docker/actions-toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

buildx(build): handle domain when checking git auth token secret

Browse Source 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax
2026-02-09 17:03:08 +01:00
parent 57aacc319c
commit c790a5b549
2 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
__tests__/buildx/build.test.ts
View File

@@ -348,10 +348,11 @@ describe('resolveAttestationAttrs', () => {
describe('hasGitAuthTokenSecret', () => {
// prettier-ignore
test.each([
[['A_SECRET=abcdef0123456789'], false],
[['GIT_AUTH_TOKEN=abcdefghijklmno=0123456789'], true],
])('given %p secret', async (kvp: Array<string>, expected: boolean) => {
expect(Build.hasGitAuthTokenSecret(kvp)).toBe(expected);
[['A_SECRET=abcdef0123456789'], undefined, false],
[['GIT_AUTH_TOKEN=abcdefghijklmno=0123456789'], undefined, true],
[['GIT_AUTH_TOKEN.github.com=abcdefghijklmno=0123456789'], 'github.com', true],
])('given %p secret', async (kvp: Array<string>, domain: string | undefined, expected: boolean) => {
expect(Build.hasGitAuthTokenSecret(kvp, domain)).toBe(expected);
});
});

6
src/buildx/build.ts
View File

@@ -310,9 +310,11 @@ export class Build {
return res.join(',');
}
public static hasGitAuthTokenSecret(secrets: string[]): boolean {
public static hasGitAuthTokenSecret(secrets: string[], domain?: string): boolean {
for (const secret of secrets) {
if (secret.startsWith('GIT_AUTH_TOKEN=')) {
if (domain && secret.startsWith(`GIT_AUTH_TOKEN.${domain}=`)) {
return true;
} else if (secret.startsWith('GIT_AUTH_TOKEN=')) {
return true;
}
}