We have a use case where it might be nice to have the use of a secret in the image name that is being used for the build step. Any thoughts on this?
Secrets are injected into containers as environment variables, and are not available for string substitution, which would be required for dynamic image naming.
I think the best option is to use an upcoming feature called mutation webhooks, which allow you to use a webhook to extend or override the default system behavior. In this case, you would be overriding the default behavior used to fetch the yaml from github, and replacing it with your own custom logic, which could apply customizations as described in your post.