mirror of
https://github.com/Dokploy/dokploy.git
synced 2026-07-03 13:05:23 +02:00
feat(applications): add support for Docker build secrets
- Implement build secrets functionality for Dockerfile builds - Add new `buildSecrets` field to application schema - Update UI and backend to handle build-time secrets - Modify Docker build process to support secret injection during build
This commit is contained in:
@@ -129,6 +129,7 @@ export const applications = pgTable("application", {
|
||||
false,
|
||||
),
|
||||
buildArgs: text("buildArgs"),
|
||||
buildSecrets: json("buildSecrets").$type<Record<string, string>>(),
|
||||
memoryReservation: text("memoryReservation"),
|
||||
memoryLimit: text("memoryLimit"),
|
||||
cpuReservation: text("cpuReservation"),
|
||||
@@ -353,6 +354,7 @@ const createSchema = createInsertSchema(applications, {
|
||||
autoDeploy: z.boolean(),
|
||||
env: z.string().optional(),
|
||||
buildArgs: z.string().optional(),
|
||||
buildSecrets: z.record(z.string(), z.string()).optional(),
|
||||
name: z.string().min(1),
|
||||
description: z.string().optional(),
|
||||
memoryReservation: z.string().optional(),
|
||||
@@ -499,11 +501,12 @@ export const apiSaveGitProvider = createSchema
|
||||
}),
|
||||
);
|
||||
|
||||
export const apiSaveEnvironmentVariables = createSchema
|
||||
.pick({
|
||||
applicationId: true,
|
||||
env: true,
|
||||
buildArgs: true,
|
||||
export const apiSaveEnvironmentVariables = z
|
||||
.object({
|
||||
applicationId: z.string(),
|
||||
env: z.string().optional(),
|
||||
buildArgs: z.string().optional(),
|
||||
buildSecrets: z.record(z.string(), z.string()).optional(),
|
||||
})
|
||||
.required();
|
||||
|
||||
|
||||
@@ -149,6 +149,7 @@ table application {
|
||||
previewLimit integer [default: 3]
|
||||
isPreviewDeploymentsActive boolean [default: false]
|
||||
buildArgs text
|
||||
buildSecrets json
|
||||
memoryReservation text
|
||||
memoryLimit text
|
||||
cpuReservation text
|
||||
|
||||
@@ -12,8 +12,14 @@ export const buildCustomDocker = async (
|
||||
application: ApplicationNested,
|
||||
writeStream: WriteStream,
|
||||
) => {
|
||||
const { appName, env, publishDirectory, buildArgs, dockerBuildStage } =
|
||||
application;
|
||||
const {
|
||||
appName,
|
||||
env,
|
||||
publishDirectory,
|
||||
buildArgs,
|
||||
buildSecrets,
|
||||
dockerBuildStage,
|
||||
} = application;
|
||||
const dockerFilePath = getBuildAppDirectory(application);
|
||||
try {
|
||||
const image = `${appName}`;
|
||||
@@ -25,6 +31,10 @@ export const buildCustomDocker = async (
|
||||
application.project.env,
|
||||
);
|
||||
|
||||
const secrets = buildSecrets
|
||||
? Object.entries(buildSecrets).map(([key, value]) => `${key}=${value}`)
|
||||
: [];
|
||||
|
||||
const dockerContextPath = getDockerContextPath(application);
|
||||
|
||||
const commandArgs = ["build", "-t", image, "-f", dockerFilePath, "."];
|
||||
@@ -36,6 +46,12 @@ export const buildCustomDocker = async (
|
||||
for (const arg of args) {
|
||||
commandArgs.push("--build-arg", arg);
|
||||
}
|
||||
|
||||
for (const secret of secrets) {
|
||||
const [key] = secret.split("=");
|
||||
commandArgs.push("--secret", `id=${key},env=${key}`);
|
||||
}
|
||||
|
||||
/*
|
||||
Do not generate an environment file when publishDirectory is specified,
|
||||
as it could be publicly exposed.
|
||||
@@ -54,6 +70,10 @@ export const buildCustomDocker = async (
|
||||
},
|
||||
{
|
||||
cwd: dockerContextPath || defaultContextPath,
|
||||
env: {
|
||||
...process.env,
|
||||
...Object.fromEntries(secrets.map((s) => s.split("="))),
|
||||
},
|
||||
},
|
||||
);
|
||||
} catch (error) {
|
||||
@@ -65,8 +85,14 @@ export const getDockerCommand = (
|
||||
application: ApplicationNested,
|
||||
logPath: string,
|
||||
) => {
|
||||
const { appName, env, publishDirectory, buildArgs, dockerBuildStage } =
|
||||
application;
|
||||
const {
|
||||
appName,
|
||||
env,
|
||||
publishDirectory,
|
||||
buildArgs,
|
||||
buildSecrets,
|
||||
dockerBuildStage,
|
||||
} = application;
|
||||
const dockerFilePath = getBuildAppDirectory(application);
|
||||
|
||||
try {
|
||||
@@ -79,6 +105,10 @@ export const getDockerCommand = (
|
||||
application.project.env,
|
||||
);
|
||||
|
||||
const secrets = buildSecrets
|
||||
? Object.entries(buildSecrets).map(([key, value]) => `${key}=${value}`)
|
||||
: [];
|
||||
|
||||
const dockerContextPath =
|
||||
getDockerContextPath(application) || defaultContextPath;
|
||||
|
||||
@@ -92,6 +122,11 @@ export const getDockerCommand = (
|
||||
commandArgs.push("--build-arg", arg);
|
||||
}
|
||||
|
||||
for (const secret of secrets) {
|
||||
const [key] = secret.split("=");
|
||||
commandArgs.push("--secret", `id=${key},env=${key}`);
|
||||
}
|
||||
|
||||
/*
|
||||
Do not generate an environment file when publishDirectory is specified,
|
||||
as it could be publicly exposed.
|
||||
@@ -105,6 +140,14 @@ export const getDockerCommand = (
|
||||
);
|
||||
}
|
||||
|
||||
// Export secrets as environment variables
|
||||
if (secrets.length > 0) {
|
||||
command += "\n# Export build secrets\n";
|
||||
for (const secret of secrets) {
|
||||
command += `export ${secret}\n`;
|
||||
}
|
||||
}
|
||||
|
||||
command += `
|
||||
echo "Building ${appName}" >> ${logPath};
|
||||
cd ${dockerContextPath} >> ${logPath} 2>> ${logPath} || {
|
||||
|
||||
Reference in New Issue
Block a user