Skip to content

dockerfile: mask usage of secret env in command name #8859

dockerfile: mask usage of secret env in command name

dockerfile: mask usage of secret env in command name #8859

Workflow file for this run

name: validate
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
workflow_dispatch:
push:
branches:
- 'master'
- 'v[0-9]+.[0-9]+'
tags:
- 'v*'
- 'dockerfile/*'
pull_request:
env:
SETUP_BUILDX_VERSION: "latest"
SETUP_BUILDKIT_IMAGE: "moby/buildkit:latest"
jobs:
prepare:
runs-on: ubuntu-24.04
outputs:
targets: ${{ steps.targets.outputs.matrix }}
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Matrix
id: targets
run: |
echo "matrix=$(docker buildx bake validate --print | jq -cr '.target | keys')" >> $GITHUB_OUTPUT
validate:
runs-on: ubuntu-24.04
needs:
- prepare
strategy:
fail-fast: false
matrix:
target: ${{ fromJson(needs.prepare.outputs.targets) }}
steps:
-
name: Prepare
run: |
if [ "$GITHUB_REPOSITORY" = "moby/buildkit" ]; then
echo "GOLANGCI_LINT_MULTIPLATFORM=1" >> $GITHUB_ENV
fi
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ env.SETUP_BUILDX_VERSION }}
driver-opts: image=${{ env.SETUP_BUILDKIT_IMAGE }}
buildkitd-flags: --debug
-
name: Validate
uses: docker/bake-action@v5
with:
targets: ${{ matrix.target }}
archutil-arm64:
runs-on: ubuntu-24.04
# TODO: enable when binutils-loongarch64-linux-gnu pkg is available for aarch64 arch
# https://github.com/moby/buildkit/pull/4392#issuecomment-1938223235
if: false
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ env.SETUP_BUILDX_VERSION }}
driver-opts: image=${{ env.SETUP_BUILDKIT_IMAGE }}
buildkitd-flags: --debug
-
name: Validate
uses: docker/bake-action@v5
with:
targets: validate-archutil
set: |
*.platform=linux/arm64