I have the following docker run command that I send via ssh from my CI (as the problem also happens when I try it on the server directly I skip all ssh related stuff here).
docker run --name amc-node-be -d -p 10.0.0.3:3000:3000 --mount type=bind,source=/etc/amc-node-be/.env,target=/app/dist/amc-node-be/.env,readonly --restart unless-stopped .../amc-node-be:latest
I guess it has something to do with file permissions but I don't understand enough how the permissions of the host leak through to the container using a bind mount or maybe I don't understand linux file permissions enough. On the host I gave read permissions to the docker group on the .env file.
/etc/amc-node-be$ ls -la
total 12
drwxr-x---+ 2 andymatic docker 4096 Oct 2 10:20 .
drwxr-xr-x 85 root root 4096 Oct 2 12:13 ..
-rwxr-----+ 1 andymatic docker 912 Oct 2 09:40 .env
The deploy user is in the docker group
$ sudo -u deploy groups
docker
With sudo -u deploy cat /etc/amc-node-be/.env on the host I get the content of the file
docker inspect amc-node-be returns
"Mounts": [
{
"Type": "bind",
"Source": "/etc/amc-node-be/.env",
"Destination": "/app/dist/amc-node-be/.env",
"Mode": "",
"RW": false,
"Propagation": "rprivate"
}
]
Any other idea what I do wrong?
I think you should use the --env-file option:
docker run --env-file=.env --name amc-node-be -d -p 10.0.0.3:3000:3000 --restart unless-stopped .../amc-node-be:latest
With env-file you can reference the filename, which is parsed to extract the environment variables to set.