1

I am using Shippable for two reasons: to automate the build of my docker images and to pass encrypted environment variables. I am able to automate the builds but I can't pass the variables.

I start with entering the environment variable to the Shippable text box in the project settings:

SECRET_KEY=123456

I click the 'encrypt' button and then shippable returns:

- secure : hash123abc...

I put this hash into my shippable.yml file. It looks like:

language: python

python:
    - 2.7

build_image: myusername/myimagename

env:

 - secure : hash123abc...

build:
 post_ci:
  - docker login -u myusername -p mypassword
  - docker build -t myusername/myimagename:latest .
  - docker push myusername/myimagename:latest

integrations:
 hub:
  - integrationName : myintegrationname
    type: docker
    branches:
     only:
      - master

The automated build works! But if I try:

sudo docker run myusername/myimagename:latest echo $SECRET_KEY

I get nothing.

My Dockerfile which sets the environment variables (in this case SECRET_KEY) looks like this:

FROM python:2.7.11

RUN apt-get update

RUN apt-get install -y git

RUN get clone https://github.com/myusername/myrepo.git

ENV SECRET_KEY=$SECRET_KEY

It might be helpful to explain MY logic as I see it. Because my thinking may be the issue if it's not in the code:

The shippable project build is triggered (by a repo push or manually). In shippable.yml it does some things:

  • builds the initial image
  • sets the SECRET_KEY environment variable
  • builds the new image based on the Dockerfile
    • the Dockerfile: -- sets the env variable SECRET_KEY to the SECRET_KEY set by the .yml two steps earlier
  • pushes the image

I'm thinking that now I've set an environment variable in my image I can now access it. But I get nothing. What's the issue here?

Liam Hanninen
  • 1,525
  • 2
  • 19
  • 37
  • Run the command `env` to see all environment variables. This may help you debug the issue. – Alex Hall May 02 '16 at 00:39
  • Yes, thanks. I just tried that. It at least shows the variable but it's empty SECRET_KEY= – Liam Hanninen May 02 '16 at 00:42
  • Did you run it from within a docker container? I meant in the `.yml`, such as in `post_ci`. Do it in all phases in fact to see if there's a difference. And look to see if there's a variable called `secure` in case you got the syntax wrong. – Alex Hall May 02 '16 at 00:47
  • I see. I had tested it with echo $SECRET_KEY. And I just tried now with `env` and it shows SECRET_KEY=123456. – Liam Hanninen May 02 '16 at 00:55
  • Good. The next point is that Dockerfiles don't look at environment variables because you don't want the build to silently produce different images without explicitly asking for it. Look up build arguments. Sorry for not mentioning that earlier, only just noticed the issue. – Alex Hall May 02 '16 at 00:57
  • I may have some leads from [link](https://docs.docker.com/engine/reference/builder/). Under `Shell form ENTRYPOINT example` it says: "This form will use shell processing to substitute shell environment variables, and will ignore any CMD or docker run command line arguments." And then under `WORKDIR` it says: "the WORKDIR instruction can resolve environment variables previously set using ENV. You can only use environment variables explicitly set in the Dockerfile". Do either of those catch your eye? I think I'll try WIRKDIR now... – Liam Hanninen May 02 '16 at 01:05
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/110781/discussion-between-alex-hall-and-liam-hanninen). – Alex Hall May 02 '16 at 01:06

1 Answers1

1

Thanks @Alex Hall for working this out with me!

It turns out that passing environment variables with Docker in this setting must be done with a simple flag to start. So in my shippable.yml I changed:

- docker build -t myusername/myimagename:latest .

to

- docker build --build-arg SECRET_KEY=$SECRET_KEY -t myusername/myimagename:latest .

Then in my Dockerfile I added:

ARG SECRET_KEY

RUN echo $SECRET_KEY > env_file

Lo and behold the key was in env_file

Liam Hanninen
  • 1,525
  • 2
  • 19
  • 37