From 6af4e4e83a52f1cdac4c9ec6d06b957077900462 Mon Sep 17 00:00:00 2001
From: Alexey Sachkov <alexey.sachkov@intel.com>
Date: Tue, 17 Dec 2024 10:41:35 +0100
Subject: [PATCH] [SYCL][Devops] Propagate a new secret to containers build
 (#16384)

Extended build containers action with an extra argument which specifies
a password that will be assigned to the `sycl_ci` user created within
containers.

For now this new secret is unused, so this changes is expected to have
no impact on our CI.

This is outlined from #16361 to improve testing for that PR: for
security reasons actions are only invoked from the default branch and
never from a PR branch. Therefore, to actually test that this secret is
properly used without errors we need to update the action first.
---
 .github/workflows/sycl-containers.yaml    | 1 +
 devops/actions/build_container/action.yml | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/.github/workflows/sycl-containers.yaml b/.github/workflows/sycl-containers.yaml
index df93348019e7..1c280109f674 100644
--- a/.github/workflows/sycl-containers.yaml
+++ b/.github/workflows/sycl-containers.yaml
@@ -78,6 +78,7 @@ jobs:
           file: ${{ matrix.file }}
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
+          sycl_ci_passwd: ${{ secrets.DOCKER_SUDO_PASSWORD }}
           tags: |
             ghcr.io/${{ github.repository }}/${{ matrix.file }}:${{ matrix.tag }}-${{ github.sha }}
             ghcr.io/${{ github.repository }}/${{ matrix.file }}:${{ matrix.tag }}
diff --git a/devops/actions/build_container/action.yml b/devops/actions/build_container/action.yml
index 5ff5f3e209bf..8b992b5a2c05 100644
--- a/devops/actions/build_container/action.yml
+++ b/devops/actions/build_container/action.yml
@@ -21,6 +21,9 @@ inputs:
   file:
     description: "Dockerfile"
     required: true
+  sycl_ci_passwd:
+    description: "Password to assign to sycl_ci user within a container"
+    required: true
 
 runs:
   using: "composite"
@@ -41,3 +44,4 @@ runs:
       file: ${{ github.workspace }}/devops/containers/${{ inputs.file }}.Dockerfile
       secrets: |
         github_token=${{ github.token }}
+        sycl_ci_passwd=${{ inputs.sycl_ci_passwd }}