ns-mkusper
commented
7 months ago Seems that the standard kaniko method of mounting secrets in /kaniko does work to resolve this issue. This works for me and I'm willing to use it permanently but seems like something of a workaround.
There doesn't seem to be any way to pass build-time secrets when using envbuilder, leaving me with no straight-forward option to include any Dockerfile with commands similar to:
RUN --mount=type=secret,id=test-token poetry config http-basic.test-token-pypi gitlab-ci-token $(cat /run/secrets/test-token)I'd be willing to drop a patch for this, but I'm curious to hear opinions on whether or not this is something envbuilder can support without violating its design principles.