Conversation
|
I haven't done much Swift before, so watch out for any stupid mistakes I may have made. One design caveat: I passed secrets by copying the build-args code, because they're functionally the same. But, systems are supposed to take care that the secret values aren't logged or stored anywhere, so HTTP headers are a much riskier way to send them than transporting them separately in a new BuildTransfer. I nevertheless used the headers to send the secrets because 1. it seemed easier 2. I didn't notice anything that would log or record these headers 3. it looked like the headers and BuildTransfers alike are just data sent through gRPC, so, not much practical difference right now. |
percontation
force-pushed
the
secrets
branch
2 times, most recently
from
09b5a6b to
4d849b2
Compare
|
Hi @percontation, could you resolve conflicts one last time? and we can merge it! |
docker-compatible `container build --secret id=key,...` for Dockerfile `RUN --mount=type=secret`
3 participants
docker-compatible
--secret id=key,...arg forcontainer build, that works with Dockerfiles withRUN --mount=type=secretRequires apple/container-builder-shim#69
Type of Change
Motivation and Context
Adds support for Dockerfiles that use build secrets (e.g.
RUN --mount=type=secret ...)Testing