containers/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2026-02-05 06:45:31 +01:00
Code Issues Releases Wiki Activity

Merge pull request #27602 from ZuhairM7/fix-remote-build-secrets

Browse Source 
bindings: fix handling of env secrets in remote builds
This commit is contained in:
openshift-merge-bot[bot]
2025-12-04 13:15:24 +00:00
committed by GitHub
parent 32be5c3f42 fdbb696731
commit 0bd2b4b358
2 changed files with 26 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
pkg/bindings/images/build.go
View File

@@ -626,7 +626,8 @@ func prepareSecrets(secrets []string, contextDir string, tempManager *remote_bui
for _, token := range secretOpt {
opt, val, hasVal := strings.Cut(token, "=")
if hasVal {
if opt == "src" {
switch opt {
case "src":
// read specified secret into a tmp file
// move tmp file to tar and change secret source to relative tmp file
tmpSecretFilePath, err := tempManager.CreateTempSecret(val, contextDir)
@@ -639,7 +640,21 @@ func prepareSecrets(secrets []string, contextDir string, tempManager *remote_bui
modifiedSrc := fmt.Sprintf("src=%s", filepath.Base(tmpSecretFilePath))
modifiedOpt = append(modifiedOpt, modifiedSrc)
} else {
case "env":
// read specified env into a tmp file
// move tmp file to tar and change secret source to relative tmp file
secretVal := os.Getenv(val)
tmpSecretFilePath, err := tempManager.CreateTempFileFromReader(contextDir, "podman-build-secret-*", strings.NewReader(secretVal))
if err != nil {
return nil, nil, err
}
// add tmp file to context dir
tarContent = append(tarContent, tmpSecretFilePath)
modifiedSrc := fmt.Sprintf("src=%s", filepath.Base(tmpSecretFilePath))
modifiedOpt = append(modifiedOpt, modifiedSrc)
default:
modifiedOpt = append(modifiedOpt, token)
}
}

9
test/e2e/build_test.go
View File

@@ -99,6 +99,15 @@ var _ = Describe("Podman build", func() {
Expect(session).Should(ExitCleanly())
})
It("podman build with a secret from env", func() {
os.Setenv("MYSECRET", "somesecret")
defer os.Unsetenv("MYSECRET")
session := podmanTest.PodmanExitCleanly("build", "-f", "build/Containerfile.with-secret", "-t", "secret-test", "--secret", "id=mysecret,env=MYSECRET", "build/")
Expect(session.OutputToString()).To(ContainSubstring("somesecret"))
podmanTest.PodmanExitCleanly("rmi", "secret-test")
})
It("podman build with multiple secrets from files", func() {
session := podmanTest.Podman([]string{"build", "-f", "build/Containerfile.with-multiple-secret", "-t", "multiple-secret-test", "--secret", "id=mysecret,src=build/secret.txt", "--secret", "id=mysecret2,src=build/anothersecret.txt", "build/"})
session.WaitWithDefaultTimeout()