3

I am trying to build a docker container with private node packages in it. I have followed this guide to use secrets to reference npmrc file securely to install the dependencies. I can get this to work when building the image directly using a command like this: docker build --secret id=npm,src=$HOME/.npmrc . but I cannot get this working with docker compose. When running a docker compose build it acts like there is no npmrc file and gives me a 401 when trying to download dependencies.

I provided a stripped down version of Dockerfile and docker-compose.yml below.

Dockerfile

# syntax = docker/dockerfile:1.2
FROM node:14.17.1

COPY . .

RUN --mount=type=secret,id=npm,target=/root/.npmrc yarn --frozen-lockfile --production

EXPOSE 3000

CMD [ "npm", "start" ]

docker-compose.yml

version: '3.7'
services:
  example:
    build: packages/example
    ports:
      - "3000:3000"
    secrets:
      - npm
secrets:
  npm:
    file: ${HOME}/.npmrc
Marshmellow1328
  • 1,205
  • 3
  • 18
  • 27

2 Answers2

2

The problem appears to be that my docker-compose.yml is specifying secrets for runtime of a container vs build time. Support for build secrets from docker compose has not been implemented yet. Here is the outstanding PR: https://github.com/docker/compose/pull/7046.

For now, I have to build the image using docker build ... and reference the named image locally in docker-compose.yml instead of building through docker compose.

Marshmellow1328
  • 1,205
  • 3
  • 18
  • 27
2

Since docker-compose v2.5.0 this is now possible.

Dockerfile:

# syntax=docker/dockerfile:1.2

RUN --mount=type=secret,id=mysecret,target=/root/mysecret cat /root/mysecret

docker-compose.yml

services:
  my-app:
    build:
      context: .
      secrets:
        - mysecret

secrets:
  mysecret:
   file: ~/.npmrc
krema
  • 939
  • 7
  • 20
  • 1
    Just wanted to let you know that this fixed my personal issue. So eventhough this had no points for over half a year, still helped someone out! – vds May 24 '23 at 08:00