diff --git a/.github/workflows/docker-build-common.yaml b/.github/workflows/docker-build-common.yaml index a391205..475e6ee 100644 --- a/.github/workflows/docker-build-common.yaml +++ b/.github/workflows/docker-build-common.yaml @@ -28,6 +28,8 @@ on: required: true REGISTRY_TOKEN: required: true + docker_secrets: + required: false jobs: build: @@ -74,3 +76,5 @@ jobs: push: true cache-from: type=registry,ref=kalmyk.duckdns.org/lab/${{ inputs.image_name }}:latest cache-to: type=inline + secrets: | + ${{ secrets.docker_secrets }} diff --git a/.github/workflows/docker-build-push.yaml b/.github/workflows/docker-build-push.yaml index 4897bdb..4903745 100644 --- a/.github/workflows/docker-build-push.yaml +++ b/.github/workflows/docker-build-push.yaml @@ -54,3 +54,4 @@ jobs: secrets: REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }} + docker_secrets: mapbox_access_token=${{ secrets.NEXT_PUBLIC_MAPBOX_ACCESS_TOKEN }} diff --git a/apps/findbobastore/Dockerfile b/apps/findbobastore/Dockerfile index cdf288d..b3bbfb1 100644 --- a/apps/findbobastore/Dockerfile +++ b/apps/findbobastore/Dockerfile @@ -13,7 +13,8 @@ RUN corepack enable COPY --from=deps /app/node_modules ./node_modules COPY --from=deps /app/apps/findbobastore/node_modules ./apps/findbobastore/node_modules COPY . . -RUN pnpm build:findbobastore +RUN --mount=type=secret,id=mapbox_access_token,env=NEXT_PUBLIC_MAPBOX_ACCESS_TOKEN \ + pnpm build:findbobastore FROM node:lts-alpine AS runner WORKDIR /app diff --git a/scripts/build-findbobastore.sh b/scripts/build-findbobastore.sh index a476e58..5d375d5 100755 --- a/scripts/build-findbobastore.sh +++ b/scripts/build-findbobastore.sh @@ -18,7 +18,7 @@ FULL_IMAGE_NAME="${IMAGE_NAME}:${TAG}" # Build the Docker image echo "Building Docker image: ${FULL_IMAGE_NAME}" -docker buildx build --platform linux/arm64 -t ${FULL_IMAGE_NAME} -f ${DOCKERFILE} ${CONTEXT_PATH} --push +docker buildx build --platform linux/arm64 -t ${FULL_IMAGE_NAME} -f ${DOCKERFILE} ${CONTEXT_PATH} --push --secret id=mapbox_access_token,env=NEXT_PUBLIC_MAPBOX_ACCESS_TOKEN # Check if the build was successful if [ $? -eq 0 ]; then