#Passing files, env vars or secrets to build via Dockerfile

1 messages · Page 1 of 1 (latest)

arctic raptor
#

Hello,
Is there a way to pass secret, env vars or secrets to the function build with a Dockerfile ?
It seems the build command does take any (mounted) secret, file or env var declared before the method build.
For instance to pass a secret to a build (possible via --mount=secret in docker)

async def build_module(directory: str):

    async with dagger.Connection(dagger.Config(log_output=sys.stderr)) as client:
        context_dir = client.host().directory(f"./{directory}/")
        root_dir = client.host().directory(".")
        local_settings = root_dir.directory("./config/").file("local_settings.json").secret()
        python = (
            client.container()
            .with_mounted_secret(source=local_settings,path="/config/local_settings.json")            
            .build(context=context_dir,dockerfile="Dockerfile")
            .with_exec("python","--version")
        )

        # execute
        stdout = await python.stdout()

The code does not work, as build probably reset the previous container to start a new one from scratch.

Thanks.

wicked badger
# arctic raptor Hello, Is there a way to pass secret, env vars or secrets to the function `build...

👋 secrets will not work since they require a special treatment for Dockerfiles. More information about missing build options here: https://github.com/dagger/dagger/issues/4241 cc @tame crag.

Having said that, you can pass buildArgs (https://github.com/dagger/dagger/blob/main/sdk/python/src/dagger/api/gen.py#L57) and files to the build target through the context attrbiute.

example:


"""
Execute a command
"""

import sys

import anyio

import dagger


async def test():
    async with dagger.Connection(dagger.Config(log_output=sys.stderr)) as client:
        dir = (
            client.container()
            .with_new_file(path="/foo.txt", contents="FOOOOO Content")
            .with_new_file(path="Dockerfile", contents="""
                  FROM alpine
                  COPY . /foo
                  """)
            .directory(path="/")
        )

        python = (
            client.container().build(context=dir)
            .with_exec(["cat", "/foo/foo.txt"])
        )

        # execute
        version = await python.stdout()

    print(f"Foo content is: {version}")


if __name__ == "__main__":
    anyio.run(test)
tame crag
#

I think this should be possible... but I'm not sure of the best DX for it yet.

wicked badger
#

ok, managed to find a way to use secrets. However, this requires a bump in the python SDK to enable the build_args option in the build operation.

Here's an example on how that works:

-- Dockerfile --

FROM alpine

ARG SECRET

RUN --mount=type=secret,id=$SECRET,target=/secrets/muysecret \
cat /secrets/muysecret

You can then use build build_args from Container (https://docs.dagger.io/api/reference/#definition-Container) to send the SECRET arg and use it.

Given that docker build has the --secret flag to simplify this, it'd be awesome if container{build} also provided a similar way so users don't have to modify their Dockerfiles

#

I'll open an issue for this Joel. WDYT?

tame crag