Skip to content

add ssh and secrets inputs to build workflow #185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
pexcn wants to merge 1 commit into
base: main
Choose a base branch
from
Open

add ssh and secrets inputs to build workflow #185

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,10 @@ on:
type: string
description: "List of target platforms to build"
required: false
secrets:
type: string
description: "List of secrets to expose to the build"
required: false
push:
type: boolean
description: "Push image to the registry (for image output)"
Expand All @@ -90,6 +94,10 @@ on:
type: string
description: "Size of /dev/shm (e.g., 2g)"
required: false
ssh:
type: string
description: "List of SSH agent socket or keys to expose to the build"
required: false
sign:
type: string
description: "Sign attestation manifest for image output or artifacts for local output, can be one of auto, true or false. The auto mode will enable signing if push is enabled for pushing the image or if artifact-upload is enabled for uploading the local build output as GitHub Artifact"
Expand Down Expand Up @@ -133,6 +141,9 @@ on:
github-token:
description: "GitHub Token used to authenticate against the repository for Git context"
required: false
ssh-private-key:
description: "SSH private key used to populate SSH_AUTH_SOCK for buildx SSH mounts"
required: false
outputs:
meta-json:
description: "Metadata JSON output (for image output)"
Expand Down Expand Up @@ -653,6 +664,14 @@ jobs:
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with:
registry-auth: ${{ secrets.registry-auths }}
-
name: Set up ssh-agent
if: ${{ inputs.ssh }}
shell: bash
run: |
eval "$(ssh-agent -s)"
echo "${{ secrets.ssh-private-key }}" | tr -d '\r' | ssh-add -
echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> "$GITHUB_ENV"
-
name: Build
id: build
Expand All @@ -669,8 +688,10 @@ jobs:
platforms: ${{ steps.prepare.outputs.platform }}
provenance: ${{ steps.prepare.outputs.provenance }}
sbom: ${{ steps.prepare.outputs.sbom }}
secrets: ${{ inputs.secrets }}
secret-envs: GIT_AUTH_TOKEN=GIT_AUTH_TOKEN
shm-size: ${{ inputs.shm-size }}
ssh: ${{ inputs.ssh }}
target: ${{ inputs.target }}
ulimit: ${{ inputs.ulimit }}
env:
Expand Down