added hash of the secret key+value to invalidate buildkit cache when value changes
Signed-off-by: Richard <richard@dagger.io>
This commit is contained in:
parent
7073bc89c0
commit
0666d6f55a
@ -44,6 +44,8 @@ func (s *inputStore) GetSecret(ctx context.Context, id string) ([]byte, error) {
|
|||||||
|
|
||||||
id = strings.TrimPrefix(id, secretPrefix)
|
id = strings.TrimPrefix(id, secretPrefix)
|
||||||
|
|
||||||
|
id = strings.Split(id, ";hash=")[0]
|
||||||
|
|
||||||
input, ok := s.st.Inputs[id]
|
input, ok := s.st.Inputs[id]
|
||||||
if !ok {
|
if !ok {
|
||||||
return nil, secrets.ErrNotFound
|
return nil, secrets.ErrNotFound
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
package state
|
package state
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/sha256"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
@ -196,8 +197,12 @@ func SecretInput(data string) Input {
|
|||||||
|
|
||||||
type secretInput string
|
type secretInput string
|
||||||
|
|
||||||
func (i secretInput) Compile(key string, _ *State) (*compiler.Value, error) {
|
func (i secretInput) Compile(key string, s *State) (*compiler.Value, error) {
|
||||||
return compiler.Compile("", fmt.Sprintf(`{id:%q}`, "secret="+key))
|
hash := sha256.New()
|
||||||
|
hash.Write([]byte(key))
|
||||||
|
checksum := hash.Sum([]byte(s.Inputs[key].Secret.PlainText()))
|
||||||
|
secretValue := fmt.Sprintf(`{id:"secret=%s;hash=%x"}`, key, checksum)
|
||||||
|
return compiler.Compile("", secretValue)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (i secretInput) PlainText() string {
|
func (i secretInput) PlainText() string {
|
||||||
|
Reference in New Issue
Block a user