3 år sedan · 0dffd5ba9f
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 
				 	github.com/AlecAivazis/survey/v2 v2.3.2
			
 
				 	github.com/buger/goterm v1.0.4
			
 
				 	github.com/cnabio/cnab-to-oci v0.3.1-beta1
			
 
				-	github.com/compose-spec/compose-go v1.2.3
			
 
				+	github.com/compose-spec/compose-go v1.2.4
			
 
				 	github.com/containerd/console v1.0.3
			
 
				 	github.com/containerd/containerd v1.6.2
			
 
				 	github.com/distribution/distribution/v3 v3.0.0-20210316161203-a01c71e2477e
			
--- a/go.sum
+++ b/go.sum
@@ -302,8 +302,8 @@ github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoC
 
				 github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI=
			
 
				 github.com/codahale/hdrhistogram v0.0.0-20160425231609-f8ad88b59a58/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
			
 
				 github.com/compose-spec/compose-go v1.0.8/go.mod h1:REnCbBugoIdHB7S1sfkN/aJ7AJpNApGNjNiVjA9L8x4=
			
 
				-github.com/compose-spec/compose-go v1.2.3 h1:r9zZfxQKG2A3fTy/MobMecUR1cd3uf7DlQQeB/NKVJ0=
			
 
				-github.com/compose-spec/compose-go v1.2.3/go.mod h1:pAy7Mikpeft4pxkFU565/DRHEbDfR84G6AQuiL+Hdg8=
			
 
				+github.com/compose-spec/compose-go v1.2.4 h1:nzTFqM8+2J7Veao5Pq5U451thinv3U1wChIvcjX59/A=
			
 
				+github.com/compose-spec/compose-go v1.2.4/go.mod h1:pAy7Mikpeft4pxkFU565/DRHEbDfR84G6AQuiL+Hdg8=
			
 
				 github.com/compose-spec/godotenv v1.1.1/go.mod h1:zF/3BOa18Z24tts5qnO/E9YURQanJTBUf7nlcCTNsyc=
			
 
				 github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE=
			
 
				 github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU=
			
--- a/pkg/compose/build.go
+++ b/pkg/compose/build.go
@@ -31,6 +31,7 @@ import (
 
				 	bclient "github.com/moby/buildkit/client"
			
 
				 	"github.com/moby/buildkit/session"
			
 
				 	"github.com/moby/buildkit/session/auth/authprovider"
			
 
				+	"github.com/moby/buildkit/session/secrets/secretsprovider"
			
 
				 	"github.com/moby/buildkit/session/sshforward/sshprovider"
			
 
				 	specs "github.com/opencontainers/image-spec/specs-go/v1"
			
 
				 
			
@@ -254,6 +255,26 @@ func (s *composeService) toBuildOptions(project *types.Project, service types.Se
 
				 		sessionConfig = append(sessionConfig, sshAgentProvider)
			
 
				 	}
			
 
				 
			
 
				+	if len(service.Build.Secrets) > 0 {
			
 
				+		var sources []secretsprovider.Source
			
 
				+		for _, secret := range service.Build.Secrets {
			
 
				+			config := project.Secrets[secret.Source]
			
 
				+			if config.File == "" {
			
 
				+				return build.Options{}, fmt.Errorf("build.secrets only supports file-based secrets: %q", secret.Source)
			
 
				+			}
			
 
				+			sources = append(sources, secretsprovider.Source{
			
 
				+				ID:       secret.Source,
			
 
				+				FilePath: config.File,
			
 
				+			})
			
 
				+		}
			
 
				+		store, err := secretsprovider.NewStore(sources)
			
 
				+		if err != nil {
			
 
				+			return build.Options{}, err
			
 
				+		}
			
 
				+		p := secretsprovider.NewSecretProvider(store)
			
 
				+		sessionConfig = append(sessionConfig, p)
			
 
				+	}
			
 
				+
			
 
				 	return build.Options{
			
 
				 		Inputs: build.Inputs{
			
 
				 			ContextPath:    service.Build.Context,
			
--- a/pkg/e2e/compose_build_test.go
+++ b/pkg/e2e/compose_build_test.go
@@ -169,3 +169,15 @@ func TestLocalComposeBuild(t *testing.T) {
 
				 		c.RunDockerCmd("rmi", "custom-nginx")
			
 
				 	})
			
 
				 }
			
 
				+
			
 
				+func TestBuildSecrets(t *testing.T) {
			
 
				+	c := NewParallelE2eCLI(t, binDir)
			
 
				+
			
 
				+	t.Run("build with secrets", func(t *testing.T) {
			
 
				+		// ensure local test run does not reuse previously build image
			
 
				+		c.RunDockerOrExitError("rmi", "build-test-secret")
			
 
				+
			
 
				+		res := c.RunDockerComposeCmd("--project-directory", "fixtures/build-test/secrets", "build")
			
 
				+		res.Assert(t, icmd.Success)
			
 
				+	})
			
 
				+}
			
--- a/pkg/e2e/fixtures/build-test/secrets/Dockerfile
+++ b/pkg/e2e/fixtures/build-test/secrets/Dockerfile
@@ -0,0 +1,22 @@
 
				+# syntax=docker/dockerfile:1.2
			
 
				+
			
 
				+
			
 
				+#   Copyright 2020 Docker Compose CLI authors
			
 
				+
			
 
				+#   Licensed under the Apache License, Version 2.0 (the "License");
			
 
				+#   you may not use this file except in compliance with the License.
			
 
				+#   You may obtain a copy of the License at
			
 
				+
			
 
				+#       http://www.apache.org/licenses/LICENSE-2.0
			
 
				+
			
 
				+#   Unless required by applicable law or agreed to in writing, software
			
 
				+#   distributed under the License is distributed on an "AS IS" BASIS,
			
 
				+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
			
 
				+#   See the License for the specific language governing permissions and
			
 
				+#   limitations under the License.
			
 
				+
			
 
				+FROM alpine
			
 
				+
			
 
				+RUN echo "foo" > /tmp/expected
			
 
				+RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret > /tmp/actual
			
 
				+RUN diff /tmp/expected /tmp/actual
			
--- a/pkg/e2e/fixtures/build-test/secrets/compose.yml
+++ b/pkg/e2e/fixtures/build-test/secrets/compose.yml
@@ -0,0 +1,11 @@
 
				+services:
			
 
				+  ssh:
			
 
				+    image: build-test-secret
			
 
				+    build:
			
 
				+      context: .
			
 
				+      secrets:
			
 
				+        - mysecret
			
 
				+
			
 
				+secrets:
			
 
				+  mysecret:
			
 
				+    file: ./secret.txt
			
--- a/pkg/e2e/fixtures/build-test/secrets/secret.txt
+++ b/pkg/e2e/fixtures/build-test/secrets/secret.txt
@@ -0,0 +1 @@
 
				+foo