search

docker / build-push-action

GitHub Action to build and push Docker images with Buildx
https://github.com/marketplace/actions/build-and-push-docker-images
Apache License 2.0
4.24k stars 541 forks source link

secrets parse error #895

Closed nfancy closed 9 months ago

nfancy commented 1 year ago

Troubleshooting

Before submitting a bug report please read the Troubleshooting doc.

Behaviour

Steps to reproduce this issue

Hi, This is my workflow for the build and push action to pass the gh secrets to dockerfile

- name: Build and push
        uses: docker/build-push-action@v4
        with:
          load: true
          file: ./Dockerfile
          tags: |
            eleonoreschneeg/omix:${{ env.packageVersion }}
            eleonoreschneeg/omix:latest
            eleonoreschneeg/omix:dev
          secrets: | 
            "SYNAPSE_ID=${{ secrets.SYNAPSE_ID }}"
            "SYNAPSE_PASSWORD=${{ secrets.SYNAPSE_PASSWORD }}"
            "GH_TOKEN=${{ secrets.GH_TOKEN }}"

This is what I have in my dockerfile

RUN --mount=type=secret,id=SYNAPSE_ID \
--mount=type=secret,id=SYNAPSE_PASSWORD \
--mount=type=secret,id=GH_TOKEN \
echo 'Sys.setenv(SYNAPSE_ID=$(cat /run/secrets/SYNAPSE_ID ))' \
>>"${HOME}/.Rprofile" \
&& echo 'Sys.setenv(SYNAPSE_PASSWORD=$(cat /run/secrets/SYNAPSE_PASSWORD ))' \
>>"${HOME}/.Rprofile" \
&& echo 'Sys.setenv(GH_TOKEN=$(cat /run/secrets/GH_TOKEN ))' \
>>"${HOME}/.Rprofile" \
&& Rscript -e "devtools::check()"

Expected behaviour

I was expecting that during the devtools::check(), the secrets will be used to download files but I get a parsing error at the initial stage.

Actual behaviour

Run docker/build-push-action@v4
GitHub Actions runtime token ACs
Docker info
Buildx version
/usr/bin/docker buildx build --file ./Dockerfile --iidfile /tmp/docker-actions-toolkit-p14PAu/iidfile --secret id="SYNAPSE_ID,src=/tmp/docker-actions-toolkit-p14PAu/tmp-2245-jJSKo99v4Z1X --secret id="SYNAPSE_PASSWORD,src=/tmp/docker-actions-toolkit-p14PAu/tmp-2245-91kAukkbU3wD --secret id=GH_TOKEN,src=/tmp/docker-actions-toolkit-p14PAu/tmp-2245-MfIGmjDwC5jd --secret id=GIT_AUTH_TOKEN,src=/tmp/docker-actions-toolkit-p14PAu/tmp-2245-uqNA7ediSWH9 --tag ***/omix:1.0.0 --tag ***/omix:latest --tag ***/omix:dev --load --metadata-file /tmp/docker-actions-toolkit-p14PAu/metadata-file https://github.com/eleonore-schneeg/Omix.git#a6df172b4ef88e840d8294e3421d4476184779ad
ERROR: failed to parse csv secret: parse error on line 1, column 4: bare " in non-quoted-field
Error: buildx failed with: ERROR: failed to parse csv secret: parse error on line 1, column 4: bare " in non-quoted-field
BuildKit version
  builder-d0e11223-c0a3-44dd-adc0-29cd875c6ac20: v0.11.6

I've "-" in the secret. Is that a problem? Thanks for any pointers.

Nurun

crazy-max commented 9 months ago 
ERROR: failed to parse csv secret: parse error on line 1, column 4: bare " in non-quoted-field

I've "-" in the secret. Is that a problem? Thanks for any pointers.

Actually no you have a " in your secret and as noted in https://docs.docker.com/build/ci/github-actions/secrets/, double escapes are needed for quote signs (see the JSON_SECRET in the example).

Closing this one but let us know if you still have an issue.

natanb830 commented 2 months ago

how to change the quote signs to double escapes by a linux command? I tried with sed and jq and it did not work - I can edit it manually in github secrets, the problem is that I use this json secret in another place - that's why I want to do it by a command at that specific place