feat: add secret-envs input

[elias-lundgren]

Makes use of implementation in docker/actions-toolkit@a1ffbe9 and the fix in docker/actions-toolkit#176.

A new version of the npm package (@docker/actions-toolkit) with the fix implemented in the pull request has to be released before this can be merged as I understand it.

That version should be bumped in package-lock.json/package.json as well but I don't know if dependabot or me should do it.

[elias-lundgren]

@crazy-max bumped the toolkit to the rc ;)

[crazy-max]

It seems you forgot to run docker buildx bake pre-checkin.

Also can you add a test in

build-push-action/__tests__/context.test.ts

Line 57 in 0f84726

describe('getArgs', () => {

I was also wondering if we should check for secret id collision but can be a follow-up.

[elias-lundgren]

It seems you forgot to run docker buildx bake pre-checkin.

Also can you add a test in

build-push-action/__tests__/context.test.ts

Line 57 in 0f84726

describe('getArgs', () => {

I was also wondering if we should check for secret id collision but can be a follow-up.

I added some tests that passed here: https://github.com/docker/build-push-action/pull/980/files#diff-35112c3ed4be2816f18f19320c9c2e1fd2d10fede1dbd6ee023d75fe963ea722R622-R664 not sure if they are enough though. Also baked it as you said :)

[crazy-max]

Missing input in action.yml.

Also squash your commits similar to https://github.com/docker/build-push-action/pull/957/commits. Thanks.

[elias-lundgren]

Missing input in action.yml.

Also squash your commits similar to https://github.com/docker/build-push-action/pull/957/commits. Thanks.

Not sure what you mean with the missing input as it is added here:

build-push-action/action.yml

Lines 83 to 85 in 4a0c05c

	secret-envs:
	description: "List of secrets to expose to the build using environment variables (e.g., MY_SECRET=MY_ENV_VAR)"
	required: false

I will squash the commits :)

[crazy-max]

Not sure what you mean with the missing input as it is added here:

Sorry I'm blind 😅

I will squash the commits :)

🙏

[elias-lundgren]

There we go, hope it's good!

[crazy-max]

There we go, hope it's good!

Sorry for the misunderstanding but I was expected two commits:

• feat: add secret-envs input
• chore: update generated content that is just the result of docker buildx bake pre-checkin in ./dist like ec39ef3 as this is just generated content. See the history.

I have renamed your PR title so we are aligned.

[elias-lundgren]

There we go, hope it's good!

Sorry for the misunderstanding but I was expected two commits:

• feat: add secret-envs input
• chore: update generated content that is just the result of docker buildx bake pre-checkin in ./dist like ec39ef3 as this is just generated content. See the history.

I have renamed your PR title so we are aligned.

No worries! Hopefully it's right this time.

The actions-toolkit is still on the rc.1, just wanted that known :)

[crazy-max]

The actions-toolkit is still on the rc.1, just wanted that known :)

Yes that's fine!

[crazy-max]

Thanks!

[elias-lundgren]

Thank you!

[bendavies]

how exactly does this differ from secrets?

[elias-lundgren]

how exactly does this differ from secrets?

@bendavies the secrets input takes in a list of key value pairs which are then provided as secrets to the docker build command by first writing the value to disk and referencing it, this can be seen in resolveBuildSecretString which then calls resolveBuildSecret. The generated argument becomes --secret id=KEY,src=<temp-file-with-secret-value>.

secret-envs instead uses resolveBuildSecretEnv and generates the argument --secret id=KEY,env=ENVIRONMENT_VARIABLE which in turn uses the ENVIRONMENT_VARIABLE defined on the GitHub runner as the secret value provided to the build.