Set GitHub Actions Secrets on Docker Container Build/Run Command
I'm in the early stages of building an automated pipeline. Still in the exploring phase. Right now, I'm struggling with setting the environment variables for the container I'm going to run my app.
The idea is to have my environment variables set as GitHub Actions Secrets and configure them in the container when I run the docker container command. The container was built out of a Docker Composer file.
Right now, I have this working:
- name: Backend - Build Container (proof of concept)
run: |
BACKEND_CONTAINER_SH_SCRIPT='eval "GITHUB_USER=123 GITHUB_REPO_NAME=321 docker-compose -f ss-build-files/ubuntu-container-build.yml up -d && docker-compose -f ss-build-files/ubuntu-container-build.yml logs";'
echo "${{ secrets.CONFIG_SERVER_SSH_KEY }}" > id_rsa_ssh_key_server_temp.pem;
chmod 600 id_rsa_ssh_key_server_temp.pem;
ssh -v -t -t -i id_rsa_ssh_key_server_temp.pem -o StrictHostKeyChecking=no ubuntu@${{ env.CONFIG_SERVER_IP }} "$BACKEND_CONTAINER_SH_SCRIPT"
rm id_rsa_ssh_key_server_temp.pem;
echo "Status check: jobs completed successfully!";
However, when I try to integrate with the GitHub secrets, it returns me an error in the GitHub Runner:
- name: Backend - Build Container (proof of concept)
run: |
BACKEND_CONTAINER_SH_SCRIPT='eval "GITHUB_USER=x${{ secrets.TEST_1 }} GITHUB_REPO_NAME=xx${{ secrets.TEST_2 }} docker-compose -f ss-build-files/ubuntu-container-build.yml up -d && docker-compose -f ss-build-files/ubuntu-container-build.yml logs";'
echo "${{ secrets.CONFIG_SERVER_SSH_KEY }}" > id_rsa_ssh_key_server_temp.pem;
chmod 600 id_rsa_ssh_key_server_temp.pem;
ssh -v -t -t -i id_rsa_ssh_key_server_temp.pem -o StrictHostKeyChecking=no ubuntu@${{ env.CONFIG_SERVER_IP }} "$BACKEND_CONTAINER_SH_SCRIPT"
rm id_rsa_ssh_key_server_temp.pem;
echo "Status check: jobs completed successfully!";
The error:
debug1: Sending command: eval "GITHUB_USER=x*** GITHUB_REPO_NAME=xx*** docker-compose -f ss-build-files/ubuntu-container-build.yml up -d && docker-compose -f ss-build-files/ubuntu-container-build.yml logs";
bash: line 1: secret1: command not found
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Connection to 3.90.173.47 closed.
Transferred: sent 2892, received 2676 bytes, in 0.5 seconds
Bytes per second: sent 6131.9, received 5673.9
debug1: Exit status 127
Error: Process completed with exit code 127.
Note: I'm building this way because eval "GITHUB_USER=123 GITHUB_REPO_NAME=321 docker-compose -f ss-build-files/ubuntu-container-build.yml up -d && docker-compose -f ss-build-files/ubuntu-container-build.yml logs"
seems to be the only way it works considering what I wish to accomplish, which is to create a node script that that reads all Secrets (the app has many environment variables) from the repo and will output a string like so:
TEST_1=${{ secrets.TEST_1 }} TEST_2=${{ secrets.TEST_2 }}
And this string, I'll merge with the rest of the Docker container command.
Anyone has any idea about the reason it's giving me this error or maybe another idea of how I could automate this part without hardcoding a .env file in the server/container?
It should work without
eval
.In this
bash: line 1: secret1: command not found
we can see that for whatever reason it tries to execute commandsecret1
. Most likely it is due to theeval
messing with it.