Mike
Reputation: 1310
Docker RUN Instruction with a Mounted Secret in Exec Form
What is the proper syntax for a RUN instruction in a Dockerfile, that requires mounting a secret, in exec form?
In other words, if a Dockerfile that looks something like:
FROM node:fermium-alpine
# . . .
RUN --mount=type=secret,id=npmrc yarn build:production
# . . .
how could the RUN instruction above be converted from shell form to exec form? There doesn't seem to be an example in the official docs here.
Upvotes: 1
Views: 976
Answers (1)
Mike
Reputation: 1310
FROM node:fermium-alpine
WORKDIR /usr/src/app
# . . .
RUN --mount=type=secret,id=npmrc,dst=/usr/src/app/.npmrc ["/usr/local/bin/yarn", \
"build:production"]
# . . .
Note:
- The
--mountflag is kept outside of the JSON array to its right - The
dst=. . .has been added to the--mountflag above to ensure that.npmrcis not only saved as a dotfile, but that it is saved in theWORKDIRso thatyarncan use it during thebuild RUNinstructions with the--mount= . . .,dst=. . .in exec form can get lengthy; use\to split long lines in aDockerfile(taken fromDockerfilebest practices here)- Just to be on the safe side, since shell form is not being used here, the
yarnexecutable was replaced with the absolute path/usr/local/bin/yarnfor thenode:fermium-alpineimage
Upvotes: 3
Related Questions
- How to use secrets when building docker compose locally
- How can I read --secret args passed to docker build as environment variables to write to a file?
- Is it possible to provide secret to docker run?
- Pass arguments to docker build, but NOT via cli
- Docker BuildKit returning '/run/secrets/<secret-id>: No such file or directory' when passing secrets to container using Azure DevOps build pipeline
- Right way to use secret flag in docker buildkit
- Dockerfile RUN command with passed argument
- pass in command in 'exec form' with docker run
- How can I use secrets during docker build?
- Docker secrets in build-time