Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Whitespace trimmed from multi-line secrets input #1242

Open
3 tasks done
jshbrntt opened this issue Oct 21, 2024 · 0 comments
Open
3 tasks done

Whitespace trimmed from multi-line secrets input #1242

jshbrntt opened this issue Oct 21, 2024 · 0 comments
Labels
status/needs-investigation

Comments

@jshbrntt
Copy link

Contributing guidelines

I've found a bug, and:

  • The documentation does not mention anything about my problem
  • There are no open or closed issues that are related to my problem

Description

When passing a mutli-line secret as specified in this documentation.

If the secret contains new line characters at the end, they will be trimmed leading to a malformed secret value during the docker build step.

This is problematic for secrets with significant whitespace such as private SSH keys.

Expected behaviour

The output of xxd in the docker build step should contain the whitespace declared as part of the secrets input variable.

00000000: 5445 5354 4553 5454 4553 5445 5354 5445  TESTESTTESTESTTE
00000010: 5354 4553 5454 4553 5445 5354 0a54 4553  STESTTESTEST.TES
00000020: 5445 5354 5445 5354 4553 5454 4553 5445  TESTTESTESTTESTE
00000030: 5354 5445 5354 4553 540a 5445 5354 4553  STTESTEST.TESTES
00000040: 5454 4553 5445 5354 5445 5354 4553 5454  TTESTESTTESTESTT
00000050: 4553 5445 5354 0a0a 0a0a                 ESTEST....

As it does when you pass a file (containing trailing whitespace) through a secret mount.

Actual behaviour

Inside the docker build step.

# ...
RUN --mount=type=secret,id=PRIVATE_SSH_KEY,target=/root/.ssh/id_rsa \
xxd /root/.ssh/id_rsa

The output of this step is the following (notice the lack of newline characters at the end)

#8 [ubuntu-base 4/4] RUN --mount=type=secret,id=PRIVATE_SSH_KEY,target=/root/.ssh/id_rsa xxd /root/.ssh/id_rsa
#8 0.045 00000000: 5445 5354 4553 5454 4553 5445 5354 5445  TESTESTTESTESTTE
#8 0.045 00000010: 5354 4553 5454 4553 5445 5354 0a54 4553  STESTTESTEST.TES
#8 0.045 00000020: 5445 5354 5445 5354 4553 5454 4553 5445  TESTTESTESTTESTE
#8 0.045 00000030: 5354 5445 5354 4553 540a 5445 5354 4553  STTESTEST.TESTES
#8 0.045 00000040: 5454 4553 5445 5354 5445 5354 4553 5454  TTESTESTTESTESTT
#8 0.045 00000050: 4553 5445 5354                           ESTEST

Repository URL

No response

Workflow run URL

No response

YAML workflow

    - uses: docker/build-push-action@v6
      with:
        secrets: |
          "PRIVATE_SSH_KEY=TESTESTTESTESTTESTESTTESTEST
          TESTESTTESTESTTESTESTTESTEST
          TESTESTTESTESTTESTESTTESTEST


            
          "

Workflow logs

No response

BuildKit logs

No response

Additional info

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status/needs-investigation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jshbrntt @crazy-max