fixing handling of secrets

2022-09-18 15:28:51 -04:00 · 2022-09-18 15:28:51 -04:00 · e37b31d28c
commit e37b31d28c
parent 52275b09a7
3 changed files with 12 additions and 6 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -6,4 +6,8 @@ steps:
 - name: build
  image: docker:latest
  commands:
-  - docker build . --build-arg USER=$USER --build-arg TOKEN=$TOKEN
+	- mkdir .secret
+	- echo "$USER" > .secret/user
+	- echo "$TOKEN" > .secret/token
+  - DOCKER_BUILDKIT=1 docker build . --secret id=user,src=.secret/user --secret id=token,src=.secret/token
+	- rm -rf .secret
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.secret
--- a/11
+++ b/11
@ -1,4 +1,6 @@
-from ubuntu:latest
+# syntax = docker/dockerfile:1.0-experimental
+
+FROM ubuntu:latest

 RUN apt-get update

@ -71,10 +73,9 @@ RUN make
 RUN cp prdbase prspice /opt/cad/bin

 # install ACT-06
-ARG USER
-ARG TOKEN
-
+RUN apt-get install -y libedit-dev zlib1g-dev m4 git gcc g++ make
 WORKDIR /toolsrc
-RUN git clone https://$USER:$TOKEN@git.broccolimicro.io/Broccoli/act-06.git
+RUN --mount=type=secret,id=user --mount=type=secret,id=token git clone https://$(cat /run/secrets/user):$(cat /run/secrets/token)@git.broccolimicro.io/Broccoli/act-06.git
 WORKDIR act-06
 RUN make
+