Skip to content

Commit eae00c3

Browse files
tonistiigitonistiigi
authored
Merge pull request #233 from crazy-max/secret-multiline
Handle multi-line secret value
2 parents 9c13ff4 + 1471dfb commit eae00c3

File tree

7 files changed

+410
-40
lines changed

7 files changed

+410
-40
lines changed

.github/workflows/ci.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -121,6 +121,14 @@ jobs:
121121
localhost:5000/name/app:1.0.0
122122
secrets: |
123123
GIT_AUTH_TOKEN=${{ github.token }}
124+
"MYSECRET=aaaaaaaa
125+
bbbbbbb
126+
ccccccccc"
127+
FOO=bar
128+
"EMPTYLINE=aaaa
129+
130+
bbbb
131+
ccc"
124132
-
125133
name: Inspect
126134
run: |

README.md

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,8 @@ ___
4444
* [Customizing](#customizing)
4545
* [inputs](#inputs)
4646
* [outputs](#outputs)
47+
* [Notes](#notes)
48+
* [Multi-line secret value](#multi-line-secret-value)
4749
* [Troubleshooting](#troubleshooting)
4850
* [Keep up-to-date with GitHub Dependabot](#keep-up-to-date-with-github-dependabot)
4951
* [Limitation](#limitation)
@@ -631,6 +633,36 @@ Following outputs are available
631633
|---------------|---------|---------------------------------------|
632634
| `digest` | String | Image content-addressable identifier also called a digest |
633635

636+
## Notes
637+
638+
### Multi-line secret value
639+
640+
To handle multi-line value for a secret, you will need to place the key-value pair between quotes:
641+
642+
```yaml
643+
secrets: |
644+
"MYSECRET=${{ secrets.GPG_KEY }}"
645+
GIT_AUTH_TOKEN=abcdefghi,jklmno=0123456789
646+
"MYSECRET=aaaaaaaa
647+
bbbbbbb
648+
ccccccccc"
649+
FOO=bar
650+
"EMPTYLINE=aaaa
651+
652+
bbbb
653+
ccc"
654+
```
655+
656+
| Key | Value |
657+
|--------------------|--------------------------------------------------|
658+
| `MYSECRET` | `***********************` |
659+
| `GIT_AUTH_TOKEN` | `abcdefghi,jklmno=0123456789` |
660+
| `MYSECRET` | `aaaaaaaa\nbbbbbbb\nccccccccc` |
661+
| `FOO` | `bar` |
662+
| `EMPTYLINE` | `aaaa\n\nbbbb\nccc` |
663+
664+
> Note: all quote signs need to be doubled for escaping.
665+
634666
## Troubleshooting
635667

636668
See [TROUBLESHOOTING.md](TROUBLESHOOTING.md)

__tests__/buildx.test.ts

Lines changed: 20 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,10 @@
11
import * as fs from 'fs';
22
import * as path from 'path';
33
import * as semver from 'semver';
4+
45
import * as buildx from '../src/buildx';
5-
import * as docker from '../src/docker';
66
import * as context from '../src/context';
7+
import * as docker from '../src/docker';
78

89
const tmpNameSync = path.join('/tmp/.docker-build-push-jest', '.tmpname-jest').split(path.sep).join(path.posix.sep);
910
const digest = 'sha256:bfb45ab72e46908183546477a08f8867fc40cebadd00af54b071b097aed127a9';
@@ -118,15 +119,23 @@ describe('parseVersion', () => {
118119

119120
describe('getSecret', () => {
120121
test.each([
121-
['A_SECRET', 'abcdef0123456789'],
122-
['GIT_AUTH_TOKEN', 'abcdefghijklmno=0123456789'],
123-
['MY_KEY', 'c3RyaW5nLXdpdGgtZXF1YWxzCg==']
124-
])('given %p key and %p secret', async (key, secret) => {
125-
const secretArgs = await buildx.getSecret(`${key}=${secret}`);
126-
console.log(`secretArgs: ${secretArgs}`);
127-
expect(secretArgs).toEqual(`id=${key},src=${tmpNameSync}`);
128-
const secretContent = await fs.readFileSync(tmpNameSync, 'utf-8');
129-
console.log(`secretValue: ${secretContent}`);
130-
expect(secretContent).toEqual(secret);
122+
['A_SECRET=abcdef0123456789', 'A_SECRET', 'abcdef0123456789', false],
123+
['GIT_AUTH_TOKEN=abcdefghijklmno=0123456789', 'GIT_AUTH_TOKEN', 'abcdefghijklmno=0123456789', false],
124+
['MY_KEY=c3RyaW5nLXdpdGgtZXF1YWxzCg==', 'MY_KEY', 'c3RyaW5nLXdpdGgtZXF1YWxzCg==', false],
125+
['aaaaaaaa', '', '', true],
126+
['aaaaaaaa=', '', '', true],
127+
['=bbbbbbb', '', '', true]
128+
])('given %p key and %p secret', async (kvp, key, secret, invalid) => {
129+
try {
130+
const secretArgs = await buildx.getSecret(kvp);
131+
expect(true).toBe(!invalid);
132+
console.log(`secretArgs: ${secretArgs}`);
133+
expect(secretArgs).toEqual(`id=${key},src=${tmpNameSync}`);
134+
const secretContent = await fs.readFileSync(tmpNameSync, 'utf-8');
135+
console.log(`secretValue: ${secretContent}`);
136+
expect(secretContent).toEqual(secret);
137+
} catch (err) {
138+
expect(true).toBe(invalid);
139+
}
131140
});
132141
});

0 commit comments

Comments
 (0)