[英]How to use file from home directory in docker compose secret?
I am trying to build a docker container with private node packages in it.我正在尝试构建一个 docker 容器,其中包含私有节点包。 I have followed this guide to use secrets to reference npmrc file securely to install the dependencies.
我已按照本指南使用机密来安全地引用 npmrc 文件来安装依赖项。 I can get this to work when building the image directly using a command like this:
docker build --secret id=npm,src=$HOME/.npmrc.
在直接使用如下命令构建映像时,我可以让它工作:
docker build --secret id=npm,src=$HOME/.npmrc.
but I cannot get this working with docker compose.但我无法与 docker 组合一起使用。 When running a
docker compose build
it acts like there is no npmrc file and gives me a 401 when trying to download dependencies.当运行
docker compose build
时,它的行为就像没有 npmrc 文件,并在尝试下载依赖项时给我一个 401。
I provided a stripped down version of Dockerfile and docker-compose.yml below.我在下面提供了 Dockerfile 和 docker-compose.yml 的精简版本。
Dockerfile Dockerfile
# syntax = docker/dockerfile:1.2
FROM node:14.17.1
COPY . .
RUN --mount=type=secret,id=npm,target=/root/.npmrc yarn --frozen-lockfile --production
EXPOSE 3000
CMD [ "npm", "start" ]
docker-compose.yml docker-compose.yml
version: '3.7'
services:
example:
build: packages/example
ports:
- "3000:3000"
secrets:
- npm
secrets:
npm:
file: ${HOME}/.npmrc
The problem appears to be that my docker-compose.yml is specifying secrets for runtime of a container vs build time.问题似乎是我的 docker-compose.yml 指定了容器运行时与构建时间的秘密。 Support for build secrets from docker compose has not been implemented yet.
尚未实现对来自 docker compose 的构建机密的支持。 Here is the outstanding PR: https://github.com/docker/compose/pull/7046 .
这是优秀的 PR: https : //github.com/docker/compose/pull/7046 。
For now, I have to build the image using docker build ...
and reference the named image locally in docker-compose.yml instead of building through docker compose.现在,我必须使用
docker build ...
构建图像docker build ...
并在 docker-compose.yml 中本地引用命名图像,而不是通过 docker compose 构建。
Since docker-compose v2.5.0 this is now possible.自docker-compose v2.5.0以来,这现在是可能的。
Dockerfile: Dockerfile:
# syntax=docker/dockerfile:1.2
RUN --mount=type=secret,id=mysecret,target=/root/mysecret cat /root/mysecret
docker-compose.yml docker-compose.yml
services:
my-app:
build:
context: .
secrets:
- mysecret
secrets:
mysecret:
file: ~/.npmrc
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.