Add docker and env-no-quotes mount formats

.github/workflows/build.yml

@@ -9,7 +9,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v3
       with:
-        go-version: '1.24'
+        go-version: '1.24' # GO_VERSION_DEF
         check-latest: true
     - name: Checkout
       uses: actions/checkout@v1
@@ -26,7 +26,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v3
       with:
-        go-version: '1.24'
+        go-version: '1.24' # GO_VERSION_DEF
         check-latest: true
     - name: Checkout
       uses: actions/checkout@v1

.github/workflows/go-supported-version-check.yml

@@ -0,0 +1,18 @@
+name: Vulncheck
+
+on:
+  pull_request:
+  push:
+  schedule:
+    - cron: "28 1 * * *"
+
+jobs:
+  vulncheck:
+    name: Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - name: Go Supported Version
+        uses: dopplerhq/go-supported-version-check-action@v1
+        with:
+          go-version: "1.24" # GO_VERSION_DEF
+          version-requirement: any-supported

.github/workflows/release-tests.yaml

@@ -17,7 +17,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v3
       with:
-        go-version: '1.24'
+        go-version: '1.24' # GO_VERSION_DEF
         check-latest: true
     - name: Checkout
       uses: actions/checkout@v1

.github/workflows/release.yaml

@@ -23,7 +23,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: "1.24"
+          go-version: "1.24" # GO_VERSION_DEF
           check-latest: true
       - name: Checkout
         uses: actions/checkout@v3

.github/workflows/test.yml

@@ -9,7 +9,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v3
       with:
-        go-version: '1.24'
+        go-version: '1.24' # GO_VERSION_DEF
         check-latest: true
     - name: Install dependencies
       run: sudo DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends expect jq
@@ -31,7 +31,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v3
       with:
-        go-version: '1.24'
+        go-version: '1.24' # GO_VERSION_DEF
         check-latest: true
     - name: Checkout
       uses: actions/checkout@v1

.github/workflows/vulncheck.yml

@@ -19,7 +19,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.24'
+          go-version: '1.24' # GO_VERSION_DEF
           check-latest: true
       - name: Get official govulncheck
         run: go install golang.org/x/vuln/cmd/govulncheck@latest

README.md

@@ -84,3 +84,7 @@ $ doppler configure --all           # view local configuration
 By default, `doppler login` scopes the auth token to the root directory (`--scope=/`). This means that the token will be accessible to projects using the Doppler CLI in any subdirectory. To limit this, specify the `scope` flag during login: `doppler login --scope=./` or `doppler login --scope ~/projects/backend`.
 
 Setup (i.e. `doppler setup`) scopes the selected project and config to the current directory (`--scope=./`). You can also modify this scope with the `scope` flag. Run `doppler help` for more information.
+
+## Go Version
+
+This project defines its Go version in a number of places. If updating the Go version, search for `GO_VERSION_DEF` and ensure that all locations are updated.

go.mod

@@ -1,5 +1,6 @@
 module github.com/DopplerHQ/cli
 
+// GO_VERSION_DEF
 go 1.24
 
 require (
@@ -17,8 +18,8 @@ require (
 	github.com/spf13/cobra v1.7.0
 	github.com/stretchr/testify v1.9.0
 	github.com/zalando/go-keyring v0.2.6
-	golang.org/x/crypto v0.33.0
-	golang.org/x/sync v0.11.0
+	golang.org/x/crypto v0.36.0
+	golang.org/x/sync v0.12.0
 	gopkg.in/gookit/color.v1 v1.1.6
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -50,7 +51,7 @@ require (
 	github.com/spf13/pflag v1.0.5 // indirect
 	go.mongodb.org/mongo-driver v1.10.3 // indirect
 	golang.org/x/exp v0.0.0-20220317015231-48e79f11773a // indirect
-	golang.org/x/sys v0.30.0 // indirect
-	golang.org/x/term v0.29.0 // indirect
-	golang.org/x/text v0.22.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/term v0.30.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
 )

go.sum

@@ -132,6 +132,8 @@ golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
 golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
 golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
 golang.org/x/exp v0.0.0-20220317015231-48e79f11773a h1:DAzrdbxsb5tXNOhMCSwF7ZdfMbW46hE9fSVO6BsmUZM=
 golang.org/x/exp v0.0.0-20220317015231-48e79f11773a/go.mod h1:lgLbSvA5ygNOMpwM/9anMpWVlVJ7Z+cHWq/eFuinpGE=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
@@ -140,6 +142,8 @@ golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
 golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
+golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -151,13 +155,17 @@ golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
 golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
 golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210503060354-a79de5458b56/go.mod h1:tfny5GFUkzUvx4ps4ajbZsCe5lw1metzhBm9T3x7oIY=
 golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
 golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
 golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
 golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
+golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
+golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -166,6 +174,8 @@ golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
 golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

pkg/controllers/secrets.go

@@ -131,6 +131,10 @@ func SecretsToBytes(secrets map[string]string, format string, templateBody strin
 		return []byte(strings.Join(utils.MapToEnvFormat(secrets, true), "\n")), Error{}
 	}
 
+	if format == models.EnvNoQuotesFormat || format == models.DockerFormat {
+		return []byte(strings.Join(utils.MapToEnvFormat(secrets, false), "\n")), Error{}
+	}
+
 	if format == models.JSONMountFormat {
 		envStr, err := json.Marshal(secrets)
 		if err != nil {

pkg/controllers/secrets_test.go

@@ -82,6 +82,18 @@ func TestSecretsToBytes(t *testing.T) {
 		t.Errorf("Unable to convert secrets to byte array in %s format", format)
 	}
 
+	format = "env-no-quotes"
+	bytes, err = SecretsToBytes(secrets, format, "")
+	if !err.IsNil() || string(bytes) != strings.Join([]string{`S1=foo`, `SECRET2=bar`}, "\n") {
+		t.Errorf("Unable to convert secrets to byte array in %s format", format)
+	}
+
+	format = "docker"
+	bytes, err = SecretsToBytes(secrets, format, "")
+	if !err.IsNil() || string(bytes) != strings.Join([]string{`S1=foo`, `SECRET2=bar`}, "\n") {
+		t.Errorf("Unable to convert secrets to byte array in %s format", format)
+	}
+
 	format = "json"
 	bytes, err = SecretsToBytes(secrets, format, "")
 	if !err.IsNil() || string(bytes) != `{"S1":"foo","SECRET2":"bar"}` {

pkg/models/secrets_mount.go

@@ -19,17 +19,23 @@ const JSONMountFormat = "json"
 const EnvMountFormat = "env"
 const TemplateMountFormat = "template"
 const DotNETJSONMountFormat = "dotnet-json"
+const EnvNoQuotesFormat = "env-no-quotes"
+const DockerFormat = "docker"
 
 var SecretsMountFormats = []string{
 	EnvMountFormat,
 	JSONMountFormat,
 	DotNETJSONMountFormat,
 	TemplateMountFormat,
+	EnvNoQuotesFormat,
+	DockerFormat,
 }
 
 var SecretsMountFormatMap = map[string]string{
 	EnvMountFormat:        EnvMountFormat,
 	JSONMountFormat:       JSONMountFormat,
 	DotNETJSONMountFormat: DotNETJSONMountFormat,
 	TemplateMountFormat:   TemplateMountFormat,
+	EnvNoQuotesFormat:     EnvNoQuotesFormat,
+	DockerFormat:          DockerFormat,
 }

salus-config.yaml

@@ -25,4 +25,4 @@ enforced_scanners: "all"
 scanner_configs:
   GoVersionScanner:
     error:
-      min_version: "1.24.0"
+      min_version: "1.24.0" # GO_VERSION_DEF