Add support for multiple Buildkit secrets with env vars or files as source

[ste93cry]

#356 introduced the possibility to use the Buildkit secrets feature when building the Docker image. However, it's not possible to specify more than one secret due to the fact that the setting is a simple string that gets used as value of the --secret CLI arg. I wasn't also happy with the fact that the secret setting was basically just the plain value of the arg, leading people to need the knowledge of the syntax of the docker build command to use it. For this reason, I splitted the setting into two: secrets_from_env and secrets_from_file. These new settings are just a list of strings in the format key=value, where the key is the name of the secret and the value can be the name of an environment variable or a file path. This PR also supersedes #332 somewhat.

Example usage

• Dockerfile:

  # syntax=docker/dockerfile:1.2
  FROM alpine
  RUN --mount=type=secret,id=foo_secret cat /run/secrets/foo_secret
  RUN --mount=type=secret,id=bar_secret cat /run/secrets/bar_secret
  RUN --mount=type=secret,id=baz_secret cat /run/secrets/baz_secret

• .drone.yml

  kind: pipeline
  type: docker
  name: test
  
  steps:
    - name: dist
      image: plugins/drone-docker
      environment:
        FOO_SECRET:
          from_secret: FOO_SECRET
        BAR_SECRET:
          from_secret: BAR_SECRET
      settings:
        secrets_from_env:
          - foo_secret=FOO_SECRET
          - bar_secret=BAR_SECRET
        secrets_from_file:
          - baz_secret=baz_secret.txt

[ste93cry]

@tphoney @eoinmcafee00 @d1wilko @mrsantons it's now almost two months that I'm trying to draw the attention of someone at @harness to get this PR reviewed as it would be really useful for my job. Please, can someone of you do something about it?

[MarieReRe]

Hey @ste93cry I am just finishing the meeting with the Drone team and you should be able to used the forked version in the interim until we review and merge this PR in.

This is one of our core plug-in so we will need to pull it down and test it. Let me know if this helps and thanks for your contribution.

[ste93cry]

Thank you for your answer. For what's worth, I've tested the changes on Linux and they work as expected, and if you take a look at what I'm doing is basically just splitting an existing option into two, so no new features here, just a different way to use an existing one

This is one of our core plug-in so we will need to pull it down and test it

Sure, I understand. I just hope that you can do that without letting another month pass, because while it's definitely true that I can use my own forked version of the plugin, I don't want to do that more than necessary

[ste93cry]

Given that there have been a few things merged into master since the last stable release, can I expect one shortly?

[tphoney]

not right away, we generally run new changes on latest for a while to soak new features. Before doing a versioned release. Generally this is done for a week or so.

[ste93cry]

Now that a week and an half passed and because I want to avoid the :latest tag because it makes hard to track which image is being used for a pipeline run, do you think you can publish a stable release?

[tphoney]

on it 👍

[tphoney]

@ste93cry release prep is done, and ready to go. unfortunately, a few other things have taken priority, i am waiting on a team mates to get this merged and they are both unavailable. we will get this sorted on monday at latest
https://github.com/drone-plugins/drone-docker/pull/363/files

[ste93cry]

Ok, thank you for the update!

[tphoney]

@ste93cry https://github.com/drone-plugins/drone-docker/releases/tag/v20.12.0 done

[ste93cry]

Thank you, much appreciated 🥳