build(gha): move secrets section to dedicated page

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>

_data/toc.yaml

@@ -1611,6 +1611,8 @@ manuals:
             title: Configuring your builder
           - path: /build/ci/github-actions/multi-platform/
             title: Multi-platform image
+          - path: /build/ci/github-actions/secrets/
+            title: Secrets
           - path: /build/ci/github-actions/cache/
             title: Cache management
           - path: /build/ci/github-actions/examples/

build/ci/github-actions/examples.md

@@ -142,105 +142,6 @@ jobs:
 ```
 {% endraw %}
 
-## Multi-platform images
-
-
-
-## Secrets
-
-In the following example uses and exposes the [`GITHUB_TOKEN` secret](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret){:target="blank" rel="noopener" class=""}
-as provided by GitHub in your workflow.
-
-First, create a `Dockerfile` that uses the secret:
-
-```dockerfile
-# syntax=docker/dockerfile:1
-FROM alpine
-RUN --mount=type=secret,id=github_token \
-  cat /run/secrets/github_token
-```
-
-In this example, the secret name is `github_token`. The following workflow
-exposes this secret using the `secrets` input:
-
-{% raw %}
-```yaml
-name: ci
-
-on:
-  push:
-    branches:
-      - "main"
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Build
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          tags: user/app:latest
-          secrets: |
-            "github_token=${{ secrets.GITHUB_TOKEN }}"
-```
-
-{% endraw %}
-
-> **Note**
->
-> You can also expose a secret file to the build with the `secret-files` input:
->
-> ```yaml
-> secret-files: |
->   "MY_SECRET=./secret.txt"
-> ```
-
-If you're using [GitHub secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets){:target="blank" rel="noopener" class=""}
-and need to handle multi-line value, you will need to place the key-value pair
-between quotes:
-
-{% raw %}
-```yaml
-secrets: |
-  "MYSECRET=${{ secrets.GPG_KEY }}"
-  GIT_AUTH_TOKEN=abcdefghi,jklmno=0123456789
-  "MYSECRET=aaaaaaaa
-  bbbbbbb
-  ccccccccc"
-  FOO=bar
-  "EMPTYLINE=aaaa
-
-  bbbb
-  ccc"
-  "JSON_SECRET={""key1"":""value1"",""key2"":""value2""}"
-```
-{% endraw %}
-
-| Key              | Value                               |
-|------------------|-------------------------------------|
-| `MYSECRET`       | `***********************`           |
-| `GIT_AUTH_TOKEN` | `abcdefghi,jklmno=0123456789`       |
-| `MYSECRET`       | `aaaaaaaa\nbbbbbbb\nccccccccc`      |
-| `FOO`            | `bar`                               |
-| `EMPTYLINE`      | `aaaa\n\nbbbb\nccc`                 |
-| `JSON_SECRET`    | `{"key1":"value1","key2":"value2"}` |
-
-> **Note**
->
-> Double escapes are needed for quote signs.
-
 ## Export image to Docker
 
 You may want your build result to be available in the Docker client through

build/ci/github-actions/secrets.md

@@ -0,0 +1,97 @@
+---
+title: Using secrets with GitHub Actions
+keywords: ci, github actions, gha, buildkit, buildx, secret
+---
+
+In the following example uses and exposes the [`GITHUB_TOKEN` secret](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret){:target="blank" rel="noopener" class=""}
+as provided by GitHub in your workflow.
+
+First, create a `Dockerfile` that uses the secret:
+
+```dockerfile
+# syntax=docker/dockerfile:1
+FROM alpine
+RUN --mount=type=secret,id=github_token \
+  cat /run/secrets/github_token
+```
+
+In this example, the secret name is `github_token`. The following workflow
+exposes this secret using the `secrets` input:
+
+{% raw %}
+```yaml
+name: ci
+
+on:
+  push:
+    branches:
+      - "main"
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Build
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          tags: user/app:latest
+          secrets: |
+            "github_token=${{ secrets.GITHUB_TOKEN }}"
+```
+
+{% endraw %}
+
+> **Note**
+>
+> You can also expose a secret file to the build with the `secret-files` input:
+>
+> ```yaml
+> secret-files: |
+>   "MY_SECRET=./secret.txt"
+> ```
+
+If you're using [GitHub secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets){:target="blank" rel="noopener" class=""}
+and need to handle multi-line value, you will need to place the key-value pair
+between quotes:
+
+{% raw %}
+```yaml
+secrets: |
+  "MYSECRET=${{ secrets.GPG_KEY }}"
+  GIT_AUTH_TOKEN=abcdefghi,jklmno=0123456789
+  "MYSECRET=aaaaaaaa
+  bbbbbbb
+  ccccccccc"
+  FOO=bar
+  "EMPTYLINE=aaaa
+
+  bbbb
+  ccc"
+  "JSON_SECRET={""key1"":""value1"",""key2"":""value2""}"
+```
+{% endraw %}
+
+| Key              | Value                               |
+|------------------|-------------------------------------|
+| `MYSECRET`       | `***********************`           |
+| `GIT_AUTH_TOKEN` | `abcdefghi,jklmno=0123456789`       |
+| `MYSECRET`       | `aaaaaaaa\nbbbbbbb\nccccccccc`      |
+| `FOO`            | `bar`                               |
+| `EMPTYLINE`      | `aaaa\n\nbbbb\nccc`                 |
+| `JSON_SECRET`    | `{"key1":"value1","key2":"value2"}` |
+
+> **Note**
+>
+> Double escapes are needed for quote signs.