hadolint · aegypius · Oct 10, 2024
diff --git a/src/Language/Docker/Parser/Run.hs b/src/Language/Docker/Parser/Run.hs
@@ -19,7 +19,8 @@ data RunFlag
   deriving (Show)
 
 data RunMountArg
-  = MountArgFromImage Text
+  = MountArgEnv Text
+  | MountArgFromImage Text
   | MountArgId Text
   | MountArgMode Text
   | MountArgReadOnly Bool
@@ -161,13 +162,14 @@ secretMount args =
     Left e -> customError e
     Right as -> return $ foldr secretOpts def as
   where
-    allowed = Set.fromList ["target", "id", "required", "source", "mode", "uid", "gid"]
+    allowed = Set.fromList ["target", "id", "required", "source", "mode", "uid", "gid", "env"]
     required = Set.empty
     secretOpts :: RunMountArg -> SecretOpts -> SecretOpts
     secretOpts (MountArgTarget path) co = co {sTarget = Just path}
     secretOpts (MountArgId i) co = co {sCacheId = Just i}
     secretOpts (MountArgRequired r) co = co {sIsRequired = Just r}
     secretOpts (MountArgSource path) co = co {sSource = Just path}
+    secretOpts (MountArgEnv e) co = co {sEnv = Just e}
     secretOpts (MountArgMode m) co = co {sMode = Just m}
     secretOpts (MountArgUid u) co = co {sUid = Just u}
     secretOpts (MountArgGid g) co = co {sGid = Just g}
@@ -223,7 +225,8 @@ mountChoices mountType =
           mountArgSource,
           mountArgMode,
           mountArgUid,
-          mountArgGid
+          mountArgGid,
+          mountArgEnv
         ]
 
 stringArg :: (?esc :: Char) => Parser Text
@@ -239,6 +242,9 @@ cacheSharing :: Parser CacheSharing
 cacheSharing =
   choice [Private <$ string "private", Shared <$ string "shared", Locked <$ string "locked"]
 
+mountArgEnv :: (?esc :: Char) => Parser RunMountArg
+mountArgEnv = MountArgEnv <$> key "env" stringArg
+
 mountArgFromImage :: (?esc :: Char) => Parser RunMountArg
 mountArgFromImage = MountArgFromImage <$> key "from" stringArg
 
@@ -317,6 +323,7 @@ mountArgUid :: (?esc :: Char) => Parser RunMountArg
 mountArgUid = MountArgUid <$> key "uid" stringArg
 
 toArgName :: RunMountArg -> Text
+toArgName (MountArgEnv _) = "env"
 toArgName (MountArgFromImage _) = "from"
 toArgName (MountArgGid _) = "gid"
 toArgName (MountArgId _) = "id"

diff --git a/src/Language/Docker/Syntax.hs b/src/Language/Docker/Syntax.hs
@@ -297,14 +297,15 @@ data SecretOpts
         sCacheId :: !(Maybe Text),
         sIsRequired :: !(Maybe Bool),
         sSource :: !(Maybe SourcePath),
+        sEnv :: !(Maybe Text),
         sMode :: !(Maybe Text),
         sUid :: !(Maybe Text),
         sGid :: !(Maybe Text)
       }
   deriving (Eq, Show, Ord)
 
 instance Default SecretOpts where
-  def = SecretOpts Nothing Nothing Nothing Nothing Nothing Nothing Nothing
+  def = SecretOpts Nothing Nothing Nothing Nothing Nothing Nothing Nothing Nothing
 
 data CacheSharing
   = Shared

diff --git a/test/Language/Docker/ParseRunSpec.hs b/test/Language/Docker/ParseRunSpec.hs
@@ -186,14 +186,15 @@ spec = do
             [ Run $ RunArgs (ArgumentsText "echo foo") flags
             ]
     it "--mount=type=secret all modifiers" $
-      let file = Text.unlines ["RUN --mount=type=secret,target=/foo,id=a,required,source=/bar,mode=0700,uid=0,gid=0 echo foo"]
+      let file = Text.unlines ["RUN --mount=type=secret,target=/foo,env=baz,id=a,required,source=/bar,mode=0700,uid=0,gid=0 echo foo"]
           flags =
             def
               { mount =
                   Set.singleton $
                     SecretMount
                       ( def
                           { sTarget = Just "/foo",
+                            sEnv = Just "baz",
                             sCacheId = Just "a",
                             sIsRequired = Just True,
                             sSource = Just "/bar",
@@ -208,14 +209,15 @@ spec = do
             [ Run $ RunArgs (ArgumentsText "echo foo") flags
             ]
     it "--mount=type=secret all modifiers, required explicit" $
-      let file = Text.unlines ["RUN --mount=type=secret,target=/foo,id=a,required=true,source=/bar,mode=0700,uid=0,gid=0 echo foo"]
+      let file = Text.unlines ["RUN --mount=type=secret,target=/foo,env=baz,id=a,required=true,source=/bar,mode=0700,uid=0,gid=0 echo foo"]
           flags =
             def
               { mount =
                   Set.singleton $
                     SecretMount
                       ( def
                           { sTarget = Just "/foo",
+                            sEnv = Just "baz",
                             sCacheId = Just "a",
                             sIsRequired = Just True,
                             sSource = Just "/bar",