Comments (5)
Only the first two build arguments are parsed and the rest of them remain as a single string:
This means one of the arg's value is not properly escaped and probably has a "
char in its value. This is similar to how secrets parsing work: https://docs.docker.com/build/ci/github-actions/secrets/
Also I see you're passing sensitive information as build-arg (e.g. SEGMENT_WRITE_KEY=${{secrets.SEGMENT_WRITE_KEY}}
) which is a bad practice as it would leak credentials in the final image. Please use build time secrets for this: https://docs.docker.com/build/ci/github-actions/secrets/. More info https://docs.docker.com/build/building/secrets/.
@dvdksn I think we should have a similar page like "Secrets" for build arguments in our GHA docs. We could show both cases where user wants to set build arg with the build-push-action and another one with bake-action. WDYT?
from build-push-action.
Only the first two build arguments are parsed and the rest of them remain as a single string:
This means one of the arg's value is not properly escaped and probably has a
"
char in its value. This is similar to how secrets parsing work: https://docs.docker.com/build/ci/github-actions/secrets/Also I see you're passing sensitive information as build-arg (e.g.
SEGMENT_WRITE_KEY=${{secrets.SEGMENT_WRITE_KEY}}
) which is a bad practice as it would leak credentials in the final image. Please use build time secrets for this: https://docs.docker.com/build/ci/github-actions/secrets/. More info https://docs.docker.com/build/building/secrets/.@dvdksn I think we should have a similar page like "Secrets" for build arguments in our GHA docs. We could show both cases where user wants to set build arg with the build-push-action and another one with bake-action. WDYT?
there was a line break inside one of the values.
Yes. But this just means that the parsing is pretty brittle - its a very hard to identify issue.
Thanks for the tip about using secrets, ill certainly do this.
from build-push-action.
Yes. But this just means that the parsing is pretty brittle - its a very hard to identify issue.
Agree I will take a look if we can detect these cases and warn about it.
from build-push-action.
Current limitation with GitHub Actions inputs makes it hard to detect these cases but will look forward when GitHub implements objects for inputs. We might also consider using a new format such as YAML:
build-args: |
- BACKEND_URL: |
${{vars.BACKEND_URL}}
- BUILD_TARGET: |
${{env.SERVICE_NAME}}
from build-push-action.
Current limitation with GitHub Actions inputs makes it hard to detect these cases but will look forward when GitHub implements objects for inputs. We might also consider using a new format such as YAML:
build-args: | - BACKEND_URL: | ${{vars.BACKEND_URL}} - BUILD_TARGET: | ${{env.SERVICE_NAME}}
Thanks for your prompt replies ! Very nice 👍
from build-push-action.
Related Issues (20)
- Support push and load being set together HOT 5
- header key "followpaths" contains value with non-printable ASCII characters HOT 9
- Request for new release HOT 1
- Action hangs after build HOT 3
- net/http: TLS handshake timeout HOT 1
- GHA/Local cache doesn't work HOT 3
- Docker build hangs for `linux/arm/v7` HOT 1
- Ability to use multiple names when using output `type=image` HOT 4
- Caching Multiple Container Builds HOT 1
- Error: buildx failed with: ERROR: failed to solve: failed to read dockerfile: open Dockerfile: no such file or directory HOT 2
- `fatal: Not a valid object name` during `load git source` triggered by `on: push:` (with self-hosted runner) HOT 2
- Not all files present in final build when using `context` HOT 1
- Cache from different multi platform builds doesn't get used HOT 1
- Issue with git clone when the repo include submodules from other repositories HOT 3
- Add support for --progress CLI option
- Use a custom README file for the GitHub package rather than the main project README
- Build image from specific ref HOT 2
- Fail to export cache HOT 6
- x509: certificate signed by unknown authority when importing and exporting cache to self hosted GHE
- buildx failed with: ERROR: attestations are not supported by the current buildkitd HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from build-push-action.