From 719805b73c3fe386c4a735d87652827d43b55396 Mon Sep 17 00:00:00 2001 From: Thibault Piron Date: Thu, 23 Apr 2026 18:34:37 +0200 Subject: [PATCH] feat: allow build secrets args to be passed in cli --- v2/cli_build.go | 5 +++++ v2/config/config.go | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/v2/cli_build.go b/v2/cli_build.go index 9f8ce16..82c8386 100644 --- a/v2/cli_build.go +++ b/v2/cli_build.go @@ -3,7 +3,9 @@ package main import ( "context" "flag" + "fmt" "os" + "slices" "strings" "github.com/discourse/launcher/v2/config" @@ -53,6 +55,9 @@ func (r *DockerBuildCmd) Run(cli *Cli, ctx context.Context) error { ExtraFlags: r.ExtraFlags, MountVolumes: r.MountVolumes, } + if builder.ExtraFlags != nil && slices.Contains(builder.ExtraFlags, "--secret") && len(config.Secrets) == 0 { + fmt.Fprintln(utils.Out, "Warning: you must declare your secrets in the configuration file as a list of strings.") + } if err := builder.Run(ctx); err != nil { if configErr := config.ValidateConfig(err); configErr != nil { return configErr diff --git a/v2/config/config.go b/v2/config/config.go index 1dbcaa3..1b42deb 100644 --- a/v2/config/config.go +++ b/v2/config/config.go @@ -54,6 +54,7 @@ type Config struct { Env map[string]string `yaml:"env,omitempty"` Labels map[string]string `yaml:"labels,omitempty"` Volumes []VolumeObject `yaml:"volumes,omitempty"` + Secrets []string `yaml:"secrets,omitempty"` Links []struct { Link struct { Name string `yaml:"name"` @@ -185,6 +186,12 @@ func (config *Config) Dockerfile(pupsArgs string, bakeEnv bool, mountVolumes boo builder.WriteString("--mount=type=bind,from=volume_" + strconv.Itoa(i) + ",source=/,target=" + v.Volume.Guest + ",rw=true ") } } + + // add secret mounts if any secrets exist + for _, secret := range config.Secrets { + builder.WriteString("--mount=type=secret,id=" + secret + " ") + } + builder.WriteString( "cat /temp-config.yaml | /usr/local/bin/pups " + pupsArgs + " --stdin " + "&& rm /temp-config.yaml\n")