bake: hasGitAuthTokenSecret func

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-01-10 09:14:36 +01:00
parent e36200f754
commit 73473a8d30
4 changed files with 74 additions and 0 deletions
--- a/tests/.fixtures/bake-03-default.json
+++ b/tests/.fixtures/bake-03-default.json
@@ -42,6 +42,19 @@
          "ref": "user/app",
          "type": "registry"
        }
+      ],
+      "secret": [
+        {
+          "env": "GITHUB_TOKEN",
+          "id": "GITHUB_TOKEN"
+        },
+        {
+          "id": "aws",
+          "src": "__tests__/.fixtures/secret.txt"
+        },
+        {
+          "id": "GITHUB_REPOSITORY"
+        }
      ]
    }
  }
--- a/tests/.fixtures/bake-03.hcl
+++ b/tests/.fixtures/bake-03.hcl
@@ -29,4 +29,9 @@ target "default" {
    "./release-out",
    "type=registry,ref=user/app"
  ]
+  secret = [
+    "id=GITHUB_TOKEN,env=GITHUB_TOKEN",
+    "id=aws,src=__tests__/.fixtures/secret.txt",
+    "id=GITHUB_REPOSITORY"
+  ]
 }
--- a/tests/buildx/bake.test.ts
+++ b/tests/buildx/bake.test.ts
@@ -444,3 +444,44 @@ describe('hasDockerExporter', () => {
    expect(Bake.hasDockerExporter(def, load)).toEqual(expected);
  });
 });
+
+describe('hasGitAuthTokenSecret', () => {
+  // prettier-ignore
+  test.each([
+    [
+      {
+        "target": {
+          "reg": {
+            "secret": [
+              {
+                "id": "A_SECRET",
+                "env": "A_SECRET"
+              }
+            ]
+          },
+        }
+      } as unknown as BakeDefinition,
+      false
+    ],
+    [
+      {
+        "target": {
+          "reg": {
+            "secret": [
+              {
+                "id": "A_SECRET",
+                "env": "A_SECRET"
+              },
+              {
+                "id": "GIT_AUTH_TOKEN"
+              }
+            ]
+          },
+        }
+      } as unknown as BakeDefinition,
+      true
+    ],
+  ])('given %o returns %p', async (def: BakeDefinition, expected: boolean) => {
+    expect(Bake.hasGitAuthTokenSecret(def)).toEqual(expected);
+  });
+});
--- a/src/buildx/bake.ts
+++ b/src/buildx/bake.ts
@@ -348,6 +348,7 @@ export class Bake {
          secretEntry.src = value;
          break;
        case 'env':
+          secretEntry.env = value;
          break;
      }
    }
@@ -406,4 +407,18 @@ export class Bake {
    }
    return exporters;
  }
+
+  public static hasGitAuthTokenSecret(def: BakeDefinition): boolean {
+    for (const key in def.target) {
+      const target = def.target[key];
+      if (target.secret) {
+        for (const secret of target.secret) {
+          if (Bake.parseSecretEntry(secret).id === 'GIT_AUTH_TOKEN') {
+            return true;
+          }
+        }
+      }
+    }
+    return false;
+  }
 }