Running a Docker container, can't find secrets in /run/secrets

Question

I am using docker compose to publish my secrets to a container. According to the documentation, the following docker-compose.yml file should make my secret available to the container at runtime.

services:
  sbd_listener:
    platform: linux/amd64
    build: .
    secrets:
      - service_account_key
secrets:
  service_account_key:
    file: ./service_account_key.json

My Dockerfile is as follows (I have commented active code out to get a minimal reproduction):

FROM --platform=linux/amd64 rust:latest
COPY gcp_tasks /sbd/gcp_tasks
COPY sbd_listener /sbd/sbd_listener
WORKDIR /sbd/sbd_listener
ARG BUILD_ENV
# RUN apt-get update && apt-get install -y nginx
# COPY nginx/nginx.conf /etc/nginx/conf.d/default.conf
ENTRYPOINT ["sleep", "infinity"]
# RUN cargo build --config=cargo_${BUILD_ENV}.toml --release
# ENTRYPOINT [ "/sbd/sbd_listener/target/release/sbd_listener" ]

I am using the following command to build the image:

docker compose --progress=plain --verbose build --no-cache --build-arg BUILD_ENV="$env"

And then when use docker run <image-id> to spin up a container, and docker exec <container-id> ls -al /run, there is no secrets directory. However, I would expect to see a duplicated file in the location /run/secrets/service_account_key.

Am I missing something in my docker compose step?

The secret is available to the Dockerfile if I nest the secrets block inside the build block, but I need access to the runtime secret rather than the build time secret.

UPDATE

If I use docker compose up rather than docker compose build followed by docker run <image-id>, the secrets are mounted correctly. However, I am attaching the image to a GCE instance template, and at the moment I am not sure how docker compose up can work with GCE. So another question could be: what does docker compose up do that docker compose build doesn't do?