I have the following docker run command that I send via ssh from my CI (as the problem also happens when I try it on the server directly I skip all ssh related stuff here).

docker run --name amc-node-be -d -p 10.0.0.3:3000:3000 --mount type=bind,source=/etc/amc-node-be/.env,target=/app/dist/amc-node-be/.env,readonly --restart unless-stopped .../amc-node-be:latest

• The container starts
• the file exists
• but the file is empty

I guess it has something to do with file permissions but I don't understand enough how the permissions of the host leak through to the container using a bind mount or maybe I don't understand linux file permissions enough. On the host I gave read permissions to the docker group on the .env file.

/etc/amc-node-be$ ls -la
total 12
drwxr-x---   2 andymatic docker 4096 Oct  2 10:20 .
drwxr-xr-x  85 root      root   4096 Oct  2 12:13 ..
-rwxr-----   1 andymatic docker  912 Oct  2 09:40 .env

The deploy user is in the docker group

$ sudo -u deploy groups
 docker 

With sudo -u deploy cat /etc/amc-node-be/.env on the host I get the content of the file

docker inspect amc-node-be returns

"Mounts": [
    {
        "Type": "bind",
        "Source": "/etc/amc-node-be/.env",
        "Destination": "/app/dist/amc-node-be/.env",
        "Mode": "",
        "RW": false,
        "Propagation": "rprivate"
    }
]

Any other idea what I do wrong?

CodePudding user response：

I think you should use the --env-file option:

docker run --env-file=.env --name amc-node-be -d -p 10.0.0.3:3000:3000  --restart unless-stopped .../amc-node-be:latest

With env-file you can reference the filename, which is parsed to extract the environment variables to set.