10

I've been working on setting up a Github Actions workflow to build a docker image. I need to pass environment variables into the image so that my Django project will run correctly. Unfortunately, when I build the image it doesn't receive the values of the variables.

The relevant part of my workflow file:

 - name: Build, tag, and push image to AWS ECR id: build-image env: ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} IMAGE_TAG: ${{ github.sha }} aws_ses_access_key_id: ${{ secrets.AWS_SES_ACCESS_KEY_ID }} aws_ses_secret_access_key: ${{ secrets.AWS_SES_SECRET_ACCESS_KEY }} DATABASE_ENGINE: ${{ secrets.DATABASE_ENGINE }} db_host: ${{ secrets.DB_HOST }} db_password: ${{ secrets.DB_PASSWORD }} db_port: ${{ secrets.DB_PORT }} db_username: ${{ secrets.DB_USERNAME }} django_secret_key: ${{ secrets.DJANGO_SECRET_KEY }} fcm_server_key: ${{ secrets.FCM_SERVER_KEY }} run: | docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_ENV

In my Dockerfile, I've put the following:

ENV aws_ses_access_key_id=$aws_ses_access_key_id aws_ses_secret_access_key=$aws_ses_secret_access_key DATABASE_ENGINE=$DATABASE_ENGINE db_host=$db_host db_password=$db_password db_port=$db_port db_username=$db_username django_secret_key=$django_secret_key fcm_server_key=$fcm_server_key

None of the variables are passing. I've tried using $variable_name and ${variable_name} with no luck. What am I doing wrong?

Improve this question
0

1 Answer 1

Reset to default
9

Using dollar substitution in the value of an ENV instruction in the Dockerfile does not expand to an environment variable of the host on which docker build is called, but instead is replaced with a Docker ARG value, that you can pass via the --build-arg ARG_NAME=ARG_VALUE command line argument to the docker build command and then you can replace the value of ARG_NAME as $ARG_NAME to ARG_VALUE in your ENV instruction.

See: https://docs.docker.com/engine/reference/commandline/build/#set-build-time-variables---build-arg

You can use ENV instructions in a Dockerfile to define variable values. These values persist in the built image. However, often persistence is not what you want. Users want to specify variables differently depending on which host they build an image on. A good example is http_proxy or source versions for pulling intermediate files. The ARG instruction lets Dockerfile authors define values that users can set at build-time using the --build-arg flag

This flag allows you to pass the build-time variables that are accessed like regular environment variables in the RUN instruction of the Dockerfile. Also, these values don’t persist in the intermediate or final images like ENV values do. You must add --build-arg for each build argument.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

It is not recommended to use build-time variables for passing secrets. Build-time variable values are visible to any user of the image with the docker history command. Docker reference
I have tried everything and it doesn't work. Can someone help please?
Edit: I finally found the answer, it was to pass it using --build-args first then set ARG and ENV and then make sure it was passed by running RUN $FOO=BAR Yarn BUILD Examples gists: stackoverflow.com/a/71372749/9490453

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.