https://garden.io logo
Join Discord
Powered by
how do i build a docker image with an --secret bui...
# 🤖|ask-kapa
g
@microscopic-river-74022 how do i build a docker image with an --secret build argument?
m
Please stand by @gentle-umbrella-55872 as I search the knowledge base. I normally take about 20 seconds or so. :wave:
---------------------- To build a Docker image with a 
--secret
build argument using Garden, you can use the 
extraFlags
field in your build specification. Here is an example:
Copy code
yaml
kind: Build
name: my-build
type: container
spec:
  extraFlags:
    - --secret=id=my-token,src=./my-token.txt
In this example, 
my-token
is the ID of the secret, and 
./my-token.txt
is the source file containing the secret. This command is equivalent to the Docker command 
docker build --secret id=my-token,src=./my-token.txt .
. From your Dockerfile, you can reference the secret like so:
Copy code
Dockerfile
RUN --mount=type=secret,id=my-token \
    set "//<registry>/:_authToken=$(cat /run/secrets/my-token)"
Please note that Kubernetes secrets can only be used at runtime, not as 
buildArgs
for Docker builds. Also, using secrets as 
buildArgs
is considered a bad practice and a security risk. For more information, you can refer to the Garden documentation () on how to add Docker specific flags to the build command. Sources: - Github Issue (open): [FEATURE]: Allow build time secrets () - Discord support thread: How to use an SSH Key inside a Dockerfile build on remote cluster-buildkit? () - Misc > FAQ > Builds > How do I add Docker specific flags to the build command? () ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
message has been deleted
g
@microscopic-river-74022 can i reference in this extraFlags somehow to the user root directory? $HOME does not work
m
Let me check the knowledge base for you. One moment! :books:
---------------------- Unfortunately, based on the provided knowledge sources, there's no direct way to reference the user's root directory (
$HOME
) in the 
extraFlags
field of the Garden configuration. Environment variables like 
$HOME
are not automatically expanded in the Garden configuration. This is because the configuration is defined in YAML, which doesn't support shell-style environment variable expansion. If you need to reference files in the user's home directory during the build process, you might need to copy those files into the build context directory and reference them from there. If you have more specific requirements, please provide more details so I can give a more accurate answer. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
message has been deleted
b
@gentle-umbrella-55872 If you use args in the dockerfile you can simply supply the env var using ${local.env.SECRET_NAME} from your environment
The container/build-action module has a buildArgs object you can supply with env vars
Copy code
build:
  targetImage: development
buildArgs:
  NPM_TOKEN:  ${local.env.NPM_TOKEN}
PreviousNext
Powered by