I recently ran into an issue where I was required to pass environment variables into a Docker container. I was using the docker/build-push-action to build and push the container and everything was working fine until I needed the SENTRY_AUTH_TOKEN environment variable as part of the build step for my NextJS application.

The solution has two parts.

1. Pass the secret as a build argument in the docker/build-push-action step.
2. Modify the multi-stage Dockerfile to use the build argument as an environment variable.

GitHub secret to build-args

This part was easy.

- name: Build and push
  uses: docker/build-push-[email protected]
  with:
    context: .
    build-args: |
      "SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }}"

Dockerfile

The Dockerfile change is also straightforward.

# The SENTRY_AUTH_TOKEN is used to upload the source maps to Sentry
ARG SENTRY_AUTH_TOKEN
ENV SENTRY_AUTH_TOKEN ${SENTRY_AUTH_TOKEN}

The ARG and ENV lines must be in the same stage of the Dockerfile that requires it. If you have multiple stages, you’ll need to add the ARG and ENV lines to each stage.

❗ ❗ ❗ The ARG value will be accessible to anyone that has access to the Docker image. If you are using a private registry, this is not a problem. If you are using a public registry, you should be careful about what you pass as an ARG.

And it works! 🎉

Next

Using Google Container Registry, Docker Buildx, and GitHub Actions

Previous

Caching Playwright Binaries in GitHub Actions

Related

• Using Google Container Registry, Docker Buildx, and GitHub Actions
• GitHub Workflow to Sync Branches
• Caching Playwright Binaries in GitHub Actions
• Unwatch All Repositories in a GitHub Organization
• Automatically Approving and Merging Dependabot Pull Requests
• Strongly Typed Yup Schema in TypeScript

Get the RSS feeds: All, Run, Code.