search

docker / build-push-action

GitHub Action to build and push Docker images with Buildx
https://github.com/marketplace/actions/build-and-push-docker-images
Apache License 2.0
4.31k stars 553 forks source link

build-args not passing to buildkit builder #978

Closed Omer-AV-MA closed 11 months ago

Omer-AV-MA commented 1 year ago

Contributing guidelines

I've found a bug, and:

Description

Hi, i have this in my workflow 

  -
    name: Set up Docker Buildx
    uses: docker/setup-buildx-action@v3

 -
    name: Build and push
    uses: docker/build-push-action@v5
    with:
      tags: ${{ env.imagetag }}
      build-args: |
          NPM_TOKEN=${{ secrets.my_token }}
      network: host
      outputs: type=docker
      cache-from: type=gha
      cache-to: type=gha,mode=max

DockerFile:

FROM node:20.3.1-alpine3.18

#varibales
ARG USER_NAME=node
ARG USER_ID=1000

# Create app directory
WORKDIR /usr/src/app

# npm token
ARG NPM_TOKEN

# if NPM_TOKEN not supplied stop the build process
RUN if [ -z "$NPM_TOKEN" ]; then exit 1 ; fi

RUN echo "//npm.pkg.github.com/:_authToken=$NPM_TOKEN" > .npmrc
COPY . .

RUN yarn install

Expected behaviour

yarn install should pass and install packages from private repo e.g github org

Actual behaviour

getting 401 unauthorized using docker build --build-arg command manually works

Repository URL

No response

Workflow run URL

No response

YAML workflow

-
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

     -
        name: Build and push
        uses: docker/build-push-action@v5
        with:
          tags: ${{ env.imagetag }}
          build-args: |
              NPM_TOKEN=${{ secrets.my_token }}
          network: host
          outputs: type=docker
          cache-from: type=gha
          cache-to: type=gha,mode=max
-------------------------------------------------
DockerFile has ARG NPM_TOKEN

FROM node:20.3.1-alpine3.18

#varibales
ARG USER_NAME=node
ARG USER_ID=1000

# for new reliec
RUN apk add python3

# for new reliec
RUN apk add build-base

# Create app directory
WORKDIR /usr/src/app

# npm token
ARG NPM_TOKEN

# if NPM_TOKEN not supplied stop the build process
RUN if [ -z "$NPM_TOKEN" ]; then exit 1 ; fi

RUN echo "//npm.pkg.github.com/:_authToken=$NPM_TOKEN" > .npmrc
COPY . .

RUN yarn install

Workflow logs

No response

BuildKit logs

No response

Additional info

No response

Omer-AV-MA commented 11 months ago

Anyone?

crazy-max commented 11 months ago

That means ${{ secrets.my_token }} is empty. Did you test with something else like NPM_TOKEN=foo?

Also if this workflow is triggered for a pull request from a fork, secrets are not passed to the runner which might be why it's empty in your case.

I'd also like to add that it's bad practice to use build arg to pass on sensitive information. Please use secrets instead: https://docs.docker.com/build/ci/github-actions/secrets/