A build secret is sensitive information, such as a password or API token, consumed as part of the build process. Docker Build supports two forms of secrets:
/run/secrets by default).This page shows how to use secrets with GitHub Actions. For an introduction to secrets in general, see Build secrets.
In the following example uses and exposes the GITHUB_TOKEN secret as provided by GitHub in your workflow.
First, create a Dockerfile that uses the secret:
In this example, the secret name is github_token. The following workflow exposes this secret using the secrets input:
You can also expose a secret file to the build with the
secret-filesinput:
If you're using GitHub secrets and need to handle multi-line value, you will need to place the key-value pair between quotes:
Key ValueMYSECRET *********************** GIT_AUTH_TOKEN abcdefghi,jklmno=0123456789 MYSECRET aaaaaaaa\nbbbbbbb\nccccccccc FOO bar EMPTYLINE aaaa\n\nbbbb\nccc JSON_SECRET {"key1":"value1","key2":"value2"}
Double escapes are needed for quote signs.
SSH mounts let you authenticate with SSH servers. For example to perform a git clone, or to fetch application packages from a private repository.
The following Dockerfile example uses an SSH mount to fetch Go modules from a private GitHub repository.
To build this Dockerfile, you must specify an SSH mount that the builder can use in the steps with --mount=type=ssh.
The following GitHub Action workflow uses the MrSquaare/ssh-setup-action third-party action to bootstrap SSH setup on the GitHub runner. The action creates a private key defined by the GitHub Action secret SSH_GITHUB_PPK and adds it to the SSH agent socket file at SSH_AUTH_SOCK. The SSH mount in the build step assume SSH_AUTH_SOCK by default, so there's no need to specify the ID or path for the SSH agent socket explicitly.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4