0

I want to set ENV only when ARG exist.

What I want to do like:

FROM ruby:3.0.1

ARG RAILS_MASTER_KEY

if [[ -n "$RAILS_MASTER_KEY" ]] ;
  then ENV RAILS_MASTER_KEY=$RAILS_MASTER_KEY
fi

Environments;

  • ruby on rails using credentials
    • credentials/development.yml.enc
    • development.key
  • CircleCI context for secret env
  • Dockerfile.local for local

I have 3 repositories for one service.

  • web(front-end)
  • app(back-end)
  • api

And each repository has docker-compose.yml and it build own image by Dockerfile and pull other repository's image from ECR.

When merged to main branch, CircleCI build the image by Dockerfile and push to ECR.

Because I'm managing my secret key by CircleCI context, so I pass the key by --build-arg when CircleCI build the image, and I don't need the ENV when I build the repository locally because I have key files in local.

Here is what I tried, but the ENV is still set with empty value like RAILS_MASTER_KEY= . Because of this problem, my rails container doesn't up when docker-compose up.

enter image description here

Dockerfile before

FROM ruby:3.0.1

ARG RAILS_MASTER_KEY

ENV RAILS_MASTER_KEY=$RAILS_MASTER_KEY

what i tried:

  1. not work
FROM ruby:3.0.1

ARG RAILS_MASTER_KEY

RUN if [[ -n "$RAILS_MASTER_KEY" ]] ; then export RAILS_MASTER_KEY=$RAILS_MASTER_KEY; fi
  1. not work
FROM ruby:3.0.1

ARG RAILS_MASTER_KEY

ENV RAILS_MASTER_KEY=$RAILS_MASTER_KEY
RUN if [[ -z "$RAILS_MASTER_KEY" ]] ; then unset RAILS_MASTER_KEY; fi

Below is CircleCi config file FYI.

...
commands:
  # image-build-push for k8s
  build-push-image:
    steps:
      - checkout
      - setup_remote_docker:
          docker_layer_caching: true
      - aws-ecr/build-and-push-image:
          dockerfile: ${DOCKER_FILE_PATH}
          no-output-timeout: 20m
          region: AWS_DEFAULT_REGION
          repo: ${ECR_REPO_NAME}
          tag: ${IMAGE_TAG}
          extra-build-args: --build-arg RAILS_MASTER_KEY=${RAILS_MASTER_KEY}
...
Hyomin Kim
  • 1,151
  • 1
  • 7
  • 7
  • Anything you put into a Docker image is pretty easy to get back out again; environment variables show up in the `docker inspect` output, for example. You probably don't want to be setting credentials in an image at all. – David Maze Dec 09 '21 at 11:36
  • [Conditional ENV in Dockerfile](https://stackoverflow.com/questions/37057468/conditional-env-in-dockerfile) is almost the same, though it asks a little more about setting an `ENV` to different values based on an `ARG`. If its answers seem inconclusive, it's because Dockerfiles in general don't have conditionals. – David Maze Dec 09 '21 at 11:42
  • @DavidMaze Thank you for your kind comment. I saw and tried the link, but that was not what I want to do. And I solved by making two Dockerfile (e.g. Dockerfile.local and Dockerfile.dev). I got a hint from that you mentioned "Dockerfiles in general don't have conditionals". Thank you! – Hyomin Kim Dec 10 '21 at 02:38

1 Answers1

0

Update

Finally, I solved this problem using env_file in Dockerfile.

...
services:
  app:
    build:
      context: .
      dockerfile: docker/Dockerfile.local
    env_file:
      - docker/env/.env.api.local

  app:
    image: ....
    env_file:
      - docker/env/.env.app.local
...

And sharing .env files to members.

#.gitignore
...
.env.*
...

By so doing,

  • I don't need to separate Dockerfile for local.
  • I don't need to use CircleCI Context. (I thought using the CircleCI Context would be not good, because my application's some information will be depended on CircleCI.)

My three repositories each have .env.api.local, .env.app.local files, and docker-compose read the file as env_file on each service.

Before

I solved by making a separate Dockerfile.

Dockerfile.local in docker-compose.yml.

Dockerfile.dev in CircleCI config.yml and I pass ARG using --build-arg

Dockerfile.local;

# for local
# built by docker-compose 
# not using ENV
FROM ruby:3.0.1

...

Dockerfile.dev;

# image for other repository
# built and push by CircleCI
# using ENV
FROM ruby:3.0.1

ARG RAILS_MASTER_KEY

ENV RAILS_MASTER_KEY=$RAILS_MASTER_KEY
...
Hyomin Kim
  • 1,151
  • 1
  • 7
  • 7