---
id: "environment-variables-in-docker-build-push-action"
title: "Environment Variables in GitHub Docker build-push-action"
description: "A basic pattern for passing environment variables to the
  docker/build-push-action from a GitHub secret."
pubDate: "2022-09-22T00:00:00.000Z"
tags:
  - "code"
  - "GitHub"
  - "docker"
  - "environment variables"
  - "workflows"
syndicate: false
canonicalURL: "https://justin.poehnelt.com/posts/environment-variables-in-docke\
  r-build-push-action/"
relativeURL: "/posts/environment-variables-in-docker-build-push-action/"
markdownURL: "/posts/environment-variables-in-docker-build-push-action.md"
---
I recently ran into an issue where I was required to pass environment variables into a Docker container. I was using the [docker/build-push-action](https://github.com/docker/build-push-action) to build and push the container and everything was working fine until I needed the `SENTRY_AUTH_TOKEN` environment variable as part of the build step for my NextJS application.

The solution has two parts.

1. Pass the secret as a build argument in the [docker/build-push-action](https://github.com/docker/build-push-action) step.
2. Modify the multi-stage Dockerfile to use the build argument as an environment variable.

### GitHub secret to build-args[](#github-secret-to-build-args)

This part was easy.

```yaml
- name: Build and push
  uses: docker/build-push-action@v3
  with:
    context: .
    build-args: |
      "SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }}"
```

### Dockerfile[](#dockerfile)

The Dockerfile change is also straightforward.

```dockerfile
# The SENTRY_AUTH_TOKEN is used to upload the source maps to Sentry
ARG SENTRY_AUTH_TOKEN
ENV SENTRY_AUTH_TOKEN ${SENTRY_AUTH_TOKEN}
```

The `ARG` and `ENV` lines must be in the same stage of the Dockerfile that requires it. If you have multiple stages, you’ll need to add the `ARG` and `ENV` lines to each stage.

❗ The `ARG` value will be accessible to anyone that has access to the Docker image. If you are using a private registry, this is not a problem. If you are using a public registry, you should be careful about what you pass as an `ARG`.

And it works! 🎉


[Environment Variables in GitHub Docker build-push-action](https://justin.poehnelt.com/posts/environment-variables-in-docker-build-push-action/) © 2022 by [Justin Poehnelt](https://justin.poehnelt.com/) is licensed under CC BY-SA 4.0