Allow ssh entitlement for bake

2026-01-05 13:02:11 +01:00
parent 91ab1aaac0
commit 4f00812999
1 changed files with 5 additions and 1 deletions
--- a/.github/workflows/docker-build-publish.yml
+++ b/.github/workflows/docker-build-publish.yml
@@ -111,6 +111,10 @@ jobs:
          if [ -n "${SSH_AUTH_SOCK:-}" ]; then
            SSH_BAKE_JSON='["default"]'
          fi
+          BAKE_ALLOW_FLAGS=()
+          if [ -n "${SSH_AUTH_SOCK:-}" ]; then
+            BAKE_ALLOW_FLAGS+=(--allow=ssh)
+          fi

          RAW_REF="${{ github.ref }}"
          SHA_FULL="${{ github.sha }}"
@@ -211,7 +215,7 @@ jobs:
              BAKE_FILE=$(mktemp)
              echo "$BAKE_JSON" > "$BAKE_FILE"

-              docker buildx bake --file "$BAKE_FILE" --push
+              docker buildx bake --file "$BAKE_FILE" --push "${BAKE_ALLOW_FLAGS[@]}"
              rm -f "$BAKE_FILE"

              while read -r img; do