Google Git
Sign in
fuchsia / third_party / github.com / docker / docker / f4214ec847f2b466d6676b5b7a9b81d00afac007 / . / vendor / github.com / moby / buildkit / frontend / dockerfile / dockerfile2llb / convert_secrets.go
blob: 59c055a02d4349ff0cf11009bedc1143a70eeee2 [file] [log] [blame]
// +build dfsecrets
package dockerfile2llb
import (
"path"
"github.com/moby/buildkit/client/llb"
"github.com/moby/buildkit/frontend/dockerfile/instructions"
"github.com/pkg/errors"
)
func dispatchSecret(m *instructions.Mount) (llb.RunOption, error) {
id := m.CacheID
if m.Source != "" {
id = m.Source
}
if id == "" {
if m.Target == "" {
return nil, errors.Errorf("one of source, target required")
}
id = path.Base(m.Target)
}
target := m.Target
if target == "" {
target = "/run/secrets/" + path.Base(id)
}
opts := []llb.SecretOption{llb.SecretID(id)}
if !m.Required {
opts = append(opts, llb.SecretOptional)
}
if m.UID != nil || m.GID != nil || m.Mode != nil {
var uid, gid, mode int
if m.UID != nil {
uid = int(*m.UID)
}
if m.GID != nil {
gid = int(*m.GID)
}
if m.Mode != nil {
mode = int(*m.Mode)
} else {
mode = 0400
}
opts = append(opts, llb.SecretFileOpt(uid, gid, mode))
}
return llb.AddSecret(target, opts...), nil
}