Home > OS >  Application does not retrieve secrets from github through docker build
Application does not retrieve secrets from github through docker build

Time:10-20

I have the following github action to build and publish docker image:

      # Build and push Docker image with Buildx (don't push on PR)
  # https://github.com/docker/build-push-action
  - name: Build and push Docker image
    uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
    with:
      context: .
      push: ${{ github.event_name != 'pull_request' }}
      tags: ${{ steps.meta.outputs.tags }}
      labels: ${{ steps.meta.outputs.labels }}
      secrets: |
        "AUTHORITY=${{ secrets.AUTHORITY }}"
        "CLIENTID=${{ secrets.CLIENTID }}"

These are supposed to be carried over to the Dockerfile:

# Build runtime image
FROM mcr.microsoft.com/dotnet/aspnet:5.0
RUN --mount=type=secret,id=AUTHORITY \
    --mount=type=secret,id=CLIENTID \
    export AUTHORITY=$(cat /run/secrets/AUTHORITY) && \
    export CLIENTID=$(cat /run/secrets/CLIENTID) && \
WORKDIR /ProjectName/App

This appears to create a var/run/secrets folder, but there are no contents within it. If I ommit this entire RUN --mount part, the secrets folder is not created.

Furthermore, I'm trying to access this configuration in my startup.cs:

        {
            Environment.SetEnvironmentVariable("AUTHORITY", Configuration["AUTHORITY"]);
            Environment.SetEnvironmentVariable("CLIENTID", Configuration["CLIENTID"]);
        }

Not sure if this is the right way, but when I run the docker image and visit localhost to see if it works, it throws an error related to redirectring to the Open ID Authority because these environment variables end up as empty strings. Figuring out how to to do the last part is futile anyways because I think the secrets are lost in the Dockerfile step. I need to make that part work to figure out the last part. So that is mainly the issue at this moment.

Any clues?

CodePudding user response:

You can use ARGS to solve the problem.

Below code snippet might help you.

  - name: build docker image
    run: docker build -t ${{ steps.meta.outputs.tags }} --build-arg AUTHORITY=$AUTHORITY -- build-arg CLIENTID=$CLIENTID .
    env:
       CLIENTID: ${{ secrets.CLIENTID }}
       AUTHORITY: ${{ secrets.AUTHORITY }}

And in Dockerfile, add these

# Build runtime image
FROM mcr.microsoft.com/dotnet/aspnet:5.0
ARGS AUTHORITY
ARGS CLIENTID
WORKDIR /ProjectName/App

  • Related