mirror of
https://github.com/docker/build-push-action.git
synced 2024-11-26 20:59:04 +00:00
ci: secret job to check for invalid secrets
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
parent
871b930e7a
commit
47c00d78bf
23
.github/workflows/ci.yml
vendored
23
.github/workflows/ci.yml
vendored
@ -302,6 +302,29 @@ jobs:
|
||||
run: |
|
||||
docker image inspect myimage:latest
|
||||
|
||||
secret:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
with:
|
||||
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
|
||||
driver-opts: |
|
||||
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
|
||||
-
|
||||
name: Build
|
||||
uses: ./
|
||||
with:
|
||||
context: .
|
||||
file: ./test/secret.Dockerfile
|
||||
secrets: |
|
||||
MYSECRET=foo
|
||||
INVALID_SECRET=
|
||||
|
||||
network:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
@ -137,8 +137,7 @@ describe('getSecret', () => {
|
||||
}
|
||||
expect(true).toBe(!invalid);
|
||||
expect(secret).toEqual(`id=${exKey},src=${tmpNameSync}`);
|
||||
const secretValue = await fs.readFileSync(tmpNameSync, 'utf-8');
|
||||
expect(secretValue).toEqual(exValue);
|
||||
expect(fs.readFileSync(tmpNameSync, 'utf-8')).toEqual(exValue);
|
||||
} catch (err) {
|
||||
// eslint-disable-next-line jest/no-conditional-expect
|
||||
expect(true).toBe(invalid);
|
||||
|
4
test/secret.Dockerfile
Normal file
4
test/secret.Dockerfile
Normal file
@ -0,0 +1,4 @@
|
||||
# syntax=docker/dockerfile:1
|
||||
FROM busybox
|
||||
RUN --mount=type=secret,id=MYSECRET \
|
||||
echo "MYSECRET=$(cat /run/secrets/MYSECRET)"
|
Loading…
Reference in New Issue
Block a user