search

aws / copilot-cli

The AWS Copilot CLI is a tool for developers to build, release and operate production ready containerized applications on AWS App Runner or Amazon ECS on AWS Fargate.
https://aws.github.io/copilot-cli/
Apache License 2.0
3.49k stars 404 forks source link

Environment variables are recognized but not interpolated/inserted #3839

Open fearnycompknowhow opened 2 years ago

fearnycompknowhow commented 2 years ago

Hello, I apologize if this question has already been asked. I've been searching the internet for about a day and a half now, and I haven't found anything that works.

My pipeline builds a docker image. Both the buildspec.yml and the service manifest.yml files were generated through the AWS CLI.

I'm struggling with how to pass values from Secrets Manager into Dockerfile at build time. Based on my reading, it's possible to pull in values from Secrets Manager using either this syntax in the service's manfiest.yml file:

secrets:
  SECRET_1: "arn:for:secret"
  SECRET_2: "arn:for:secret"

# Or this instead
secrets:
  SECRET_1:
    secretsmanager: "secret-name:secret-key-1"
  SECRET_2:
    secretsmanager: "secret-name:secret-key-2"

Or you can specify them in the top-level buildspec.yml file using the following syntax:

env:
  secrets-manager:
    SECRET_1: "secret-name:secret-key-1"
    SECRET_2: "secret-name:secret-key-2"

The problem comes when I attempt to pass the values into the Docker file as build args. Within the service's manifest.yml file:

image:
  build:
    dockerfile: Dockerfile
    args:
      SECRET_1: ${SECRET_1}
      # Omitting the curly braces doesn't help anything
      SECRET_2: $SECRET_2

The problem seems to be that neither of the two environment variables are replaced with the environment variable values. Instead the literal string values of "${SECRET_1}" and "$SECRET_2" are passed into the Dockerfile.

I notice here that the person is referencing custom environment variables in the exact same way that I am, and it seems to have worked for them.

What's weird is that Copilot seems to recognize that SECRET_1 and SECRET_2 are actual environment variables, it just doesn't interpolate/insert them.

I know this, because if I remove every and all definition for the variables (both in the buildspec.yml file and in the manifest.yml file), the error message changes and the Dockerfile build never even runs due to the fact that there is an error in the Copilot config itself (i.e. missing environment variables).

lsemerini commented 1 year ago

I have the same issue.

The error: interpolate environment variables for XYZ manifest: environment variable "GH_TOKEN" is not defined

I'm doing this:

secrets:
  GH_TOKEN: 'test/ctf-poc/gh-token'

image:
  build:
    dockerfile: Dockerfile.text
    args:
      GH_TOKEN: ${GH_TOKEN}

Using copilot version: v1.23.0

Update: this workaround helped me.