Pourquoi est-docker construire corrompre le JSON $VSS_NUGET_EXTERNAL_FEED_ENDPOINTS?
Je suis à l'aide de cet article (plus précisément l'exemple 2 qui utilise Buildkit et docker construire des secrets) pour l'aider à remplir ma Dockerfile. Le processus:
- passer un PAT lors de
docker build
, - monter le PAT comme un secret,
- exportation d'un échappé de la chaîne JSON à l'aide de la secret (via
cat /pat
) à l'ENV, et- ^^^ ci-dessus JSON est corrompu ^^^
- l'utilisation de la variable env pour appeler un NuGet privé d'alimentation avant
- faire un
dotnet restore
demande.
La commande bash en question est:
RUN --mount=type=secret,id=pat,dst=/pat export VSS_NUGET_EXTERNAL_FEED_ENDPOINTS="{\"endpointCredentials\": [{\"endpoint\":\"https://<my private feed URL>/nuget/v3/index.json\", \"username\":\"docker\", \"password\":\"`cat /pat`\"}]}" && \
echo $VSS_NUGET_EXTERNAL_FEED_ENDPOINTS
La sortie de la commande echo (notez le point à la fin de la PAT est ajouté APRÈS le JSON fermeture des accolades):
{"endpointCredentials": [{"endpoint":"https://<my private feed URL>/nuget/v3/index.json", "username":"docker", "password":"qwak...jiq5"}]}vtzkzv4a
Lorsque je lance la commande de bash (dans le sous-système Windows pour Linux), il fonctionne parfaitement:
~ echo "my-pat-token" >> /pat
~ export MY_ENV_VAR="{\"endpointCredentials\": [{\"endpoint\":\"https://<URL of private feed>/nuget/v3/index.json\", \"username\":\"build\", \"password\":\"`cat /pat`\"}]}"
~ echo $MY_ENV_VAR
{"endpointCredentials": [{"endpoint":"https://<URL of private feed>/nuget/v3/index.json", "username":"build", "password":"my-pat-token"}]}
Dockerfile:
# syntax=docker/dockerfile:1.2
FROM mcr.microsoft.com/dotnet/aspnet:3.1 AS base
WORKDIR /app
EXPOSE 443
FROM mcr.microsoft.com/dotnet/sdk:3.1 AS build
WORKDIR /src
# Install NuGet credential provider
RUN apt-get update && apt-get install -y locales \
&& sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen \
&& dpkg-reconfigure --frontend=noninteractive locales && update-locale LANG=en_US.UTF-8 \
# Download the artifact credential provider
&& wget -qO- https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | bash
COPY NuGet.Config .
COPY ["src/Discovery.Api/Discovery.Api.csproj", "src/Discovery.Api/"]
COPY ["src/Discovery.Service/Discovery.Service.csproj", "src/Discovery.Service/"]
COPY ["src/Discovery.Data/Discovery.Data.csproj", "src/Discovery.Data/"]
# Use the secret to set the credential provider variable and run restore.
ENV NUGET_CREDENTIALPROVIDER_SESSIONTOKENCACHE_ENABLED true
RUN --mount=type=secret,id=pat,dst=/pat export VSS_NUGET_EXTERNAL_FEED_ENDPOINTS="{\"endpointCredentials\": [{\"endpoint\":\"https://<my private feed URL>/nuget/v3/index.json\", \"username\":\"docker\", \"password\":\"`cat /pat`\"}]}" && \
echo $VSS_NUGET_EXTERNAL_FEED_ENDPOINTS
RUN dotnet restore "src/Discovery.Api/Discovery.Api.csproj" --configfile NuGet.Config
COPY . .
WORKDIR "/src/Discovery.Api"
RUN dotnet build "src/Discovery.Api/Discovery.Api.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "src/Discovery.Api/Discovery.Api.csproj" -c Release -o /app/publish
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "src/Discovery.Api/Discovery.Api.dll"]
panneau commande de construction:
docker build --no-cache --progress=plain --secret id=pat,src=./pat -t discovery-api:dev -f src\Discovery.Api\Dockerfile .
docker --version
Docker version 20.10.8, build 3967b7d
Je suis en cours d'exécution docker sur linux containers.