mirror of
https://gitea.com/docker/build-push-action.git
synced 2024-11-23 01:49:38 +01:00
Add an example of accessing the secrets file without root permissions
This commit is contained in:
parent
fe02965b48
commit
d60df21dda
1 changed files with 17 additions and 0 deletions
|
@ -13,6 +13,23 @@ RUN --mount=type=secret,id=github_token \
|
||||||
cat /run/secrets/github_token
|
cat /run/secrets/github_token
|
||||||
```
|
```
|
||||||
|
|
||||||
|
If you need access to the `secrets` file from a non-root user, you'll need to set the `uid` in the `--mount` argument:
|
||||||
|
|
||||||
|
```Dockerfile
|
||||||
|
#syntax=docker/dockerfile:1.2
|
||||||
|
|
||||||
|
FROM alpine
|
||||||
|
|
||||||
|
# Create non-root user
|
||||||
|
RUN addgroup -S newuser && adduser -u 1001 -S -g newuser newuser
|
||||||
|
|
||||||
|
# Run everything after as non-privileged user.
|
||||||
|
USER newuser
|
||||||
|
|
||||||
|
RUN --mount=type=secret,uid=1001,id=github_token \
|
||||||
|
cat /run/secrets/github_token
|
||||||
|
```
|
||||||
|
|
||||||
As you can see we have named our secret `github_token`. Here is the workflow you can use to expose this secret using
|
As you can see we have named our secret `github_token`. Here is the workflow you can use to expose this secret using
|
||||||
the [`secrets` input](../../README.md#inputs):
|
the [`secrets` input](../../README.md#inputs):
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue