search

GoogleContainerTools / kaniko

Build Container Images In Kubernetes
Apache License 2.0
14.8k stars 1.44k forks source link

Variables in Dockerfile run with Kaniko in gitlab-ci #1964

Open chmolo99 opened 2 years ago

chmolo99 commented 2 years ago

FIRST sorry for my english, i will try to make an effort !

CONTEXT : I have gitlab-ci ,run with kaniko to create an image build from a Dockerfile

My problem is : I want to put a variable in Dockerfile

I have already "sign" my variable in setting CI/CD not protected and not masked

MY GITLAB.CI: 

build:
  stage: build
  tags:
    - openshift
  image: 
    name: $IMAGE:v1.7.0
    entrypoint: []

  script:
    - mkdir -p /kaniko/.docker
    - env
    - echo "{\"auths\":{\"$REGISTRY\":{\"auth\":\"$SECRET\"}}}" > /kaniko/.docker/config.json 
    - | 
      echo "-----BEGIN CERTIFICATE-----
      $CERTIF
      -----END CERTIFICATE-----" >> /kaniko/ssl/certs/additional-ca-cert-bundle.crt
    - >-
      /kaniko/executor 
      --context "${CI_PROJECT_DIR}"
      --dockerfile "${CI_PROJECT_DIR}/Dockerfile-kaniko"
      --build-arg NXUSERNAME=$NXUSERNAME
      --build-arg NXPASSWORD=$NXPASSWORD
      --destination "$DEST:${CI_COMMIT_TAG}"
  rules:
    - if: $CI_COMMIT_TAG

My Dockerfile : 

FROM **********
USER 0

ADD . /tmp/src

ARG $NXUSERNAME:$NXPASSWORD
ARG $NXUSERNAME
ARG $NXPASSWORD

RUN echo $NXUSERNAME:$NXPASSWORD

RUN curl -k -v -u $NXUSERNAME:$NXPASSWORD -X GET https://artifacts.val.cloud.***********/#browse/browse:**********%2Fvendor.tar.gz > vendor.tar.gz 
RUN tar -xzf vendor.tar.gz --directory /tmp/src && rm -f vendor.tar.gz

RUN chown -R 1001:0 /tmp/src

RUN /usr/libexec/s2i/assemble

USER 0

CMD /usr/libexec/s2i/run

but he returns me : 

INFO[0021] cmd: USER                                    
INFO[0021] Using files from context: [/builds/9AVrAXzW/0/*********/**********/************/cicd] 
INFO[0021] ADD . /tmp/src                               
INFO[0021] Taking snapshot of files...                  
INFO[0021] ARG $NXUSERNAME:$NXPASSWORD                  
INFO[0021] ARG $NXUSERNAME                              
INFO[0021] ARG $NXPASSWORD                              
INFO[0021] RUN echo $NXUSERNAME:$NXPASSWORD             
INFO[0021] Taking snapshot of full filesystem...        
INFO[0024] cmd: /bin/sh                                 
INFO[0024] args: [-c echo $NXUSERNAME:$NXPASSWORD]      
INFO[0024] util.Lookup returned: &{Uid:0 Gid:0 Username:root Name:root HomeDir:/root} 
INFO[0024] performing slow lookup of group ids for root 
INFO[0024] Running: [/bin/sh -c echo $NXUSERNAME:$NXPASSWORD] 
:
INFO[0024] Taking snapshot of full filesystem...        
INFO[0025] No files were changed, appending empty layer to config. No layer added to image. 
INFO[0025] RUN curl -k -v -u $NXUSERNAME:$NXPASSWORD -X GET https://artifacts.val.cloud.*****/#browse/browse:**************:composer%2Fvendor.tar.gz > vendor.tar.gz

what can i do ?

ferrastas commented 2 years ago

Does seems related to Kaniko 🤔 ...

But I see that your Dockerfile is wrong regarding ARG usage, if you check the documentation, arguments should be defined like:

ARG NXUSERNAME
ARG NXPASSWORD

With no dollar sign.

sysmat commented 1 year ago

Don't use args for secrets they will be seen in docker history