mirror of
https://github.com/docker/build-push-action.git
synced 2024-11-25 09:40:56 -05:00
Add an example of accessing the secrets file without root permissions
This commit is contained in:
parent
fe02965b48
commit
d60df21dda
1 changed files with 17 additions and 0 deletions
|
@ -13,6 +13,23 @@ RUN --mount=type=secret,id=github_token \
|
|||
cat /run/secrets/github_token
|
||||
```
|
||||
|
||||
If you need access to the `secrets` file from a non-root user, you'll need to set the `uid` in the `--mount` argument:
|
||||
|
||||
```Dockerfile
|
||||
#syntax=docker/dockerfile:1.2
|
||||
|
||||
FROM alpine
|
||||
|
||||
# Create non-root user
|
||||
RUN addgroup -S newuser && adduser -u 1001 -S -g newuser newuser
|
||||
|
||||
# Run everything after as non-privileged user.
|
||||
USER newuser
|
||||
|
||||
RUN --mount=type=secret,uid=1001,id=github_token \
|
||||
cat /run/secrets/github_token
|
||||
```
|
||||
|
||||
As you can see we have named our secret `github_token`. Here is the workflow you can use to expose this secret using
|
||||
the [`secrets` input](../../README.md#inputs):
|
||||
|
||||
|
|
Loading…
Reference in a new issue