没有将环境变量注入到Azure Devops管道上的多阶段Docker构建中 [英] Environment variable not injected into multi stage docker build on Azure Devops pipeline

问题描述

我有一个docker文件，可以在本地构建该文件而不会出现问题，在Azure Devops上，该变量未正确设置.例如.在本地，我可以运行多阶段docker构建，其中从Azure工件授权存储库中获取工件.授权令牌可以在本地设置而不会出现问题.在构建管道上，我无法正确注入它.

I have a docker file that I can build locally without issues, on Azure Devops the variable is not set properly. E.g. locally I can run a multi-stage docker build where artifacts are fetched from an Azure artifact repository with authorization. The authorization token can be set locally without issues. On the build pipeline I haven't been able to inject it properly.

docker文件:

FROM gradle:5.4.1-jdk8 AS build
ARG AZURE_ARTIFACTS_ENV_ACCESS_TOKEN
ENV AZURE_ARTIFACTS_ENV_ACCESS_TOKEN $AZURE_ARTIFACTS_ENV_ACCESS_TOKEN
COPY --chown=gradle:gradle . /home/gradle/src
WORKDIR /home/gradle/src
RUN gradle build --no-daemon

FROM java:8
COPY --from=build /home/gradle/src/build/libs/medquality-rest-service.jar medquality-rest-service.jar
ADD wait-for-it.sh /wait-for-it.sh
RUN chmod +x /wait-for-it.sh

ENTRYPOINT ["/wait-for-it.sh", \
            "${CORDA_NODE_URL}:${CORDA_NODE_PORT}", \
#            "--strict", \
            "--timeout=60", \
            "--", \
            "java", \
            "-jar", \
            "medquality-rest-service.jar", \
            "--config.rpc.host=${CORDA_NODE_URL}", \
            "--config.rpc.port=${CORDA_NODE_PORT}", \
            "--config.rpc.username=user1", \
            "--config.rpc.password=test"]

命令:

docker build --build-arg AZURE_ARTIFACTS_ENV_ACCESS_TOKEN .

它注入令牌，以便多阶段构建可以获取工件.

It injects the token so the multistage build can fetch the artifacts.

一旦我移至Azure管道，它将不会注入值，即管道:

Once I move to the Azure pipeline it will not inject the value, the pipeline:

trigger:
- master

pool:
  vmImage: 'ubuntu-latest'

steps:
- task: Gradle@2
  inputs:
    workingDirectory: ''
    gradleWrapperFile: 'gradlew'
    gradleOptions: '-Xmx3072m'
    javaHomeOption: 'JDKVersion'
    jdkVersionOption: '1.8'
    jdkArchitectureOption: 'x64'
    publishJUnitResults: true
    testResultsFiles: '**/TEST-*.xml'
    tasks: 'build publish'
  env:
      AZURE_ARTIFACTS_ENV_ACCESS_TOKEN: $(System.AccessToken)
- task: Docker@2
  inputs:
    containerRegistry: 'alysidia-container-registry'
    repository: 'medquality-rest-service'
    command: 'buildAndPush'
    arguments: --build-arg AZURE_ARTIFACTS_ENV_ACCESS_TOKEN=1234567
    Dockerfile: '**/Dockerfile'
  # env:
  #     AZURE_ARTIFACTS_ENV_ACCESS_TOKEN: $(System.AccessToken)

第一个gradle任务获取了正确注入的变量，但似乎我错过了与管道相关的内容.当前的结果是未设置工件PAT，因此未在Docker任务及其多阶段构建中授权该请求.例如.甚至打印出gradle脚本中的所有环境变量，AZURE_ARTIFACTS_ENV_ACCESS_TOKEN也不是1234567，而是空的.

The 1st gradle task gets the variable injected properly but it seems I miss something related to the pipeline. The result currently is that the artifact PAT is not set and therefore the request is not authorized on the Docker task and its multi-stage build. E.g. even printing out all environment variables in the gradle script, AZURE_ARTIFACTS_ENV_ACCESS_TOKEN is not 1234567 but empty.

更新:

我在参数字符串上设置了连字符，看起来不错，但没有成功，添加了RUN echo值未设置:

I've set hyphens on the arguments string, looked like a good candidate but no success, adding the RUN echo the value is not set:

arguments: '--build-arg AZURE_ARTIFACTS_ENV_ACCESS_TOKEN=$(System.AccessToken)'

Dockerfile中的RUN部分:

The RUN section in the Dockerfile:

ARG AZURE_ARTIFACTS_ENV_ACCESS_TOKEN
RUN echo $AZURE_ARTIFACTS_ENV_ACCESS_TOKEN
ENV AZURE_ARTIFACTS_ENV_ACCESS_TOKEN $AZURE_ARTIFACTS_ENV_ACCESS_TOKEN

RUN命令的输出:

Step 3/21 : RUN echo $AZURE_ARTIFACTS_ENV_ACCESS_TOKEN
 ---> Running in 6791245d8990

Removing intermediate container 6791245d8990

推荐答案

我针对此Dockerfile的最小示例进行了测试

I made a test for minimal example I mean for this Dockerfile

FROM alpine

ARG a_version
RUN echo $a_version

和这个管道

steps:
- pwsh: ls 'stackoverflow/85-docker/'
- task: Docker@2
  inputs:
    containerRegistry: 'devopsmanual-acr'
    command: 'build'
    Dockerfile: 'stackoverflow/85-docker/DOCKERFILE'
    arguments: '--build-arg a_version=$(System.AccessToken)'

我知道了

2020-11-23T15:39:04.0075804Z Step 3/12 : RUN echo $a_version
2020-11-23T15:39:04.0228448Z  ---> Running in 45fc8efb4968
2020-11-23T15:39:04.3523862Z ***

这是正确的，因为它检测到并掩盖了机密.

which is correct because it detected secret and masked it.

如果我将其用于非秘密变量，则我将拥有:

If I run it for nor secret variable I have:

2020-11-23T15:42:10.0106169Z Step 3/12 : RUN echo $a_version
2020-11-23T15:42:10.0288192Z  ---> Running in a59622e31abb
2020-11-23T15:42:10.3746013Z SomeValue123

其中 SomeValue123 是我的管道变量的值

where SomeValue123 is value of my pipeline variable

这篇关于没有将环境变量注入到Azure Devops管道上的多阶段Docker构建中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！