The secrets are not being applied in docker/build-push-action

320 views Asked by At

I attempted to verify if the secrets were correctly applied based on this link, but contrary to my expectations, it did not work.

Here is a question similar to mine: Pass secrets from git action to docker image as env variable

  • Workflow

          - uses: docker/setup-qemu-action@v3
          - uses: docker/setup-buildx-action@v3
          - uses: docker/build-push-action@v5
            with:
              context: apps/vc-screening-service
              platforms: linux/amd64,linux/arm64
              push: true
              tags: ${{ steps.meta.outputs.tags }}
              secrets: |
                "VC_MYSQL_USER=${{ secrets.VC_MYSQL_USER }}"
    
  • Dockerfile

    # syntax=docker/dockerfile:1
    FROM alpine
    RUN --mount=type=secret,id=VC_MYSQL_USER \
      VC_MYSQL_USER=$(cat /run/secrets/VC_MYSQL_USER)
    
    
  • GitHub Actions output

    enter image description here

  • Docker run output:

    docker run -it 997245385850.dkr.ecr.ap-northeast-2.amazonaws.com/dev/vc-screening-service:latest sh
    / # env
    HOSTNAME=6a893ca9c566
    SHLVL=1
    HOME=/root
    TERM=xterm
    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    PWD=/
    / # 
    
    

The environment variable VC_MYSQL_USER is missing. What did I do wrong here?

1

There are 1 answers

0
Dayananda D R On
  - uses: docker/build-push-action@v5
    with:
      context: apps/vc-screening-service
      build-args: |
        "VC_MYSQL_USER=${{ secrets.VC_MYSQL_USER }}" 
      platforms: linux/amd64,linux/arm64
      push: true
      tags: ${{ steps.meta.outputs.tags }}
      secrets: |
        "VC_MYSQL_USER=${{ secrets.VC_MYSQL_USER }}"

You were not passing passing VC_MYSQL_USER as a build argument, you need to add ARG VC_MYSQL_USER in your dockerfile as well

# syntax=docker/dockerfile:1
FROM alpine
ARG VC_MYSQL_USER 
RUN --mount=type=secret,id=$VC_MYSQL_USER \
  VC_MYSQL_USER=$(cat /run/secrets/$VC_MYSQL_USER)