Skip to content

buildah-build.1.md: secret examples #5999

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 11, 2025
Merged

buildah-build.1.md: secret examples #5999

merged 1 commit into from
Mar 11, 2025

Conversation

hdub-tech
Copy link
Contributor

What type of PR is this?

/kind documentation

What this PR does / why we need it:

This PR enhances the buildah build --secret documentation to include examples.

How to verify it

Documentation successfully builds

  • make docs with man docs/buildah-build.1 confirmation

    Screenshot from 2025-02-22 01-04-31

    Screenshot from 2025-02-22 01-05-55

Confirmed examples

Included below is proof that each example works using buildah version 1.38.1. The Containerfile used to confirm was:

FROM alpine
RUN --mount=type=secret,id=mysecret \
    ls -la /run/secrets && \
    cat /run/secrets/mysecret

  • buildah build --secret=id=mysecret . - with file named mysecret

    $ echo foobar > mysecret; buildah build --secret=id=mysecret .
STEP 1/2: FROM alpine
STEP 2/2: RUN --mount=type=secret,id=mysecret     ls -la /run/secrets &&     cat /run/secrets/mysecret
total 4
drwxr-xr-x    1 root     root            16 Feb 22 05:16 .
drwxr-xr-x    1 root     root            40 Feb 22 05:16 ..
-r--------    1 root     root             7 Feb 22 05:16 mysecret
foobar
COMMIT
<snipped>

  • buildah build --secret=id=mysecret . - with env variable named mysecret

    $ mysecret=foobarenv buildah build --secret=id=mysecret .
STEP 1/2: FROM alpine
STEP 2/2: RUN --mount=type=secret,id=mysecret     ls -la /run/secrets &&     cat /run/secrets/mysecret
total 4
drwxr-xr-x    1 root     root            16 Feb 22 05:20 .
drwxr-xr-x    1 root     root            40 Feb 22 05:20 ..
-r--------    1 root     root             9 Feb 22 05:20 mysecret
foobarenvCOMMIT
<snipped>

  • buildah build --secret=id=mysecret,env=MYSECRET .

    $ MYSECRET=foobarenv2 buildah build --secret=id=mysecret,env=MYSECRET .
STEP 1/2: FROM alpine
STEP 2/2: RUN --mount=type=secret,id=mysecret     ls -la /run/secrets &&     cat /run/secrets/mysecret
total 4
drwxr-xr-x    1 root     root            16 Feb 22 05:24 .
drwxr-xr-x    1 root     root            40 Feb 22 05:24 ..
-r--------    1 root     root            10 Feb 22 05:24 mysecret
foobarenv2COMMIT
<snipped>

  • buildah build --secret=id=mysecret,src=MYSECRET,type=env .

    $ MYSECRET=foobarenv3 buildah build --secret=id=mysecret,src=MYSECRET,type=env .
STEP 1/2: FROM alpine
STEP 2/2: RUN --mount=type=secret,id=mysecret     ls -la /run/secrets &&     cat /run/secrets/mysecret
total 4
drwxr-xr-x    1 root     root            16 Feb 22 05:28 .
drwxr-xr-x    1 root     root            40 Feb 22 05:28 ..
-r--------    1 root     root            10 Feb 22 05:28 mysecret
foobarenv3COMMIT
<snipped>

  • buildah build --secret=id=mysecret,src=.mysecret,type=file .

    $ echo foobar2 > .mysecret; buildah build --secret=id=mysecret,src=.mysecret,type=file .
STEP 1/2: FROM alpine
STEP 2/2: RUN --mount=type=secret,id=mysecret     ls -la /run/secrets &&     cat /run/secrets/mysecret
total 4
drwxr-xr-x    1 root     root            16 Feb 22 05:32 .
drwxr-xr-x    1 root     root            40 Feb 22 05:32 ..
-r--------    1 root     root             8 Feb 22 05:32 mysecret
foobar2
COMMIT
<snipped>

  • buildah build --secret=id=mysecret,src=.mysecret .

    $ echo foobar3 > .mysecret; buildah build --secret=id=mysecret,src=.mysecret .
STEP 1/2: FROM alpine
STEP 2/2: RUN --mount=type=secret,id=mysecret     ls -la /run/secrets &&     cat /run/secrets/mysecret
total 4
drwxr-xr-x    1 root     root            16 Feb 22 05:40 .
drwxr-xr-x    1 root     root            40 Feb 22 05:40 ..
-r--------    1 root     root             8 Feb 22 05:40 mysecret
foobar3
COMMIT
<snipped>

Which issue(s) this PR fixes:

None

Special notes for your reviewer:

None?

Does this PR introduce a user-facing change?

None

@rhatdan
Copy link
Member

rhatdan commented Feb 23, 2025

LGTM
@flouthoc @nalind PTAL

nalind
nalind reviewed Feb 24, 2025
View reviewed changes
@hdub-tech
buildah-build.1.md: secret examples
1547d4f 
Signed-off-by: H Dub <[email protected]>
Helped-by: tomsweeneyredhat <[email protected]>
flouthoc
flouthoc approved these changes Mar 4, 2025
View reviewed changes
Copy link
Collaborator

@flouthoc flouthoc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rhatdan
Copy link
Member

rhatdan commented Mar 11, 2025

Thanks @hdub-tech
/approve
/lgtm

@openshift-ci openshift-ci bot added the lgtm label Mar 11, 2025
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Mar 11, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: flouthoc, hdub-tech, rhatdan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit 45b31a9 into containers:main Mar 11, 2025
34 checks passed
@hdub-tech hdub-tech deleted the secret-examples branch March 11, 2025 21:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nalind nalind nalind left review comments

@TomSweeneyRedHat TomSweeneyRedHat TomSweeneyRedHat left review comments

@flouthoc flouthoc flouthoc approved these changes

Assignees

@rhatdan rhatdan

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@hdub-tech @rhatdan @nalind @flouthoc @TomSweeneyRedHat