related to docker/actions-toolkit#288
We don't support building a remote bake definition from a private repository using a git auth token. Only SSH auth with default agent is currently supported for this case:
|
ssh, err := controllerapi.CreateSSH([]*controllerapi.SSH{{ID: "default"}}) |
|
if err == nil { |
|
session = append(session, ssh) |
|
} |
Loading a remote bake definition is done by a dedicated solve request before build occurs:
|
_, err = c.Build(ctx, client.SolveOpt{Session: session, Internal: true}, "buildx", func(ctx context.Context, c gwclient.Client) (*gwclient.Result, error) { |
So we would need to pass the secret in a proper manner through bake command and attach it to the session.
@tonistiigi suggests that we could have a builtin name as override that would look like this:
docker buildx bake \
--set "<builtin_name>.secrets=id=GIT_AUTH_TOKEN,env=GIT_AUTH_TOKEN"
https://github.com/docker/test-docker-action.git#remote-private
Where <builtin_name> would be unique and could not be used as target name in the bake definition. As we already restrict target name with specific chars:
|
validTargetNameChars = `[a-zA-Z0-9_-]+` |
We could use one not part of it to avoid collision such as bake@remote:
docker buildx bake \
--set "[email protected]=id=GIT_AUTH_TOKEN,env=GIT_AUTH_TOKEN"
https://github.com/docker/test-docker-action.git#remote-private
Open to suggestions.
related to docker/actions-toolkit#288
We don't support building a remote bake definition from a private repository using a git auth token. Only SSH auth with default agent is currently supported for this case:
buildx/bake/remote.go
Lines 30 to 33 in 8abef59
Loading a remote bake definition is done by a dedicated solve request before build occurs:
buildx/bake/remote.go
Line 62 in 8abef59
So we would need to pass the secret in a proper manner through
bakecommand and attach it to the session.@tonistiigi suggests that we could have a builtin name as override that would look like this:
Where
<builtin_name>would be unique and could not be used as target name in the bake definition. As we already restrict target name with specific chars:buildx/bake/bake.go
Line 35 in 8abef59
We could use one not part of it to avoid collision such as
bake@remote:Open to suggestions.