How can I mount a secret file into a docker image in a declarative Jenkins pipeline?

Question

Currently I have a pipeline working something like this:

pipeline {
  agent {
    docker {
      label 'linux'
      image 'java:8'
      args '-v /home/tester/.gradle:/.gradle'
    }
  }

  environment {
    HOME = '/'
    GRADLE_USER_HOME = '/.gradle'
    GRADLE_PROPERTIES = credentials('gradle.properties')
  }

  stages {
    stage('Build') {
      steps {
        sh 'cp ${GRADLE_PROPERTIES} ${GRADLE_USER_HOME}/'
        sh './gradlew clean check'
      }
    }
  }
}

Problem is, gradle.properties ends up being put in a more known location on the host system for the duration of the build.

I know that Docker lets me 'mount' files from the host. So I'd like to do this instead:

  agent {
    docker {
      label 'linux'
      image 'java:8'
      args '-v /home/tester/.gradle:/.gradle ' +
           '-v ' + credentials('gradle.properties') +
           ':/.gradle/gradle.properties'
    }
  }

Unfortunately, this ends up running this:

$ docker run -t -d -u 1001:1001 -v /home/tester/.gradle:/.gradle -v @credentials(<anonymous>=gradle.properties):/.gradle/gradle.properties -w

Is there a way to have it expand it?

Answer 1

I couldn't find a way to make the environment work for docker args. My workaround ended up being switching back to scripted pipeline:

agent {
  label 'linux'
}
environment {
  GRADLE_PROPERTIES = credentials('gradle.properties')
}
steps{
  script {
    docker.image('java:8').inside('-v /home/tester/.gradle:/.gradle ' +
       "-v $GRADLE_PROPERTIES:/.gradle/gradle.properties"){
    }
  }
}