In my python application I am trying to access/print out an environment variable but it is printing out None.
logger.info(f"OIDC SECRET: {os.getenv('OIDC_CLIENT_SECRET')}")
This is my step/job in github actions
name: Build and push image to harbor
run: |
IMAGE_VERSION=$GITHUB_RUN_NUMBER
IMAGE_WITH_TAG="$IMAGE_NAME:develop.$IMAGE_VERSION"
docker build
-t $IMAGE_WITH_TAG --file "$DOCKERFILE_PATH"
--build-arg OIDC_CLIENT_SECRET=${{ secrets.OIDC_CLIENT_SECRET }}
--build-arg DB_PWD=${{ secrets.DB_PWD }}
--build-arg APP_ENV="dev" .
docker login TEST.com -u "$DEV_DEPLOY_USENAME" -p "$DEV_DEPLOY_PWD"
docker push $IMAGE_WITH_TAG
echo "IMAGE_VERSION=$IMAGE_VERSION" >> $GITHUB_ENV
echo "PUSHED_IMAGE=$IMAGE_WITH_TAG" >> $GITHUB_ENV
echo "develop branch"
echo "NAMESPACE=$PROJECT-dev" >> $GITHUB_ENV
env:
DEV_DEPLOY_USENAME: ${{ secrets.DEV_DEPLOY_USENAME }}
DEV_DEPLOY_PWD: ${{ secrets.DEV_DEPLOY_PWD }}
PUSHED_IMAGE: ${{ env.PUSHED_IMAGE }}
BRANCH: ${{ env.BRANCH }}
And below is my docker file.
FROM TEST.com/library/python:3.10-slim as builder
RUN pip install poetry==1.6.1
ENV POETRY_NO_INTERACTION=1
POETRY_VIRTUALENVS_IN_PROJECT=1
POETRY_VIRTUALENVS_CREATE=1
POETRY_CACHE_DIR=/tmp/poetry_cache
WORKDIR /usr/src
ARG OIDC_CLIENT_SECRET
ARG DB_PWD
ARG APP_ENV
ENV OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET
ENV DB_PWD=$DB_PWD
ENV APP_ENV=$APP_ENV
RUN echo $OIDC_CLIENT_SECRET
RUN echo $DB_PWD
RUN echo $APP_ENV
COPY pyproject.toml ./
RUN poetry install --without dev --no-root && rm -rf $POETRY_CACHE_DIR
# The runtime image, used to just run the code provided its virtual environment
FROM TEST.com/library/python:3.10-slim as runtime
ARG WORKER_COUNT=1
ENV WORKER_COUNT=${WORKER_COUNT}
RUN mkdir -p /usr/src
WORKDIR /usr/src
ENV VIRTUAL_ENV=/usr/src/.venv
PATH="/usr/src:/usr/src/.venv/bin:$PATH"
ENV TZ=America/Chicago
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
COPY --from=builder ${VIRTUAL_ENV} ${VIRTUAL_ENV}
COPY ./src/ /usr/src/
RUN ls -R
EXPOSE 5000
CMD uvicorn --workers $WORKER_COUNT --host 0.0.0.0 --port 5000 main:app
My project deploys successfully, however the environment variables of OIDC_CLIENT_SECRET and DB_PWD are being set to None which is confirmed by my log statement. I double checked names, values all throughout my files including the secrets in github. I even have print statements in my docker which are outputting *** which I assume is still correct, its probably hiding the value.
Is there something I am doing wrong to where my environment variables are not making it to my project?
2
Answers
So I finally figured it out. The issue was in the dockerfile. The environment variables and arguments needed to be declared after the runtime like below.
I’ll do my best to address the issue of environment variables not being accessible in your Python application within the Docker container. Here’s a comprehensive response, incorporating insights from expert feedback and addressing potential causes:
Understanding the Workflow:
GitHub Actions:
Build arguments (
-build-arg) are used to pass secrets to theDockerfile.
Dockerfile:
ARGinstructions receive build arguments.ENVinstructions set environment variables within the build context.builder,runtime) are used for efficiency.Potential Issues and Solutions:
Incorrect Usage of ARG and ENV:
the runtime image.
Environment Variables Not Persisting Between Stages:
to the runtime stage.
Virtual Environment Isolation:
accessing variables.
Typos and Case Sensitivity:
solution:
Remember: