I have built a containerised python application which runs without issue locally using a .env file and and a docker-compose.yml file compiled with compose build.
I am then able to use variables within the Dockerfile like this.
ARG APP_USR
ENV APP_USR ${APP_USR}
ARG APP_PASS
ENV APP_PASS ${APP__PASS}
RUN pip install https://${APP_USR}:${APP_PASS}@github.org/*****/master.zip
I am deploying to cloud run via a synced bitbucket repository, and have defined under "REVISIONS" > "SECRETS AND VARIABLES",(as described here: https://cloud.google.com/run/docs/configuring/environment-variables) but I can not work out how to access these variables in the Dockerfile during build.
As I understand it, I need to create a cloudbuild.yaml file to define the variables, but I haven't been able to find a clear example of how to set this up using the Environment variables defined in cloud run.
My understanding is that it is not possible to directly use a Cloud Run revision's environment variables in the Dockerfile because the build is managed by Cloud Build, which doesn't know about Cloud Run revision before the deployment.
But I was able to use Secret Manager's secrets in the Dockerfile.
Sources:
cloudbuild.yaml
: https://cloud.google.com/build/docs/securing-builds/use-secretscloudbuild.yaml
to Dockerfile
: https://vsupalov.com/docker-build-pass-environment-variables/Quick summary:
In your case, for APP_USR
and APP_PASS
:
Grant the Secret Manager Secret Accessor (roles/secretmanager.secretAccessor) IAM role for the secret to the Cloud Build service account (see first source).
Add an availableSecrets
block at the end of the cloudbuild.yaml
file (out of the steps
block):
availableSecrets:
secretManager:
- versionName: <APP_USR_SECRET_RESOURCE_ID_WITH_VERSION>
env: 'APP_USR'
- versionName: <APP_PASS_SECRET_RESOURCE_ID_WITH_VERSION>
env: 'APP_PASS'
docker build
, Google's documentation uses 'bash', I use Docker directly): - id: Build
name: gcr.io/cloud-builders/docker
args:
- build
- '-f=Dockerfile'
- '.'
# Add these two `--build-arg` params:
- '--build-arg'
- 'APP_USR=$$APP_USR'
- '--build-arg'
- 'APP_PASS=$$APP_PASS'
secretEnv: ['APP_USR', 'APP_PASS'] # <=== add this line
Dockerfile
:ARG APP_USR
ENV APP_USR=$APP_USR
ARG APP_PASS
ENV APP_PASS=$APP_PASS
RUN pip install https://$APP_USR:$APP_PASS@github.org/*****/master.zip