feat:(build/docker): support env as secret source #6632

ahmetb · 2021-09-23T16:33:18Z

Description

Used in buildkit mode, allow users to specify docker secrets provided via env
vars to Skaffold (and hence docker/buildkit) in addition to file sources
("src").

I am setting "src" and "env" as mutually exclusive here in skaffold, however
docker currently does not enforce this (but "env" takes precedence regardless
of the order if both specified).

If we receive issues about this, we can relax
it in a backwards-compatible way.

User facing changes (remove if N/A)

A backwards-compatible new field introduced in the schema (DockerSecret.env)
mutually exclusive with DockerSecret.src.

codecov · 2021-09-23T16:56:17Z

Codecov Report

Merging #6632 (296610d) into main (290280e) will decrease coverage by 0.47%.
The diff coverage is 74.60%.

@@            Coverage Diff             @@
##             main    #6632      +/-   ##
==========================================
- Coverage   70.48%   70.00%   -0.48%     
==========================================
  Files         515      522       +7     
  Lines       23150    23705     +555     
==========================================
+ Hits        16317    16595     +278     
- Misses       5776     6025     +249     
- Partials     1057     1085      +28

Impacted Files	Coverage Δ
cmd/skaffold/app/cmd/flags.go	`89.00% <0.00%> (-1.82%)`	⬇️
cmd/skaffold/skaffold.go	`0.00% <ø> (ø)`
pkg/diag/recommender/container_errors.go	`0.00% <0.00%> (ø)`
pkg/diag/validator/pod.go	`1.32% <0.00%> (ø)`
pkg/skaffold/build/buildpacks/logger.go	`0.00% <ø> (ø)`
pkg/skaffold/build/cluster/logs.go	`0.00% <ø> (-16.67%)`	⬇️
pkg/skaffold/build/jib/errors.go	`48.93% <50.00%> (ø)`
cmd/skaffold/app/cmd/cmd.go	`70.32% <66.66%> (-0.73%)`	⬇️
pkg/diag/validator/resource.go	`47.05% <66.66%> (ø)`
pkg/skaffold/build/docker/docker.go	`86.44% <66.66%> (-2.85%)`	⬇️
... and 77 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cb9037a...296610d. Read the comment docs.

Used in buildkit mode, allow users to specify secrets provided via env vars to Skaffold (and hence docker/buildkit) in addition to file sources ("src"). I am setting "src" and "env" as mutually exclusive here in skaffold, however docker currently does not enforce this (but "env" takes precedence regardless of the order if both specified). If we receive issues about this, we can relax it in a backwards-compatible way. Signed-off-by: Ahmet Alp Balkan <[email protected]>

ahmetb requested a review from a team as a code owner September 23, 2021 16:33

ahmetb requested a review from tejal29 September 23, 2021 16:33

pull-request-size bot added the size/S label Sep 23, 2021

google-cla bot added the cla: yes label Sep 23, 2021

ahmetb changed the title ~~build/docker: support env as secret source~~ feat:(build/docker): support env as secret source Sep 23, 2021

tejal29 approved these changes Sep 24, 2021

View reviewed changes

tejal29 merged commit 151b8d3 into GoogleContainerTools:main Sep 24, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat:(build/docker): support env as secret source #6632

feat:(build/docker): support env as secret source #6632

ahmetb commented Sep 23, 2021

codecov bot commented Sep 23, 2021 •

edited

Loading

feat:(build/docker): support env as secret source #6632

feat:(build/docker): support env as secret source #6632

Conversation

ahmetb commented Sep 23, 2021

codecov bot commented Sep 23, 2021 • edited Loading

Codecov Report

codecov bot commented Sep 23, 2021 •

edited

Loading