search

docker / build-push-action

GitHub Action to build and push Docker images with Buildx
https://github.com/marketplace/actions/build-and-push-docker-images
Apache License 2.0
4.11k stars 527 forks source link

Docker file created is different than Docker file created at own terminal #1031

Closed KinTsang closed 5 months ago

KinTsang commented 6 months ago

Contributing guidelines

I've found a bug, and:

Description

Hi,

I am new to Docker and would appreciate any feedbacks. I am building a practice website and having an issue where the docker file produced is different than what I do in my terminal.

In my terminal, I am using this command: docker build -t kintsang/devsecopsforums:1.2 .

This is in the docker file:

FROM node:20.10.0

WORKDIR /app

COPY . .
RUN npm install
RUN npm run build

EXPOSE 3000
CMD ["npm", "start"]

This is the .dockerignore:

Dockerfile
.dockerignore
node_modules
npm-debug.log
README.md
.next
.git

I am trying to make a CI/CD pipeline where I will build the dockerfile and then have it ssh-ed into my ec2 using GIthub Actions.

This is the pipeline.yml file:

name: Docker Image CI

on:
  push:
    branches: [ "main" ]

jobs:

  docker-build-push:
     name: Build docker
     runs-on: ubuntu-latest
     steps:
       - name: Login to docker hub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
       - name: Build and push
         uses: docker/build-push-action@v5.1.0
         with:
           build-args: |
             CLERK_SECRET_KEY=${{ secrets.CLERK_SECRET_KEY }}
             MONGODB_URL=${{ secrets.MONGODB_URL }}
             NEXT_CLERK_WEBHOOK_SECRET=${{ secrets.NEXT_CLERK_WEBHOOK_SECRET }}
             NEXT_PUBLIC_CLERK_AFTER_SIGN_IN_URL=${{ secrets.NEXT_PUBLIC_CLERK_AFTER_SIGN_IN_URL }}
             NEXT_PUBLIC_CLERK_AFTER_SIGN_UP_URL=${{ secrets.NEXT_PUBLIC_CLERK_AFTER_SIGN_UP_URL }}
             NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=${{ secrets.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
             NEXT_PUBLIC_CLERK_SIGN_IN_URL=${{ secrets.NEXT_PUBLIC_CLERK_SIGN_IN_URL }}
             NEXT_PUBLIC_CLERK_SIGN_UP_URL=${{ secrets.NEXT_PUBLIC_CLERK_SIGN_UP_URL }}
             NEXT_PUBLIC_SERVER_URL=${{ secrets.NEXT_PUBLIC_SERVER_URL }}
             NEXT_PUBLIC_TINY_EDITOR_API_KEY=${{ secrets.NEXT_PUBLIC_TINY_EDITOR_API_KEY }}
             OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }}
           push: true
           tags: ${{ secrets.DOCKER_HUB_USERNAME }}/devsecops-forum:latest

  push-to-ec2:
    needs: docker-build-push
    runs-on: ubuntu-latest
    steps:
    - name: Login to docker hub
      uses: docker/login-action@v3
      with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
    - name: Set permissions for private key
      run: |
        echo "${{ secrets.AWS_EC2_PROD_PRIVATE_KEY }}" > key.pem
        chmod 600 key.pem
    - name: Pull Docker image
      run: |
        ssh -o StrictHostKeyChecking=no -i key.pem ${{secrets.AWS_EC2_PROD_USERNAME}}@${{ secrets.AWS_EC2_PROD_HOSTNAME }} 'sudo docker pull ${{ secrets.DOCKER_HUB_USERNAME }}/devsecops-forum:latest'
    - name: Stop running container
      run: |
        ssh -o StrictHostKeyChecking=no -i key.pem ${{secrets.AWS_EC2_PROD_USERNAME}}@${{ secrets.AWS_EC2_PROD_HOSTNAME }} 'sudo docker stop devsecops-forum || true'
        ssh -o StrictHostKeyChecking=no -i key.pem ${{secrets.AWS_EC2_PROD_USERNAME}}@${{ secrets.AWS_EC2_PROD_HOSTNAME }} 'sudo docker rm devsecops-forum || true'
        ssh -o StrictHostKeyChecking=no -i key.pem ${{secrets.AWS_EC2_PROD_USERNAME}}@${{ secrets.AWS_EC2_PROD_HOSTNAME }} 'sudo docker image rm kintsang/devsecops-forum:latest || true'
    - name: Run new container
      run: |
        ssh -o StrictHostKeyChecking=no -i key.pem ${{secrets.AWS_EC2_PROD_USERNAME}}@${{ secrets.AWS_EC2_PROD_HOSTNAME }} 'sudo docker run -d --name devsecops-forum -p 80:3000 ${{ secrets.DOCKER_HUB_USERNAME }}/devsecops-forum:latest'

Due to the reason that I am having to enter in the environment variables to mirror the .env.local file that the app gets when I do a docker build locally from my terminal, I change the Dockerfile to the below whenever I use the pipeline.yml file:

FROM node:20.10.0

ARG CLERK_SECRET_KEY=""
ARG MONGODB_URL=""
ARG NEXT_CLERK_WEBHOOK_SECRET=""
ARG NEXT_PUBLIC_CLERK_AFTER_SIGN_IN_URL=""
ARG NEXT_PUBLIC_CLERK_AFTER_SIGN_UP_URL=""
ARG NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=""
ARG NEXT_PUBLIC_CLERK_SIGN_IN_URL=""
ARG NEXT_PUBLIC_CLERK_SIGN_UP_URL=""
ARG NEXT_PUBLIC_SERVER_URL=""
ARG NEXT_PUBLIC_TINY_EDITOR_API_KEY=""
ARG OPENAI_API_KEY=""

WORKDIR /app

COPY . .
RUN npm install

RUN printf "$CLERK_SECRET_KEY" >> .env
RUN printf "$MONGODB_URL" >> .env
RUN printf "$NEXT_CLERK_WEBHOOK_SECRET" >> .env
RUN printf "$NEXT_PUBLIC_CLERK_AFTER_SIGN_IN_URL" >> .env
RUN printf "$NEXT_PUBLIC_CLERK_AFTER_SIGN_UP_URL" >> .env
RUN printf "$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY" >> .env
RUN printf "$NEXT_PUBLIC_CLERK_SIGN_IN_URL" >> .env
RUN printf "$NEXT_PUBLIC_CLERK_SIGN_UP_URL" >> .env
RUN printf "$NEXT_PUBLIC_SERVER_URL" >> .env
RUN printf "$NEXT_PUBLIC_TINY_EDITOR_API_KEY" >> .env
RUN printf "$OPENAI_API_KEY" >> .env

RUN npm run build

EXPOSE 3000
CMD ["npm", "start"]

Both dockerfiles should be the same and have the same enironment variables but for some reason when I do a docker run in the terminal docker file kintsang/devsecopsforum:1.2, it can spin up a website, whereas for kintsang/devsecops-forum:latest, it returns a 500 Internal Server Error

Screen Shot 2023-12-27 at 3 17 17 PM

I would expect both docker files to be the same. Since all that are being added to the Dockerfile when using the pipeline.yml are arguments to subtitle the variables in my .env.local local file that I do not want to commit.

I am not sure where the discrepancy between the two docker files (one built in my own terminal locally, one built on GitHub Workflows) since the dockerfile is pretty simple.

Thank you for the help!

Expected behaviour

I am expecting both the docker files (one built in my own terminal, one built on GitHub Workflows) to be identical.

Actual behaviour

The Docker file built from my terminal is working whereas the Docker file built from the GitHub Workflow is broken.

Repository URL

No response

Workflow run URL

No response

YAML workflow

name: Docker Image CI

on:
  push:
    branches: [ "main" ]

jobs:

  docker-build-push:
     name: Build docker
     runs-on: ubuntu-latest
     steps:
       - name: Login to docker hub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
       - name: Build and push
         uses: docker/build-push-action@v5.1.0
         with:
           build-args: |
             CLERK_SECRET_KEY=${{ secrets.CLERK_SECRET_KEY }}
             MONGODB_URL=${{ secrets.MONGODB_URL }}
             NEXT_CLERK_WEBHOOK_SECRET=${{ secrets.NEXT_CLERK_WEBHOOK_SECRET }}
             NEXT_PUBLIC_CLERK_AFTER_SIGN_IN_URL=${{ secrets.NEXT_PUBLIC_CLERK_AFTER_SIGN_IN_URL }}
             NEXT_PUBLIC_CLERK_AFTER_SIGN_UP_URL=${{ secrets.NEXT_PUBLIC_CLERK_AFTER_SIGN_UP_URL }}
             NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=${{ secrets.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
             NEXT_PUBLIC_CLERK_SIGN_IN_URL=${{ secrets.NEXT_PUBLIC_CLERK_SIGN_IN_URL }}
             NEXT_PUBLIC_CLERK_SIGN_UP_URL=${{ secrets.NEXT_PUBLIC_CLERK_SIGN_UP_URL }}
             NEXT_PUBLIC_SERVER_URL=${{ secrets.NEXT_PUBLIC_SERVER_URL }}
             NEXT_PUBLIC_TINY_EDITOR_API_KEY=${{ secrets.NEXT_PUBLIC_TINY_EDITOR_API_KEY }}
             OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }}
           push: true
           tags: ${{ secrets.DOCKER_HUB_USERNAME }}/devsecops-forum:latest

  push-to-ec2:
    needs: docker-build-push
    runs-on: ubuntu-latest
    steps:
    - name: Login to docker hub
      uses: docker/login-action@v3
      with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
    - name: Set permissions for private key
      run: |
        echo "${{ secrets.AWS_EC2_PROD_PRIVATE_KEY }}" > key.pem
        chmod 600 key.pem
    - name: Pull Docker image
      run: |
        ssh -o StrictHostKeyChecking=no -i key.pem ${{secrets.AWS_EC2_PROD_USERNAME}}@${{ secrets.AWS_EC2_PROD_HOSTNAME }} 'sudo docker pull ${{ secrets.DOCKER_HUB_USERNAME }}/devsecops-forum:latest'
    - name: Stop running container
      run: |
        ssh -o StrictHostKeyChecking=no -i key.pem ${{secrets.AWS_EC2_PROD_USERNAME}}@${{ secrets.AWS_EC2_PROD_HOSTNAME }} 'sudo docker stop devsecops-forum || true'
        ssh -o StrictHostKeyChecking=no -i key.pem ${{secrets.AWS_EC2_PROD_USERNAME}}@${{ secrets.AWS_EC2_PROD_HOSTNAME }} 'sudo docker rm devsecops-forum || true'
        ssh -o StrictHostKeyChecking=no -i key.pem ${{secrets.AWS_EC2_PROD_USERNAME}}@${{ secrets.AWS_EC2_PROD_HOSTNAME }} 'sudo docker image rm kintsang/devsecops-forum:latest || true'
    - name: Run new container
      run: |
        ssh -o StrictHostKeyChecking=no -i key.pem ${{secrets.AWS_EC2_PROD_USERNAME}}@${{ secrets.AWS_EC2_PROD_HOSTNAME }} 'sudo docker run -d --name devsecops-forum -p 80:3000 ${{ secrets.DOCKER_HUB_USERNAME }}/devsecops-forum:latest'

Workflow logs

No response

BuildKit logs

No response

Additional info

No response

crazy-max commented 6 months ago

Would need logs and to help you further a minimal repro with a link to the repo running this workflow. Thanks.