Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

GCP Cloud build pass secret to docker arg

Tags:

docker

google-cloud-platform

I intend to pass my npm token to gcp cloud build, so that I can use it in a multistage build, to install private npm packages.

I have the following abridged Dockerfile:

FROM ubuntu:14.04 AS build
ARG NPM_TOKEN

RUN echo "NPM_TOKEN:: ${NPM_TOKEN}"

and the following abridged cloudbuild.yaml:

---
  steps:
  - name: gcr.io/cloud-builders/gcloud
    entrypoint: 'bash'
    args: [ '-c', 'gcloud secrets versions access latest --secret=my-npm-token > npm-token.txt' ]
  - name: gcr.io/cloud-builders/docker
    args:
    - build
    - "-t"
    - gcr.io/my-project/my-program
    - "."
    - "--build-arg NPM_TOKEN= < npm-token.txt"
    - "--no-cache"

I based my cloudbuild.yaml on the documentation, but it seems like I am not able to put two and two together, as the expression: "--build-arg NPM_TOKEN= < npm-token.txt" does not work. I have tested the DockerFile, when I directly pass in the npm token, and it works. I simply have trouble passing in a token from gcloud secrets as a build argument to docker.

Help is greatly appreciated!

like image 443
toljoas Avatar asked Feb 02 '26 21:02

toljoas

2 Answers

Your goal is to get the secret file contents into the build argument. Therefore you have to read the file content using either NPM_TOKEN="$(cat npm-token.txt)"or NPM_TOKEN="$(< npm-token.txt)".

  name: gcr.io/cloud-builders/docker
  entrypoint: 'bash'
  args: [ '-c', 'docker build -t gcr.io/my-project/my-program . --build-arg NPM_TOKEN="$(cat npm-token.txt)" --no-cache' ]

Note: The gcr.io/cloud-builders/docker however use exec entrypoint form. Therefore you set entrypoint to bash.

Also note that you save the secret to the build workspace (/workspace/..). This also allows you to copy the secret as a file into your container.

FROM ubuntu:14.04 AS build
ARG NPM_TOKEN

COPY npm-token.txt .
RUN echo "NPM_TOKEN:: $(cat npm-token.txt)"
like image 173
Laurens Knoll Avatar answered Feb 05 '26 11:02

Laurens Knoll

I won't write your second step like you did, but like this:

  - name: gcr.io/cloud-builders/docker
    entrypoint: "bash"
    args:
    - "-c"
    - |
        build -t gcr.io/my-project/my-program . --build-arg NPM_TOKEN=$(cat npm-token.txt) --no-cache
like image 42
guillaume blaquiere Avatar answered Feb 05 '26 10:02

guillaume blaquiere
Sign in to Comment

Related questions

Local Gitlab cicd failed 'fatal: unable to access...Could not resolve host:...' with linux runner

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!