Merge pull request #453 from buildkite-plugins/toote_secrets_removal

pzeballos · web-flow · commit ec45125f5b47 · 2024-08-28T15:23:02.000-03:00
Secrets removal
diff --git a/README.md b/README.md
@@ -324,10 +324,6 @@ You may want to also add `BUILDKIT_INLINE_CACHE=1` to your build arguments (`arg
 
 It will add the `--ssh` option to the build command with the passed value (if `true` it will use `default`). Note that it assumes you have a compatible docker installation and configuration in the agent (meaning you are using BuildKit and it is correctly setup).
 
-#### `secrets` (build only, array of strings)
-
-All elements in this array will be passed literally to the `build` command as parameters of the [`--secrets` option](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret). Note that you must have BuildKit enabled for this option to have any effect and special `RUN` stanzas in your Dockerfile to actually make use of them.
-
 #### `with-dependencies` (build only, boolean)
 
 If set to true, docker compose will build with the `--with-dependencies` option which will also build dependencies transitively.
diff --git a/commands/build.sh b/commands/build.sh
@@ -105,11 +105,6 @@ if [[ "$(plugin_read_config WITH_DEPENDENCIES "false")" == "true" ]] ; then
   build_params+=(--with-dependencies)
 fi
 
-# Parse the list of secrets to pass on to build command
-while read -r line ; do
-  [[ -n "$line" ]] && build_params+=("--secret" "$line")
-done <<< "$(plugin_read_list SECRETS)"
-
 if [[ "$(plugin_read_config SSH "false")" != "false" ]] ; then
   if [[ "${DOCKER_BUILDKIT:-}" != "1" && "${BUILDKITE_PLUGIN_DOCKER_COMPOSE_CLI_VERSION:-2}" != "2" ]]; then
     echo "🚨 You can not use the ssh option if you are not using buildkit"
diff --git a/plugin.yml b/plugin.yml
@@ -99,10 +99,6 @@ configuration:
       type: string
     run-labels:
       type: boolean
-    secrets:
-      type: array
-      items:
-        type: string
     service-ports:
       type: boolean
     shell:
@@ -177,7 +173,6 @@ configuration:
     run-labels: [ run ]
     service-ports: [ run ]
     skip-pull: [ build, run ]
-    secrets: [ buildkit, build ]
     shell: [ run ]
     ssh: [ build ]
     target: [ build ]
diff --git a/tests/build.bats b/tests/build.bats
@@ -296,23 +296,6 @@ setup_file() {
   unstub docker
 }
 
-@test "Build with secrets" {
-  export BUILDKITE_PLUGIN_DOCKER_COMPOSE_BUILD=myservice
-  export BUILDKITE_PLUGIN_DOCKER_COMPOSE_SECRETS_0='id=test,file=~/.test'
-  export BUILDKITE_PLUGIN_DOCKER_COMPOSE_SECRETS_1='id=SECRET_VAR'
-
-  stub docker \
-    "compose -f docker-compose.yml -p buildkite1111 build --pull --secret \* --secret \* \* : echo built \${12} with secrets \${9} and \${11}"
-
-  run "$PWD"/hooks/command
-
-  assert_success
-  assert_output --partial "built myservice"
-  assert_output --partial "with secrets id=test,file=~/.test and id=SECRET_VAR"
-
-  unstub docker
-}
-
 @test "Build without pull" {
   export BUILDKITE_PLUGIN_DOCKER_COMPOSE_BUILD=myservice
   export BUILDKITE_PLUGIN_DOCKER_COMPOSE_SKIP_PULL=true
diff --git a/tests/v1/build.bats b/tests/v1/build.bats
@@ -319,23 +319,6 @@ setup_file() {
   unstub docker-compose
 }
 
-@test "Build with secrets" {
-  export BUILDKITE_PLUGIN_DOCKER_COMPOSE_BUILD=myservice
-  export BUILDKITE_PLUGIN_DOCKER_COMPOSE_SECRETS_0='id=test,file=~/.test'
-  export BUILDKITE_PLUGIN_DOCKER_COMPOSE_SECRETS_1='id=SECRET_VAR'
-
-  stub docker-compose \
-    "-f docker-compose.yml -p buildkite1111 build --pull --secret \* --secret \* \* : echo built \${11} with secrets \${8} and \${10}"
-
-  run "$PWD"/hooks/command
-
-  assert_success
-  assert_output --partial "built myservice"
-  assert_output --partial "with secrets id=test,file=~/.test and id=SECRET_VAR"
-
-  unstub docker-compose
-}
-
 @test "Build without pull" {
   export BUILDKITE_PLUGIN_DOCKER_COMPOSE_BUILD=myservice
   export BUILDKITE_PLUGIN_DOCKER_COMPOSE_SKIP_PULL=true
