Comments (5)
crazy-max
commented on June 12, 2024
1
Only the first two build arguments are parsed and the rest of them remain as a single string:
This means one of the arg's value is not properly escaped and probably has a " char in its value. This is similar to how secrets parsing work: https://docs.docker.com/build/ci/github-actions/secrets/
Also I see you're passing sensitive information as build-arg (e.g. SEGMENT_WRITE_KEY=${{secrets.SEGMENT_WRITE_KEY}}) which is a bad practice as it would leak credentials in the final image. Please use build time secrets for this: https://docs.docker.com/build/ci/github-actions/secrets/. More info https://docs.docker.com/build/building/secrets/.
@dvdksn I think we should have a similar page like "Secrets" for build arguments in our GHA docs. We could show both cases where user wants to set build arg with the build-push-action and another one with bake-action. WDYT?
from build-push-action.
Goldziher
commented on June 12, 2024
Only the first two build arguments are parsed and the rest of them remain as a single string:
This means one of the arg's value is not properly escaped and probably has a
"char in its value. This is similar to how secrets parsing work: https://docs.docker.com/build/ci/github-actions/secrets/Also I see you're passing sensitive information as build-arg (e.g.
SEGMENT_WRITE_KEY=${{secrets.SEGMENT_WRITE_KEY}}) which is a bad practice as it would leak credentials in the final image. Please use build time secrets for this: https://docs.docker.com/build/ci/github-actions/secrets/. More info https://docs.docker.com/build/building/secrets/.@dvdksn I think we should have a similar page like "Secrets" for build arguments in our GHA docs. We could show both cases where user wants to set build arg with the build-push-action and another one with bake-action. WDYT?
there was a line break inside one of the values.
Yes. But this just means that the parsing is pretty brittle - its a very hard to identify issue.
Thanks for the tip about using secrets, ill certainly do this.
from build-push-action.
crazy-max
commented on June 12, 2024
Yes. But this just means that the parsing is pretty brittle - its a very hard to identify issue.
Agree I will take a look if we can detect these cases and warn about it.
from build-push-action.
crazy-max
commented on June 12, 2024
Current limitation with GitHub Actions inputs makes it hard to detect these cases but will look forward when GitHub implements objects for inputs. We might also consider using a new format such as YAML:
build-args: |
- BACKEND_URL: |
${{vars.BACKEND_URL}}
- BUILD_TARGET: |
${{env.SERVICE_NAME}}from build-push-action.
Goldziher
commented on June 12, 2024
Current limitation with GitHub Actions inputs makes it hard to detect these cases but will look forward when GitHub implements objects for inputs. We might also consider using a new format such as YAML:
build-args: | - BACKEND_URL: | ${{vars.BACKEND_URL}} - BUILD_TARGET: | ${{env.SERVICE_NAME}}
Thanks for your prompt replies ! Very nice 👍
from build-push-action.
Related Issues (20)
- Support push and load being set together HOT 5
- header key "followpaths" contains value with non-printable ASCII characters HOT 9
- Request for new release HOT 1
- Action hangs after build HOT 3
- net/http: TLS handshake timeout HOT 1
- GHA/Local cache doesn't work HOT 3
- Docker build hangs for `linux/arm/v7` HOT 1
- Ability to use multiple names when using output `type=image` HOT 4
- Caching Multiple Container Builds HOT 1
- Error: buildx failed with: ERROR: failed to solve: failed to read dockerfile: open Dockerfile: no such file or directory HOT 2
- `fatal: Not a valid object name` during `load git source` triggered by `on: push:` (with self-hosted runner) HOT 2
- Not all files present in final build when using `context` HOT 1
- Cache from different multi platform builds doesn't get used HOT 1
- Issue with git clone when the repo include submodules from other repositories HOT 3
- Add support for --progress CLI option
- Use a custom README file for the GitHub package rather than the main project README
- Build image from specific ref HOT 2
- Fail to export cache HOT 6
- x509: certificate signed by unknown authority when importing and exporting cache to self hosted GHE
- buildx failed with: ERROR: attestations are not supported by the current buildkitd HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from build-push-action.