How to set a Dockerfile ARG in Github actions

Question

I have a Dockerfile for one of my Node.js services that I try to push to my Digitalocean registry through the use of Github actions.

My Node.js service requires a private package that is hosted by myself on npm.js registry.

In my Dockerfile, I have an ARG for that:

FROM node:14-slim

ARG NODE_ENV=production

EXPOSE 5000

WORKDIR /usr/src/app

ARG NPM_TOKEN

COPY .npmrc .npmrc

COPY package*.json ./

RUN npm install

RUN rm -f .npmrc

COPY src src

CMD ["npm", "start"]

and the following.npmrc file:

//registry.npmjs.org/:_authToken=${NPM_TOKEN}

in my Github actions workflow I have two actions. One for running tests:

name: tests-user-service

on:
  pull_request:
    paths:
      - 'user-service/**'

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Install dependencies & run tests
        run: cd user-service && npm install && npm run test:ci
        env:
          NPM_TOKEN: ${{secrets.NPM_ACCESS_TOKEN}}

and one for building the docker file and pushing it to the registry:

name: deploy-user-service

on:
  push:
    branches:
      - main
    paths:
      - 'user-service/**'

jobs:
  build:
    runs-on: ubuntu-latest
    steps:

      - name: Check Out Repo
        uses: actions/checkout@v2

      - name: Install DigitalOcean Controller
        uses: digitalocean/action-doctl@v2
        with:
          token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}

      - name: Set up Docker Builder
        uses: docker/setup-buildx-action@v1

      - name: Authenticate with DigitalOcean Container Registry
        run: doctl registry login --expiry-seconds 600

      - name: Build and Push to DigitalOcean Container Registry
        uses: docker/build-push-action@v2
        with:
          context: ./user-service
          push: true
          tags: registry.digitalocean.com/xxx/xxx:latest
        env:
          NPM_TOKEN: ${{secrets.NPM_ACCESS_TOKEN}}

      - name: Logout from DigitalOcean Container Registry
        run: doctl registry logout

now, the test file works. So I know the NPM_ACCESS_TOKEN is set correctly.

The deployment file, that one fails. It tells me this:

#10 [5/7] RUN npm install
#10 sha256:28b0590a43c14b889983d16b5e375f0156f7fdacc29e32fc3c219bce54e61d69
#10 0.317 Error: Failed to replace env in config: ${NPM_TOKEN}

I tried the following in my Dockerfile:

FROM node:14-slim

ARG NODE_ENV=production

EXPOSE 5000

WORKDIR /usr/src/app

ARG NPM_TOKEN

ENV NPM_TOKEN ${NPM_TOKEN}

COPY .npmrc .npmrc

COPY package*.json ./

RUN npm install

RUN rm -f .npmrc

COPY src src

CMD ["npm", "start"]

and then it goes wrong and tells me this:

#10 2.784 npm ERR! code E404
#10 2.790 npm ERR! 404 Not Found - GET https://registry.npmjs.org/@xxx%2fxxx - Not found
#10 2.790 npm ERR! 404 
#10 2.790 npm ERR! 404  '@xxx/xxx@^0.0.11' is not in the npm registry.
#10 2.790 npm ERR! 404 You should bug the author to publish it (or use the name yourself!)

So then it can't find the module. I assume this happens because the NPM_TOKEN is now set with an empty string or so, as in the tests action it does work properly.

Any idea what else I could try?

Answer 1

Actually, I figured it out. Have to add build-args to the Build and Push part, and remove the env from there.

So instead of:

- name: Build and Push to DigitalOcean Container Registry
  uses: docker/build-push-action@v2
  with:
    context: ./user-service
    push: true
    tags: registry.digitalocean.com/xxx/xxx:latest
  env:
    NPM_TOKEN: ${{secrets.NPM_ACCESS_TOKEN}}

should use this:

- name: Build and Push to DigitalOcean Container Registry
  uses: docker/build-push-action@v2
  with:
    context: ./user-service
    push: true
    tags: registry.digitalocean.com/xxx/xxx:latest
    build-args: NPM_TOKEN=${{secrets.NPM_ACCESS_TOKEN}}