actions/docker-build-push
1
0
Fork 0
mirror of https://github.com/docker/build-push-action.git synced 2024-11-06 00:35:53 -05:00
Code Issues Projects Releases Packages Wiki Activity

Add an example of accessing the secrets file without root permissions

Browse source
This commit is contained in:
Emanuel Fernandes 2022-02-13 20:10:52 +00:00 committed by GitHub
parent fe02965b48
commit d60df21dda
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
docs/advanced/secrets.md
View file

@ -13,6 +13,23 @@ RUN --mount=type=secret,id=github_token \
cat /run/secrets/github_token cat /run/secrets/github_token
``` ```
If you need access to the `secrets` file from a non-root user, you'll need to set the `uid` in the `--mount` argument:
```Dockerfile
#syntax=docker/dockerfile:1.2
FROM alpine
# Create non-root user
RUN addgroup -S newuser && adduser -u 1001 -S -g newuser newuser
# Run everything after as non-privileged user.
USER newuser
RUN --mount=type=secret,uid=1001,id=github_token \
cat /run/secrets/github_token
```
As you can see we have named our secret `github_token`. Here is the workflow you can use to expose this secret using As you can see we have named our secret `github_token`. Here is the workflow you can use to expose this secret using
the [`secrets` input](../../README.md#inputs): the [`secrets` input](../../README.md#inputs):