Build development environments from a Dockerfile on Docker, Kubernetes, and OpenShift. Enable developers to modify their development environment quickly.
Apache License 2.0
151
stars
26
forks
source link
envbuilder support for build-time secrets is undocumented #93
There doesn't seem to be any way to pass build-time secrets when using envbuilder, leaving me with no straight-forward option to include any Dockerfile with commands similar to:
RUN --mount=type=secret,id=test-token poetry config http-basic.test-token-pypi gitlab-ci-token $(cat /run/secrets/test-token)
I'd be willing to drop a patch for this, but I'm curious to hear opinions on whether or not this is something envbuilder can support without violating its design principles.
Seems that the standard kaniko method of mounting secrets in /kaniko does work to resolve this issue. This works for me and I'm willing to use it permanently but seems like something of a workaround.
There doesn't seem to be any way to pass build-time secrets when using envbuilder, leaving me with no straight-forward option to include any Dockerfile with commands similar to:
RUN --mount=type=secret,id=test-token poetry config http-basic.test-token-pypi gitlab-ci-token $(cat /run/secrets/test-token)
I'd be willing to drop a patch for this, but I'm curious to hear opinions on whether or not this is something envbuilder can support without violating its design principles.