feat(compose): Add suport for build secrets in compose file

nurof3n · nurof3n · commit 9d060f318784 · 2025-10-09T13:31:10.000+03:00
Signed-off-by: Alex-Andrei Cioc &lt;andrei.cioc@unikraft.io&gt;
diff --git a/initrd/dockerfile.go b/initrd/dockerfile.go
@@ -437,13 +437,32 @@ func (initrd *dockerfile) Build(ctx context.Context) (string, error) {
 		},
 	}
 
-	fs := make([]secretsprovider.Source, 0, len(buildSecrets))
+	// Add build secrets from the build config
+	secretsMap := make(map[string]secretsprovider.Source)
+	if initrd.opts.buildConfig.Secrets != nil {
+		for _, v := range initrd.opts.buildConfig.Secrets {
+			secretsMap[v.Name] = secretsprovider.Source{
+				ID:       v.Name,
+				FilePath: v.File,
+				Env:      v.Env,
+			}
+		}
+	}
+
+	// Override build secrets from the command line
 	for _, v := range buildSecrets {
 		s, err := parseSecret(v)
 		if err != nil {
 			return "", err
 		}
-		fs = append(fs, *s)
+		secretsMap[s.ID] = *s
+	}
+
+	// Convert map to slice
+	fs := make([]secretsprovider.Source, 0, len(secretsMap))
+	for _, secret := range secretsMap {
+		fs = append(fs, secret)
+		fmt.Printf(" - %s: %s\n", secret.ID, secret.FilePath)
 	}
 
 	secretStore, err := secretsprovider.NewStore(fs)
diff --git a/initrd/options.go b/initrd/options.go
@@ -4,9 +4,16 @@
 // You may not use this file except in compliance with the License.
 package initrd
 
+type InitrdBuildSecret struct {
+	Name string
+	File string
+	Env  string
+}
+
 type InitrdBuildConfig struct {
-	Args   map[string]*string
-	Target string
+	Args    map[string]*string
+	Target  string
+	Secrets map[string]InitrdBuildSecret
 }
 
 type InitrdOptions struct {
diff --git a/internal/cli/kraft/cloud/compose/build/build.go b/internal/cli/kraft/cloud/compose/build/build.go
@@ -22,6 +22,7 @@ import (
 	"kraftkit.sh/cmdfactory"
 	"kraftkit.sh/compose"
 	"kraftkit.sh/config"
+	"kraftkit.sh/initrd"
 	"kraftkit.sh/internal/cli/kraft/build"
 	"kraftkit.sh/internal/cli/kraft/cloud/utils"
 	"kraftkit.sh/internal/cli/kraft/pkg"
@@ -260,6 +261,18 @@ func Build(ctx context.Context, opts *BuildOptions, args ...string) error {
 			popts.BuildConfig.Args = service.Build.Args
 			bopts.BuildConfig.Target = service.Build.Target
 			popts.BuildConfig.Target = service.Build.Target
+			bopts.BuildConfig.Secrets = map[string]initrd.InitrdBuildSecret{}
+			popts.BuildConfig.Secrets = map[string]initrd.InitrdBuildSecret{}
+			for _, secretRef := range service.Build.Secrets {
+				if secret, ok := opts.Project.Secrets[secretRef.Source]; ok {
+					bopts.BuildConfig.Secrets[secretRef.Source] = initrd.InitrdBuildSecret{
+						Name: secret.Name,
+						File: secret.File,
+						Env:  secret.Environment,
+					}
+					popts.BuildConfig.Secrets[secretRef.Source] = bopts.BuildConfig.Secrets[secretRef.Source]
+				}
+			}
 			bopts.Workdir = service.Build.Context
 			popts.Workdir = service.Build.Context
 			bopts.Project = project
