await Exec.getExecOutput(buildCmd.command, buildCmd.args, { await Exec.getExecOutput(buildCmd.command, buildCmd.args, {
cwd: inputs.workdir, cwd: inputs.workdir,
env: buildEnv,
ignoreReturnCode: true ignoreReturnCode: true
}).then(res => { }).then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) { if (res.stderr.length > 0 && res.exitCode != 0) {