GitHub secrets are not sent and read correctly from file - Docker

MaxDev
October 15, 2022
252 views
0 votes
2 Answers

In my personal project, I try to deploy my backend spring boot with github actions and a Dockerfile

For more security, I save my properties in the Github secrets and in my Dockerfile, i get the configuration (url, username and password)

    - name: Build and push Docker image
    uses: docker/build-push-action@v2
    with:
      username: ${{ github.actor }}
      password: ${{ secrets.GITHUB_TOKEN }}
      push: true
      file: ./Dockerfile
      tags: ${{ env.REGISTRY }}/***
      build-args: |
        server_port=${{ secrets.SERVER_PORT_DEV }}
        url=${{ secrets.URL_DEV }}
        username=${{ secrets.USERNAME_DEV }}
        password=${{ secrets.PASSWORD_DEV }}

And my spring boot doesn’t run because the url, username and password are missing in my application.properties.
So, I try to cat the properties file in my github actions and here is what i got :

#11 0.281 # Secrets
#11 0.281 spring.datasource.url=
#11 0.281 spring.datasource.username=
#11 0.281 spring.datasource.password=

Do you have any idea why Github secrets are not read?
2nd more general question: is it good practice to use this method? Or are there better ones?

Thank you very much for your precious help and good day to all of you who would help me 🙂

Answers

Chosen as BEST ANSWER

Yes, in my Dockerfile I have this informations :

#Write the 3 args in a src/main/resources/application.properties file
RUN echo "spring.datasource.url=${url}" >> src/main/resources/application.properties
RUN echo "spring.datasource.username=${username}" >> src/main/resources/application.properties
RUN echo "spring.datasource.password=${password}" >> src/main/resources/application.properties

#Print the content of the file to check if it's ok
RUN cat src/main/resources/application.properties

I don't understand why my secrets doesn't in my file, i'm so confuse

(Edit)

- VonC
- October 16, 2022 at 11:38 am
- 0 votes
0
The "Set build-time variables (--build-arg)" docker build man page section includes:

The ARG instruction lets Dockerfile authors define values that users can set at build-time using the --build-arg flag.
This flag allows you to pass the build-time variables that are accessed like regular environment variables in the RUN instruction of the Dockerfile.
Also, these values don’t persist in the intermediate or final images like ENV values do.

So make sure your Dockerfile includes:
```
ARG server_port
ARG url
ARG username
ARG password
RUN echo "spring.datasource.url=${url}">>application.properties && 
    echo "spring.datasource.username=${username}">>application.properties && 
    echo "spring.datasource.password=${password}">>application.properties
```
I don’t know if my syntax if incorrect or it’s a problem with the GitHub secrets reading.

Actually, inside the Dockerfile, the GitHub Action secrets, like ${{ secrets.URL_DEV }} would not apply.
Only ${url}, meaning the ARG name, would be available.

So if you input text into application.properties in the Dockerfile, use the ARG variable names, not the GitHub Action secrets name.

But when you call docker build (*outside the Dockerfile, since docker build uses the Dockerfile), then yes, use the GitHub Action secrets:
```
docker build ----build-arg url=${{ secrets.URL_DEV }}
```
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

GitHub secrets are not sent and read correctly from file – Docker

Answers