-
Notifications
You must be signed in to change notification settings - Fork 495
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bake: cache-from/cache-to options no longer print sensitive values #2833
Conversation
c15110e
to
7a8ebdc
Compare
bake/hcl_test.go
Outdated
@@ -674,7 +674,7 @@ func TestHCLAttrsCapsuleTypeVars(t *testing.T) { | |||
output = [ "type=oci,dest=../${foo}.tar" ] | |||
|
|||
secret = [ | |||
{ id = target.app.output[0].type, src = "/local/secret" }, | |||
{ id = target.app.output[0].type, src = "/${target.app.cache-from[1].type}/secret" }, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dvdksn I'm not sure we have examples showing how to reference attributes. I think the example with cache-to = [ target.app.cache-from[0] ]
is a good one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have a simpler example: https://docs.docker.com/build/bake/inheritance/#reusing-single-attributes-from-targets
We don't show interpolation though, maybe we should
I'm going to put this into draft. I have a more complete fix for this but it'll also involve other changes. |
7a8ebdc
to
71d0415
Compare
Updated this PR pretty significantly. I figured out how to make the
And implement the custom logic with that. This took away some of the previous indirection that was making the code very difficult to deal with. Now the JSON marshaling will correctly skip empty slices and the cty value stuff works without exposing the system to null values. I'm planning to extend this to the other ones too. I mostly ran into issues when I was trying to take the original approach in this PR and apply it to the outputs. It became too difficult to deal with all of the potential null locations. |
829e633
to
45ae61e
Compare
This refactors how the cache-from/cache-to composable attributes work so they no longer print sensitive values that are automatically added. This also expands the available syntax that works with the cache options. It is now possible to interleave the csv syntax with the object syntax without any problems. The canonical form is still the object syntax and variables are resolved according to that syntax. `cache-from` and `cache-to` now correctly ignore empty string inputs so these can be used with variables. Signed-off-by: Jonathan A. Sternberg <[email protected]>
45ae61e
to
59fa21a
Compare
Batching in this change with some other fixes too in #2814. I'll close this one. |
This refactors how the cache-from/cache-to composable attributes work so they no longer print sensitive values that are automatically added.
This also expands the available syntax that works with the cache options. It is now possible to interleave the csv syntax with the object syntax without any problems. The canonical form is still the object syntax and variables are resolved according to that syntax.
cache-from
andcache-to
now correctly ignore empty string inputs so these can be used with variables.Fixes #2823.
Partial fix for #2822.