night haven
Hey @honest talon, there seems to be an issue with passing secrets to a docker build. We have a test covering that but not in a module. I thought it could be because of recent work but even in 0.11.6 I can reproduce it:
can't open '/run/secrets/my-secret': No such file or directory
Does it ring any bell? Reported in https://github.com/dagger/dagger/issues/8035
Ran out of time to make a test case for it using a module function.
With this Dockerfile:
FROM golang:1.18.2-alpine
WORKDIR /src
RUN --mount=type=secret,id=my-secret test "$(cat /run/secrets/my-secret)" = "barbar"
RUN --mount=type=secret,id=my-secret cp /run/secrets/my-secret /secret
Even this isn't working:
package main
import (
"context"
"main/internal/dagger"
)
type MyModule struct{}
func (m *MyModule) Build(
ctx context.Context,
source *dagger.Directory,
// secret *dagger.Secret,
) (*dagger.Container, error) {
buildSecret := dag.SetSecret("my-secret", "barbar")
return source.
DockerBuild(dagger.DirectoryDockerBuildOpts{
Secrets: []*dagger.Secret{buildSecret},
}), nil
}
! failed to convert return value: CoreModObject.load blob(digest: "sha256:0eb9e71696aec1c353225d74ee7da15bf666e76e30ceba3ff7ec7203f4086ede", mediaType: "application/vnd.oci.image.layer.v1.tar+zstd", size: 46165486, uncompressed: "sha256:3e49a8b9545e70183dd3cd12b8315107c1708d84218a883a7d17c2e420d067e8").dockerBuild(secrets: [{secret(accessor: "6d792d736563726574bef365a42b491f76459bc7d3e2d43421f5ab158fdaebf51c01b8cc3c8d93d201", name: "my-secret"): Secret!}]): Container!: load: secret not found: xxh3:9ff436ea04c1ec8d
honest talon
Hm yeah they also reported it on v0.12.0 which was before the other recent secret changes, so probably has existed for a good while.
I can sort of imagine where things are probably not getting hooked up properly. Basically when we invoke a Dockerfile it's a very very different codepath from everything else and always requires special handling.
I gotta finish the release process but will take a look after