I am trying to dockerize an express app using prisma and supabase, but am unable to get prisma to set the supabase url at build time with docker. Prisma is expecting the url to be in an environment variable named DATABASE_URL. To avoid exposing the url I am passing it as a secret to docker and trying to set it an an environment variable but cannot get it to work. Here are two different approaches I’ve tried with my Dockerfile:
Dockerfile
# syntax=docker/dockerfile:1.2
FROM node:18.9.0
WORKDIR /app
COPY package*.json .
COPY yarn.lock .
COPY prisma .
RUN --mount=type=secret,id=_env,dst=/etc/secrets/.env
export $(egrep -v '^#' /etc/secrets/.env | xargs)
&& yarn install
RUN --mount=type=secret,id=_env,dst=/etc/secrets/.env
export $(egrep -v '^#' /etc/secrets/.env | xargs)
&& yarn prisma generate
COPY . .
RUN yarn build
CMD ["yarn", "start:dev"]
Dockerfile2
# syntax=docker/dockerfile:1.2
FROM node:18.9.0
WORKDIR /app
COPY package*.json .
COPY yarn.lock .
COPY prisma .
RUN --mount=type=secret,id=dburl
DATABASE_URL="$(cat /run/secrets/dburl)"
&& yarn install
RUN --mount=type=secret,id=dburl
DATABASE_URL="$(cat /run/secrets/dburl)"
&& yarn prisma generate
COPY . .
RUN yarn build
CMD ["yarn", "start:dev"]
The build commands for each one are the following respectively:
docker build --progress=plain --no-cache --secret id=_env,src=.env .
docker build --progress=plain --no-cache --secret id=dburl,src=dburl.txt .
Whenever I try this the first call to the prisma client inside the app produces a segmentation fault and crashes the app, whereas it works fine outside of the docker container.
Any help would be greatly appreciated.
2
Answers
Turns out either method actually works. The segmentation fault issue is another problem entirely:
https://github.com/prisma/prisma/issues/10649
I know this is old but here’s what I did:
make a migrate.ts (JS is probably better for speed? could do bash too)
in your schema.prisma
the env will read what ever env var you pass to it so
in your docker file, you can do something like this
also note, docker-secret is just a file fetcher,