From 73a020581fe664b52f600534fdc940cb09c115f4 Mon Sep 17 00:00:00 2001 From: Greg Konush <12027037+gregkonush@users.noreply.github.com> Date: Mon, 23 Dec 2024 23:50:24 -0800 Subject: [PATCH] build: inject secret into docker build --- .github/workflows/docker-build-common.yaml | 4 ++++ .github/workflows/docker-build-push.yaml | 2 ++ apps/findbobastore/Dockerfile | 3 ++- scripts/build-findbobastore.sh | 2 +- 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-build-common.yaml b/.github/workflows/docker-build-common.yaml index a391205b..475e6ee0 100644 --- a/.github/workflows/docker-build-common.yaml +++ b/.github/workflows/docker-build-common.yaml @@ -28,6 +28,8 @@ on: required: true REGISTRY_TOKEN: required: true + docker_secrets: + required: false jobs: build: @@ -74,3 +76,5 @@ jobs: push: true cache-from: type=registry,ref=kalmyk.duckdns.org/lab/${{ inputs.image_name }}:latest cache-to: type=inline + secrets: | + ${{ secrets.docker_secrets }} diff --git a/.github/workflows/docker-build-push.yaml b/.github/workflows/docker-build-push.yaml index 4897bdbd..b1b73c6f 100644 --- a/.github/workflows/docker-build-push.yaml +++ b/.github/workflows/docker-build-push.yaml @@ -1,6 +1,7 @@ name: Docker Build and Push on: + pull_request: push: branches: - 'main' @@ -54,3 +55,4 @@ jobs: secrets: REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }} + docker_secrets: mapbox_access_token=${{ secrets.NEXT_PUBLIC_MAPBOX_ACCESS_TOKEN }} diff --git a/apps/findbobastore/Dockerfile b/apps/findbobastore/Dockerfile index cdf288dd..b3bbfb19 100644 --- a/apps/findbobastore/Dockerfile +++ b/apps/findbobastore/Dockerfile @@ -13,7 +13,8 @@ RUN corepack enable COPY --from=deps /app/node_modules ./node_modules COPY --from=deps /app/apps/findbobastore/node_modules ./apps/findbobastore/node_modules COPY . . -RUN pnpm build:findbobastore +RUN --mount=type=secret,id=mapbox_access_token,env=NEXT_PUBLIC_MAPBOX_ACCESS_TOKEN \ + pnpm build:findbobastore FROM node:lts-alpine AS runner WORKDIR /app diff --git a/scripts/build-findbobastore.sh b/scripts/build-findbobastore.sh index a476e589..5d375d53 100755 --- a/scripts/build-findbobastore.sh +++ b/scripts/build-findbobastore.sh @@ -18,7 +18,7 @@ FULL_IMAGE_NAME="${IMAGE_NAME}:${TAG}" # Build the Docker image echo "Building Docker image: ${FULL_IMAGE_NAME}" -docker buildx build --platform linux/arm64 -t ${FULL_IMAGE_NAME} -f ${DOCKERFILE} ${CONTEXT_PATH} --push +docker buildx build --platform linux/arm64 -t ${FULL_IMAGE_NAME} -f ${DOCKERFILE} ${CONTEXT_PATH} --push --secret id=mapbox_access_token,env=NEXT_PUBLIC_MAPBOX_ACCESS_TOKEN # Check if the build was successful if [ $? -eq 0 ]; then