From e37b31d28c1ea1cf3e45e66eaf97087357ca79cf Mon Sep 17 00:00:00 2001
From: Ned Bingham <talon4196@gmail.com>
Date: Sun, 18 Sep 2022 15:28:51 -0400
Subject: [PATCH] fixing handling of secrets

---
 .drone.yml |  6 +++++-
 .gitignore |  1 +
 Dockerfile | 11 ++++++-----
 3 files changed, 12 insertions(+), 6 deletions(-)
 create mode 100644 .gitignore

diff --git a/.drone.yml b/.drone.yml
index 491a538..f447e11 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -6,4 +6,8 @@ steps:
 - name: build
   image: docker:latest
   commands:
-  - docker build . --build-arg USER=$USER --build-arg TOKEN=$TOKEN
+	- mkdir .secret
+	- echo "$USER" > .secret/user
+	- echo "$TOKEN" > .secret/token
+  - DOCKER_BUILDKIT=1 docker build . --secret id=user,src=.secret/user --secret id=token,src=.secret/token
+	- rm -rf .secret
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..c1b4f81
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.secret
diff --git a/Dockerfile b/Dockerfile
index 35a9ca4..2970c71 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,6 @@
-from ubuntu:latest
+# syntax = docker/dockerfile:1.0-experimental
+
+FROM ubuntu:latest
 
 RUN apt-get update
 
@@ -71,10 +73,9 @@ RUN make
 RUN cp prdbase prspice /opt/cad/bin
 
 # install ACT-06
-ARG USER
-ARG TOKEN
-
+RUN apt-get install -y libedit-dev zlib1g-dev m4 git gcc g++ make
 WORKDIR /toolsrc
-RUN git clone https://$USER:$TOKEN@git.broccolimicro.io/Broccoli/act-06.git
+RUN --mount=type=secret,id=user --mount=type=secret,id=token git clone https://$(cat /run/secrets/user):$(cat /run/secrets/token)@git.broccolimicro.io/Broccoli/act-06.git
 WORKDIR act-06
 RUN make
+