Merge pull request #965 from talentedmrjones/bust-cache-for-new-secrets
Bust the buildkit cache when secret value changes
This commit is contained in:
commit
dda8141dac
@ -44,6 +44,8 @@ func (s *inputStore) GetSecret(ctx context.Context, id string) ([]byte, error) {
|
||||
|
||||
id = strings.TrimPrefix(id, secretPrefix)
|
||||
|
||||
id = strings.Split(id, ";hash=")[0]
|
||||
|
||||
input, ok := s.st.Inputs[id]
|
||||
if !ok {
|
||||
return nil, secrets.ErrNotFound
|
||||
|
@ -1,6 +1,7 @@
|
||||
package state
|
||||
|
||||
import (
|
||||
"crypto/sha256"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
@ -197,7 +198,11 @@ func SecretInput(data string) Input {
|
||||
type secretInput string
|
||||
|
||||
func (i secretInput) Compile(key string, _ *State) (*compiler.Value, error) {
|
||||
return compiler.Compile("", fmt.Sprintf(`{id:%q}`, "secret="+key))
|
||||
hash := sha256.New()
|
||||
hash.Write([]byte(key))
|
||||
checksum := hash.Sum([]byte(i.PlainText()))
|
||||
secretValue := fmt.Sprintf(`{id:"secret=%s;hash=%x"}`, key, checksum)
|
||||
return compiler.Compile("", secretValue)
|
||||
}
|
||||
|
||||
func (i secretInput) PlainText() string {
|
||||
|
@ -145,7 +145,7 @@ setup() {
|
||||
# Make sure the secret doesn't show in dagger query
|
||||
run "$DAGGER" query mySecret.id -f text
|
||||
assert_success
|
||||
assert_output "secret=mySecret"
|
||||
assert_output --partial "secret=mySecret;hash="
|
||||
}
|
||||
|
||||
@test "compute: docker socket" {
|
||||
|
Reference in New Issue
Block a user