From 73473a8d3029ef44cd06aef2bb39326839b31446 Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Fri, 10 Jan 2025 09:14:36 +0100 Subject: [PATCH] bake: hasGitAuthTokenSecret func Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- __tests__/.fixtures/bake-03-default.json | 13 ++++++++ __tests__/.fixtures/bake-03.hcl | 5 +++ __tests__/buildx/bake.test.ts | 41 ++++++++++++++++++++++++ src/buildx/bake.ts | 15 +++++++++ 4 files changed, 74 insertions(+) diff --git a/__tests__/.fixtures/bake-03-default.json b/__tests__/.fixtures/bake-03-default.json index b251fa7..89ddf04 100644 --- a/__tests__/.fixtures/bake-03-default.json +++ b/__tests__/.fixtures/bake-03-default.json @@ -42,6 +42,19 @@ "ref": "user/app", "type": "registry" } + ], + "secret": [ + { + "env": "GITHUB_TOKEN", + "id": "GITHUB_TOKEN" + }, + { + "id": "aws", + "src": "__tests__/.fixtures/secret.txt" + }, + { + "id": "GITHUB_REPOSITORY" + } ] } } diff --git a/__tests__/.fixtures/bake-03.hcl b/__tests__/.fixtures/bake-03.hcl index 260da75..4e322c2 100644 --- a/__tests__/.fixtures/bake-03.hcl +++ b/__tests__/.fixtures/bake-03.hcl @@ -29,4 +29,9 @@ target "default" { "./release-out", "type=registry,ref=user/app" ] + secret = [ + "id=GITHUB_TOKEN,env=GITHUB_TOKEN", + "id=aws,src=__tests__/.fixtures/secret.txt", + "id=GITHUB_REPOSITORY" + ] } diff --git a/__tests__/buildx/bake.test.ts b/__tests__/buildx/bake.test.ts index 022b634..873231a 100644 --- a/__tests__/buildx/bake.test.ts +++ b/__tests__/buildx/bake.test.ts @@ -444,3 +444,44 @@ describe('hasDockerExporter', () => { expect(Bake.hasDockerExporter(def, load)).toEqual(expected); }); }); + +describe('hasGitAuthTokenSecret', () => { + // prettier-ignore + test.each([ + [ + { + "target": { + "reg": { + "secret": [ + { + "id": "A_SECRET", + "env": "A_SECRET" + } + ] + }, + } + } as unknown as BakeDefinition, + false + ], + [ + { + "target": { + "reg": { + "secret": [ + { + "id": "A_SECRET", + "env": "A_SECRET" + }, + { + "id": "GIT_AUTH_TOKEN" + } + ] + }, + } + } as unknown as BakeDefinition, + true + ], + ])('given %o returns %p', async (def: BakeDefinition, expected: boolean) => { + expect(Bake.hasGitAuthTokenSecret(def)).toEqual(expected); + }); +}); diff --git a/src/buildx/bake.ts b/src/buildx/bake.ts index 7a5efdd..ebb67e0 100644 --- a/src/buildx/bake.ts +++ b/src/buildx/bake.ts @@ -348,6 +348,7 @@ export class Bake { secretEntry.src = value; break; case 'env': + secretEntry.env = value; break; } } @@ -406,4 +407,18 @@ export class Bake { } return exporters; } + + public static hasGitAuthTokenSecret(def: BakeDefinition): boolean { + for (const key in def.target) { + const target = def.target[key]; + if (target.secret) { + for (const secret of target.secret) { + if (Bake.parseSecretEntry(secret).id === 'GIT_AUTH_TOKEN') { + return true; + } + } + } + } + return false; + } }