The secrets are not being applied in docker/build-push-action

Question

I attempted to verify if the secrets were correctly applied based on this link, but contrary to my expectations, it did not work.

Here is a question similar to mine: Pass secrets from git action to docker image as env variable

• Workflow

        - uses: docker/setup-qemu-action@v3
        - uses: docker/setup-buildx-action@v3
        - uses: docker/build-push-action@v5
          with:
            context: apps/vc-screening-service
            platforms: linux/amd64,linux/arm64
            push: true
            tags: ${{ steps.meta.outputs.tags }}
            secrets: |
              "VC_MYSQL_USER=${{ secrets.VC_MYSQL_USER }}"
  

• Dockerfile

  # syntax=docker/dockerfile:1
  FROM alpine
  RUN --mount=type=secret,id=VC_MYSQL_USER \
    VC_MYSQL_USER=$(cat /run/secrets/VC_MYSQL_USER)
  
  

• GitHub Actions output

  

• Docker run output:

  docker run -it 997245385850.dkr.ecr.ap-northeast-2.amazonaws.com/dev/vc-screening-service:latest sh
  / # env
  HOSTNAME=6a893ca9c566
  SHLVL=1
  HOME=/root
  TERM=xterm
  PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
  PWD=/
  / # 
  
  

The environment variable VC_MYSQL_USER is missing. What did I do wrong here?

Answer 1

  - uses: docker/build-push-action@v5
    with:
      context: apps/vc-screening-service
      build-args: |
        "VC_MYSQL_USER=${{ secrets.VC_MYSQL_USER }}" 
      platforms: linux/amd64,linux/arm64
      push: true
      tags: ${{ steps.meta.outputs.tags }}
      secrets: |
        "VC_MYSQL_USER=${{ secrets.VC_MYSQL_USER }}"

You were not passing passing VC_MYSQL_USER as a build argument, you need to add ARG VC_MYSQL_USER in your dockerfile as well

# syntax=docker/dockerfile:1
FROM alpine
ARG VC_MYSQL_USER 
RUN --mount=type=secret,id=$VC_MYSQL_USER \
  VC_MYSQL_USER=$(cat /run/secrets/$VC_MYSQL_USER)