如何使用未提交的本地证书文件构建具有 GitHub 操作的 Docker 映像
[英]How to build an Docker image with GitHub actions using uncommited local certificate files
问题描述
I have set up a GitHub actions workflow, where when I push code to a branch in my repo, GitHub actions help me build an image of that repo and push it to Docker Hub, which work fine.
我已经设置了一个 GitHub 操作工作流,当我将代码推送到我的仓库中的一个分支时,GitHub 操作帮助我构建该仓库的映像并将其推送到 Docker Hub,它工作正常。
The thing is that I now have certificate-files that I want to keep locally (ie not push up to my GitHub repo) - but that also means that the GitHub actions don't have access to them when building the image, and thus they don't get included in the built image on Docker Hub which I use to pull from into my production server - where I now don't have my certificate files.问题是我现在有我想在本地保存的证书文件(即不推送到我的 GitHub 存储库)——但这也意味着 GitHub 操作在构建图像时无权访问它们,因此它们不要包含在 Docker 集线器上的构建映像中,我用来从我的生产服务器中提取它 - 我现在没有我的证书文件。 How can I set up GitHub actions to in some way build the image by using local files?如何设置 GitHub 操作以某种方式使用本地文件构建映像? Or is there a better way to solve this?或者有没有更好的方法来解决这个问题?
My GitHub actions file我的 GitHub 动作文件
name: Build and deploy project to Docker Hub
on:
push:
branches:
- master
jobs:
build:
runs-on: 'ubuntu-latest'
steps:
- uses: actions/checkout@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Log in to Docker Hub - Main web app container registry
uses: docker/login-action@v1
with:
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}
- name: Build and push Main web app container image to registry
uses: docker/build-push-action@v2
with:
push: true
tags: ${{ secrets.USERNAME }}/project:latest
file: ./Dockerfile.prod
1 个解决方案
解决方案1
0 2021-12-18 11:39:11
Well now I feel stupid:)好吧,现在我觉得自己很愚蠢:)
I got all into thinking about how to solve it by including it on the build-stage of the image, and didn't think of that when you start the built image you can choose to use "volumes" that resides on the machine you are starting the docker image from.我全神贯注地考虑如何通过将其包含在映像的构建阶段来解决它,并且没有想到当您启动构建的映像时您可以选择使用驻留在您所在机器上的“卷”从 docker 图像开始。
It was as simple as:它很简单:
- Copy the folder with my certificate files from my local version of my GitHub repo to the remote version of my repo at my server with SCP, for example:将包含我的证书文件的文件夹从我的 GitHub 存储库的本地版本复制到我的服务器上使用 SCP 的存储库的远程版本,例如:
scp -r $(pwd)/Certificates_prod user@server:/path/to/repo/on/server
- Go into your docker-compose file and go under the container that is supposed to use the certificate-files and add the folder as a mounted volume, for example: Go 到您的 docker-compose 文件和 go 应该使用证书文件的容器下,并将文件夹添加为已安装的卷,例如:
restart: always image: index.docker.io/username/reponame command: gunicorn myrepo.wsgi:application --bind 0.0.0.0:8000 volumes: - /local/path/to/Certificates_prod:/remote/path/to/your/repo
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.