diff --git a/.github/workflows/docker-ci.yml b/.github/workflows/docker-ci.yml index 41523dd14..3315eb6c1 100644 --- a/.github/workflows/docker-ci.yml +++ b/.github/workflows/docker-ci.yml @@ -30,9 +30,10 @@ jobs: - name: Build ${{ matrix.configuration }} Docker image from ${{ matrix.file }} uses: docker/build-push-action@v5.3.0 with: + build-args: CONFIGURATION=${{ matrix.configuration }} context: . file: ${{ matrix.file }} platforms: ${{ env.PLATFORMS }} - build-args: | - CONFIGURATION=${{ matrix.configuration }} - STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }} + provenance: true + sbom: true + secrets: STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }} diff --git a/.github/workflows/docker-publish-latest.yml b/.github/workflows/docker-publish-latest.yml index 72cfac15e..56d966b05 100644 --- a/.github/workflows/docker-publish-latest.yml +++ b/.github/workflows/docker-publish-latest.yml @@ -64,7 +64,9 @@ jobs: context: . file: Dockerfile.Service platforms: ${{ env.PLATFORMS }} - build-args: STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }} + provenance: true + sbom: true + secrets: STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }} labels: | org.opencontainers.image.created=${{ env.DATE_ISO8601 }} org.opencontainers.image.version=${{ env.FIXED_TAG }} diff --git a/.github/workflows/docker-publish-main.yml b/.github/workflows/docker-publish-main.yml index 806931314..65adfb058 100644 --- a/.github/workflows/docker-publish-main.yml +++ b/.github/workflows/docker-publish-main.yml @@ -63,7 +63,9 @@ jobs: with: context: . platforms: ${{ env.PLATFORMS }} - build-args: STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }} + provenance: true + sbom: true + secrets: STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }} labels: | org.opencontainers.image.created=${{ env.DATE_ISO8601 }} org.opencontainers.image.version=${{ github.sha }} diff --git a/.github/workflows/docker-publish-released.yml b/.github/workflows/docker-publish-released.yml index 7046643e4..5899da4b5 100644 --- a/.github/workflows/docker-publish-released.yml +++ b/.github/workflows/docker-publish-released.yml @@ -64,7 +64,9 @@ jobs: with: context: . platforms: ${{ env.PLATFORMS }} - build-args: STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }} + provenance: true + sbom: true + secrets: STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }} labels: | org.opencontainers.image.created=${{ env.DATE_ISO8601 }} org.opencontainers.image.version=${{ env.FIXED_TAG }} diff --git a/Dockerfile b/Dockerfile index 148e580c1..a5fe36d88 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,6 @@ RUN set -eu; \ FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0${IMAGESUFFIX} AS build-dotnet ARG CONFIGURATION=Release -ARG STEAM_TOKEN_DUMPER_TOKEN ARG TARGETARCH ARG TARGETOS ENV DOTNET_CLI_TELEMETRY_OPTOUT true @@ -29,7 +28,7 @@ COPY .editorconfig .editorconfig COPY Directory.Build.props Directory.Build.props COPY Directory.Packages.props Directory.Packages.props COPY LICENSE.txt LICENSE.txt -RUN set -eu; \ +RUN --mount=type=secret,id=STEAM_TOKEN_DUMPER_TOKEN set -eu; \ dotnet --info; \ \ case "$TARGETOS" in \ @@ -46,8 +45,16 @@ RUN set -eu; \ \ dotnet publish ArchiSteamFarm -c "$CONFIGURATION" -o "out" -p:ASFVariant=docker -p:ContinuousIntegrationBuild=true -p:UseAppHost=false -r "$asf_variant" --nologo --no-self-contained; \ \ - if [ -n "${STEAM_TOKEN_DUMPER_TOKEN-}" ] && [ -f "ArchiSteamFarm.OfficialPlugins.SteamTokenDumper/SharedInfo.cs" ]; then \ - sed -i "s/STEAM_TOKEN_DUMPER_TOKEN/${STEAM_TOKEN_DUMPER_TOKEN}/g" "ArchiSteamFarm.OfficialPlugins.SteamTokenDumper/SharedInfo.cs"; \ + if [ -f "/run/secrets/STEAM_TOKEN_DUMPER_TOKEN" ]; then \ + STEAM_TOKEN_DUMPER_TOKEN="$(cat "/run/secrets/STEAM_TOKEN_DUMPER_TOKEN")"; \ + \ + if [ -n "$STEAM_TOKEN_DUMPER_TOKEN" ] && [ -f "ArchiSteamFarm.OfficialPlugins.SteamTokenDumper/SharedInfo.cs" ]; then \ + sed -i "s/STEAM_TOKEN_DUMPER_TOKEN/${STEAM_TOKEN_DUMPER_TOKEN}/g" "ArchiSteamFarm.OfficialPlugins.SteamTokenDumper/SharedInfo.cs"; \ + else \ + echo "WARN: STEAM_TOKEN_DUMPER_TOKEN not applied!"; \ + fi; \ + else \ + echo "WARN: No STEAM_TOKEN_DUMPER_TOKEN provided!"; \ fi; \ \ for plugin in $PLUGINS_BUNDLED; do \ diff --git a/Dockerfile.Service b/Dockerfile.Service index b2b2d5632..00a79135d 100644 --- a/Dockerfile.Service +++ b/Dockerfile.Service @@ -12,7 +12,6 @@ RUN set -eu; \ FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0${IMAGESUFFIX} AS build-dotnet ARG CONFIGURATION=Release -ARG STEAM_TOKEN_DUMPER_TOKEN ARG TARGETARCH ARG TARGETOS ENV DOTNET_CLI_TELEMETRY_OPTOUT true @@ -29,7 +28,7 @@ COPY .editorconfig .editorconfig COPY Directory.Build.props Directory.Build.props COPY Directory.Packages.props Directory.Packages.props COPY LICENSE.txt LICENSE.txt -RUN set -eu; \ +RUN --mount=type=secret,id=STEAM_TOKEN_DUMPER_TOKEN set -eu; \ dotnet --info; \ \ case "$TARGETOS" in \ @@ -46,8 +45,16 @@ RUN set -eu; \ \ dotnet publish ArchiSteamFarm -c "$CONFIGURATION" -o "out" "-p:ASFVariant=${asf_variant}" -p:ContinuousIntegrationBuild=true -p:PublishSingleFile=true -p:PublishTrimmed=true -r "$asf_variant" --nologo --self-contained; \ \ - if [ -n "${STEAM_TOKEN_DUMPER_TOKEN-}" ] && [ -f "ArchiSteamFarm.OfficialPlugins.SteamTokenDumper/SharedInfo.cs" ]; then \ - sed -i "s/STEAM_TOKEN_DUMPER_TOKEN/${STEAM_TOKEN_DUMPER_TOKEN}/g" "ArchiSteamFarm.OfficialPlugins.SteamTokenDumper/SharedInfo.cs"; \ + if [ -f "/run/secrets/STEAM_TOKEN_DUMPER_TOKEN" ]; then \ + STEAM_TOKEN_DUMPER_TOKEN="$(cat "/run/secrets/STEAM_TOKEN_DUMPER_TOKEN")"; \ + \ + if [ -n "STEAM_TOKEN_DUMPER_TOKEN" ] && [ -f "ArchiSteamFarm.OfficialPlugins.SteamTokenDumper/SharedInfo.cs" ]; then \ + sed -i "s/STEAM_TOKEN_DUMPER_TOKEN/${STEAM_TOKEN_DUMPER_TOKEN}/g" "ArchiSteamFarm.OfficialPlugins.SteamTokenDumper/SharedInfo.cs"; \ + else \ + echo "WARN: STEAM_TOKEN_DUMPER_TOKEN not applied!"; \ + fi; \ + else \ + echo "WARN: No STEAM_TOKEN_DUMPER_TOKEN provided!"; \ fi; \ \ for plugin in $PLUGINS_BUNDLED; do \