diff --git a/pkg/compose/build.go b/pkg/compose/build.go index 689a6cd84..ab5819102 100644 --- a/pkg/compose/build.go +++ b/pkg/compose/build.go @@ -256,23 +256,11 @@ func (s *composeService) toBuildOptions(project *types.Project, service types.Se } if len(service.Build.Secrets) > 0 { - var sources []secretsprovider.Source - for _, secret := range service.Build.Secrets { - config := project.Secrets[secret.Source] - if config.File == "" { - return build.Options{}, fmt.Errorf("build.secrets only supports file-based secrets: %q", secret.Source) - } - sources = append(sources, secretsprovider.Source{ - ID: secret.Source, - FilePath: config.File, - }) - } - store, err := secretsprovider.NewStore(sources) + secretsProvider, err := addSecretsConfig(project, service, sessionConfig) if err != nil { return build.Options{}, err } - p := secretsprovider.NewSecretProvider(store) - sessionConfig = append(sessionConfig, p) + sessionConfig = append(sessionConfig, secretsProvider) } if len(service.Build.Tags) > 0 { @@ -341,3 +329,30 @@ func sshAgentProvider(sshKeys types.SSHConfig) (session.Attachable, error) { } return sshprovider.NewSSHAgentProvider(sshConfig) } + +func addSecretsConfig(project *types.Project, service types.ServiceConfig, sessionConfig []session.Attachable) (session.Attachable, error) { + + var sources []secretsprovider.Source + for _, secret := range service.Build.Secrets { + config := project.Secrets[secret.Source] + switch { + case config.File != "": + sources = append(sources, secretsprovider.Source{ + ID: secret.Source, + FilePath: config.File, + }) + case config.Environment != "": + sources = append(sources, secretsprovider.Source{ + ID: secret.Source, + Env: config.Environment, + }) + default: + return nil, fmt.Errorf("build.secrets only supports environment or file-based secrets: %q", secret.Source) + } + } + store, err := secretsprovider.NewStore(sources) + if err != nil { + return nil, err + } + return secretsprovider.NewSecretProvider(store), nil +} diff --git a/pkg/e2e/build_test.go b/pkg/e2e/build_test.go index c7ea531bd..154a7e3e1 100644 --- a/pkg/e2e/build_test.go +++ b/pkg/e2e/build_test.go @@ -176,7 +176,12 @@ func TestBuildSecrets(t *testing.T) { // ensure local test run does not reuse previously build image c.RunDockerOrExitError(t, "rmi", "build-test-secret") - res := c.RunDockerComposeCmd(t, "--project-directory", "fixtures/build-test/secrets", "build") + cmd := c.NewDockerComposeCmd(t, "--project-directory", "fixtures/build-test/secrets", "build") + + res := icmd.RunCmd(cmd, func(cmd *icmd.Cmd) { + cmd.Env = append(cmd.Env, "SOME_SECRET=bar") + }) + res.Assert(t, icmd.Success) }) } diff --git a/pkg/e2e/fixtures/build-test/secrets/Dockerfile b/pkg/e2e/fixtures/build-test/secrets/Dockerfile index ff47d7bad..a9bc1d7c0 100644 --- a/pkg/e2e/fixtures/build-test/secrets/Dockerfile +++ b/pkg/e2e/fixtures/build-test/secrets/Dockerfile @@ -20,3 +20,7 @@ FROM alpine RUN echo "foo" > /tmp/expected RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret > /tmp/actual RUN diff /tmp/expected /tmp/actual + +RUN echo "bar" > /tmp/expected +RUN --mount=type=secret,id=envsecret cat /run/secrets/envsecret > tmp/actual +RUN diff --ignore-all-space /tmp/expected /tmp/actual diff --git a/pkg/e2e/fixtures/build-test/secrets/compose.yml b/pkg/e2e/fixtures/build-test/secrets/compose.yml index 1bb96d31a..bcdd8ae97 100644 --- a/pkg/e2e/fixtures/build-test/secrets/compose.yml +++ b/pkg/e2e/fixtures/build-test/secrets/compose.yml @@ -5,7 +5,10 @@ services: context: . secrets: - mysecret + - envsecret secrets: mysecret: file: ./secret.txt + envsecret: + environment: SOME_SECRET