Skip to content

Commit

Permalink
add allow input
Browse files Browse the repository at this point in the history
Signed-off-by: CrazyMax <[email protected]>
  • Loading branch information
crazy-max committed Oct 2, 2024
1 parent 64673bc commit c24ab5d
Show file tree
Hide file tree
Showing 6 changed files with 56 additions and 1 deletion.
22 changes: 22 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -691,3 +691,25 @@ jobs:
./lint.hcl
env:
DOCKER_BUILD_CHECKS_ANNOTATIONS: false

allow:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./
with:
files: |
./test/config.hcl
allow: network.host
targets: app-entitlements
3 changes: 2 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,7 @@ The following inputs can be used as `step.with` keys
|----------------|-------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `builder` | String | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) |
| `source` | String | Context to build from. Can be either local (`.`) or a [remote bake definition](https://docs.docker.com/build/customize/bake/file-definition/#remote-definition) |
| `allow` | List/CSV | Allow build to access specified resources (e.g., `network.host`) |
| `files` | List/CSV | List of [bake definition files](https://docs.docker.com/build/customize/bake/file-definition/) |
| `workdir` | String | Working directory of execution |
| `targets` | List/CSV | List of bake targets (`default` target used if empty) |
Expand All @@ -193,7 +194,7 @@ The following inputs can be used as `step.with` keys
| `provenance` | Bool/String | [Provenance](https://docs.docker.com/build/attestations/slsa-provenance/) is a shorthand for `--set=*.attest=type=provenance` |
| `push` | Bool | Push is a shorthand for `--set=*.output=type=registry` (default `false`) |
| `sbom` | Bool/String | [SBOM](https://docs.docker.com/build/attestations/sbom/) is a shorthand for `--set=*.attest=type=sbom` |
| `set` | List | List of [targets values to override](https://docs.docker.com/engine/reference/commandline/buildx_bake/#set) (eg: `targetpattern.key=value`) |
| `set` | List | List of [targets values to override](https://docs.docker.com/engine/reference/commandline/buildx_bake/#set) (e.g., `targetpattern.key=value`) |
| `github-token` | String | API token used to authenticate to a Git repository for [remote definitions](https://docs.docker.com/build/bake/remote-definition/) (default `${{ github.token }}`) |

### outputs
Expand Down
17 changes: 17 additions & 0 deletions __tests__/context.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -330,6 +330,23 @@ describe('getArgs', () => {
'--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
]
],
[
12,
'0.17.0',
new Map<string, string>([
['allow', 'network.host'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'bake',
'--allow', 'network.host',
'--metadata-file', metadataJson,
"--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
]
],
])(
'[%d] given %p with %p as inputs, returns %p',
async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => {
Expand Down
3 changes: 3 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,9 @@ inputs:
source:
description: "Context to build from. Can be either local or a remote bake definition"
required: false
allow:
description: "Allow build to access specified resources (e.g., network.host)"
required: false
files:
description: "List of bake definition files"
required: false
Expand Down
7 changes: 7 additions & 0 deletions src/context.ts
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import {Util} from '@docker/actions-toolkit/lib/util';
import {BakeDefinition} from '@docker/actions-toolkit/lib/types/buildx/bake';

export interface Inputs {
allow: string[];
builder: string;
files: string[];
workdir: string;
Expand All @@ -28,6 +29,7 @@ export interface Inputs {

export async function getInputs(): Promise<Inputs> {
return {
allow: Util.getInputList('allow'),
builder: core.getInput('builder'),
files: Util.getInputList('files'),
workdir: core.getInput('workdir') || '.',
Expand Down Expand Up @@ -80,6 +82,11 @@ async function getBakeArgs(inputs: Inputs, definition: BakeDefinition, toolkit:
if (inputs.source) {
args.push(inputs.source);
}
if (await toolkit.buildx.versionSatisfies('>=0.17.0')) {
if (inputs.allow.length > 0) {
args.push('--allow', inputs.allow.join(','));
}
}
await Util.asyncForEach(inputs.files, async file => {
args.push('--file', file);
});
Expand Down
5 changes: 5 additions & 0 deletions test/config.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -42,3 +42,8 @@ target "app-proxy" {
inherits = ["app"]
dockerfile = "proxy.Dockerfile"
}

target "app-entitlements" {
inherits = ["app"]
entitlements = ["network.host"]
}

0 comments on commit c24ab5d

Please sign in to comment.