Skip to content

Commit f1e26e9

Browse files
derekmislerderekmisler
authored
SecretsUsedInArgOrEnv warning (#115)
* Start [2025-09-05 11:25:21] * WIP [2025-09-05 11:26:06]
1 parent 0a6c765 commit f1e26e9

File tree

1 file changed

+25
-11
lines changed

1 file changed

+25
-11
lines changed

Dockerfile

Lines changed: 25 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -13,28 +13,30 @@ COPY . ./
1313
ARG GIT_TAG GIT_COMMIT BUILD_DATE
1414
RUN --mount=type=cache,target=/root/.cache \
1515
--mount=type=cache,target=/go/pkg/mod \
16-
CGO_ENABLED=1 go build -trimpath -ldflags "-s -w -X 'github.com/docker/cagent/cmd/root.Version=$GIT_TAG' -X 'github.com/docker/cagent/cmd/root.Commit=$GIT_COMMIT' -X 'github.com/docker/cagent/cmd/root.BuildTime=$BUILD_DATE' -X 'github.com/docker/cagent/internal/telemetry.TelemetryEndpoint=$TELEMETRY_ENDPOINT' -X 'github.com/docker/cagent/internal/telemetry.TelemetryAPIKey=$TELEMETRY_API_KEY' -X 'github.com/docker/cagent/internal/telemetry.TelemetryHeader=$TELEMETRY_HEADER'" -o /agent .
16+
--mount=type=secret,id=telemetry_api_key \
17+
--mount=type=secret,id=telemetry_endpoint \
18+
--mount=type=secret,id=telemetry_header \
19+
sh -c 'TELEMETRY_API_KEY=$(cat /run/secrets/telemetry_api_key 2>/dev/null || echo "") && TELEMETRY_ENDPOINT=$(cat /run/secrets/telemetry_endpoint 2>/dev/null || echo "") && TELEMETRY_HEADER=$(cat /run/secrets/telemetry_header 2>/dev/null || echo "") && CGO_ENABLED=1 go build -trimpath -ldflags "-s -w -X '"'"'github.com/docker/cagent/cmd/root.Version=$GIT_TAG'"'"' -X '"'"'github.com/docker/cagent/cmd/root.Commit=$GIT_COMMIT'"'"' -X '"'"'github.com/docker/cagent/cmd/root.BuildTime=$BUILD_DATE'"'"' -X '"'"'github.com/docker/cagent/internal/telemetry.TelemetryEndpoint=$TELEMETRY_ENDPOINT'"'"' -X '"'"'github.com/docker/cagent/internal/telemetry.TelemetryAPIKey=$TELEMETRY_API_KEY'"'"' -X '"'"'github.com/docker/cagent/internal/telemetry.TelemetryHeader=$TELEMETRY_HEADER'"'"'" -o /agent .'
1720

1821
FROM --platform=$BUILDPLATFORM golang:1.25.0-alpine3.22 AS builder-base
1922
WORKDIR /src
2023
COPY --from=xx / /
2124
ARG TARGETPLATFORM TARGETOS TARGETARCH
2225
ARG GIT_TAG GIT_COMMIT BUILD_DATE
23-
ARG TELEMETRY_API_KEY
24-
ARG TELEMETRY_ENDPOINT
25-
ARG TELEMETRY_HEADER
26-
27-
ENV TELEMETRY_API_KEY=${TELEMETRY_API_KEY}
28-
ENV TELEMETRY_ENDPOINT=${TELEMETRY_ENDPOINT}
29-
ENV TELEMETRY_HEADER=${TELEMETRY_HEADER}
3026

3127
FROM builder-base AS builder-darwin
3228
RUN apk add clang
3329
COPY . ./
3430
RUN --mount=type=bind,from=osxcross,src=/osxsdk,target=/xx-sdk \
3531
--mount=type=cache,target=/root/.cache,id=docker-ai-$TARGETPLATFORM \
36-
--mount=type=cache,target=/go/pkg/mod <<EOT
32+
--mount=type=cache,target=/go/pkg/mod \
33+
--mount=type=secret,id=telemetry_api_key \
34+
--mount=type=secret,id=telemetry_endpoint \
35+
--mount=type=secret,id=telemetry_header <<EOT
3736
set -x
37+
TELEMETRY_API_KEY=$(cat /run/secrets/telemetry_api_key 2>/dev/null || echo "")
38+
TELEMETRY_ENDPOINT=$(cat /run/secrets/telemetry_endpoint 2>/dev/null || echo "")
39+
TELEMETRY_HEADER=$(cat /run/secrets/telemetry_header 2>/dev/null || echo "")
3840
CGO_ENABLED=1 xx-go build -trimpath -ldflags "-s -w -X 'github.com/docker/cagent/cmd/root.Version=$GIT_TAG' -X 'github.com/docker/cagent/cmd/root.Commit=$GIT_COMMIT' -X 'github.com/docker/cagent/cmd/root.BuildTime=$BUILD_DATE' -X 'github.com/docker/cagent/internal/telemetry.TelemetryEndpoint=$TELEMETRY_ENDPOINT' -X 'github.com/docker/cagent/internal/telemetry.TelemetryAPIKey=$TELEMETRY_API_KEY' -X 'github.com/docker/cagent/internal/telemetry.TelemetryHeader=$TELEMETRY_HEADER'" -o /binaries/cagent-$TARGETOS-$TARGETARCH .
3941
xx-verify --static /binaries/cagent-darwin-$TARGETARCH
4042
EOT
@@ -44,8 +46,14 @@ RUN apk add clang
4446
RUN xx-apk add libx11-dev musl-dev gcc
4547
COPY . ./
4648
RUN --mount=type=cache,target=/root/.cache,id=docker-ai-$TARGETPLATFORM \
47-
--mount=type=cache,target=/go/pkg/mod <<EOT
49+
--mount=type=cache,target=/go/pkg/mod \
50+
--mount=type=secret,id=telemetry_api_key \
51+
--mount=type=secret,id=telemetry_endpoint \
52+
--mount=type=secret,id=telemetry_header <<EOT
4853
set -x
54+
TELEMETRY_API_KEY=$(cat /run/secrets/telemetry_api_key 2>/dev/null || echo "")
55+
TELEMETRY_ENDPOINT=$(cat /run/secrets/telemetry_endpoint 2>/dev/null || echo "")
56+
TELEMETRY_HEADER=$(cat /run/secrets/telemetry_header 2>/dev/null || echo "")
4957
CGO_ENABLED=1 xx-go build -trimpath -ldflags "-s -w -linkmode=external -extldflags '-static' -X 'github.com/docker/cagent/cmd/root.Version=$GIT_TAG' -X 'github.com/docker/cagent/cmd/root.Commit=$GIT_COMMIT' -X 'github.com/docker/cagent/cmd/root.BuildTime=$BUILD_DATE' -X 'github.com/docker/cagent/internal/telemetry.TelemetryEndpoint=$TELEMETRY_ENDPOINT' -X 'github.com/docker/cagent/internal/telemetry.TelemetryAPIKey=$TELEMETRY_API_KEY' -X 'github.com/docker/cagent/internal/telemetry.TelemetryHeader=$TELEMETRY_HEADER'" -o /binaries/cagent-$TARGETOS-$TARGETARCH .
5058
xx-verify --static /binaries/cagent-linux-$TARGETARCH
5159
EOT
@@ -54,8 +62,14 @@ FROM builder-base AS builder-windows
5462
RUN apk add zig build-base
5563
COPY . ./
5664
RUN --mount=type=cache,target=/root/.cache,id=docker-ai-$TARGETPLATFORM \
57-
--mount=type=cache,target=/go/pkg/mod <<EOT
65+
--mount=type=cache,target=/go/pkg/mod \
66+
--mount=type=secret,id=telemetry_api_key \
67+
--mount=type=secret,id=telemetry_endpoint \
68+
--mount=type=secret,id=telemetry_header <<EOT
5869
set -x
70+
TELEMETRY_API_KEY=$(cat /run/secrets/telemetry_api_key 2>/dev/null || echo "")
71+
TELEMETRY_ENDPOINT=$(cat /run/secrets/telemetry_endpoint 2>/dev/null || echo "")
72+
TELEMETRY_HEADER=$(cat /run/secrets/telemetry_header 2>/dev/null || echo "")
5973
CGO_ENABLED=1 CC="zig cc -target x86_64-windows-gnu" CXX="zig c++ -target x86_64-windows-gnu" xx-go build -trimpath -ldflags "-s -w -X 'github.com/docker/cagent/cmd/root.Version=$GIT_TAG' -X 'github.com/docker/cagent/cmd/root.Commit=$GIT_COMMIT' -X 'github.com/docker/cagent/cmd/root.BuildTime=$BUILD_DATE' -X 'github.com/docker/cagent/internal/telemetry.TelemetryEndpoint=$TELEMETRY_ENDPOINT' -X 'github.com/docker/cagent/internal/telemetry.TelemetryAPIKey=$TELEMETRY_API_KEY' -X 'github.com/docker/cagent/internal/telemetry.TelemetryHeader=$TELEMETRY_HEADER'" -o /binaries/cagent-$TARGETOS-$TARGETARCH .
6074
ls -la /binaries
6175
mv /binaries/cagent-$TARGETOS-$TARGETARCH /binaries/cagent-$TARGETOS-$TARGETARCH.exe

0 commit comments

Comments
 (0)