Update multiplatform validation for secrets

Author: shanejbrown

README.rst

@@ -377,7 +377,7 @@ see https://docs.docker.com/build/building/secrets/.
 In order to use secrets in buildrunner, you need to do the following:
 
 #. Update the buildrunner configuration file
-    * Set ``use-legacy-builder`` to ``false``
+    * Set ``use-legacy-builder`` to ``false`` or add ``platforms`` to the ``build`` section
     * Add the secrets to the ``secrets`` section in the ``build`` section
 #. Update the Dockerfile to use the secrets
     * Add the ``--mount`` at the beginning of each RUN command that needs the secret

buildrunner/config/models.py

@@ -163,17 +163,22 @@ def validate_steps(cls, vals, info) -> None:
 
         # Checks steps for mutli-platform or secrets
         has_multi_platform_build = False
-        has_secrets = False
+
+        #  Check for multi-platform builds and secrets validation
         for step in vals.values():
             has_multi_platform_build = (
                 has_multi_platform_build or step.is_multi_platform()
             )
-            has_secrets = has_secrets or step.has_secrets()
 
-        if has_secrets:
-            if info.data.get("use_legacy_builder"):
+            # If the step has secrets and the builder is legacy or no platforms are set for the step, raise an error
+            if (
+                step.has_secrets()
+                and not step.is_multi_platform()
+                and info.data.get("use_legacy_builder")
+            ):
                 raise ValueError(
-                    "Build secrets are not supported with the legacy builder. Please set use-legacy-builder to false in order to use secrets in your build."
+                    "Build secrets are not supported with the legacy builder. Please set use-legacy-builder to false"
+                    " or add platforms to the build section in order to use secrets in your build."
                 )
 
         if has_multi_platform_build:

examples/build/secrets/platforms-buildrunner.yaml

@@ -0,0 +1,24 @@
+# In order to use secrets, you need to set use-legacy-builder to false in the config file OR
+# add platforms to the build section
+# To run this example, you need to set the SECRET_PASSWORD environment variable
+# and run the example with the following command:
+# SECRET2=my_secret ./run-buildrunner.sh -f examples/build/secrets/buildrunner-platforms.yaml
+# More info about secrets: https://docs.docker.com/build/building/secrets/
+steps:
+  simple-build-step:
+    build:
+      dockerfile: |
+        FROM alpine:latest
+        RUN --mount=type=secret,id=secret1 \
+            --mount=type=secret,id=secret2 \
+            SECRET1_FILE=/run/secrets/secret1 \
+            SECRET2_VARIABLE=$(cat /run/secrets/secret2) \
+            echo "Using secrets in my build - secret1: $(cat $SECRET1_FILE) secret2: $SECRET2_VARIABLE"
+      secrets:
+        # Example of a secret that is a file
+        - id=secret1,src=examples/build/secrets/secret1.txt
+        # Example of a secret that is an environment variable
+        - id=secret2,env=SECRET2
+      platforms:
+        - linux/amd64
+        - linux/arm64