Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Secrets not working as expected (mount fails)
See original GitHub issueTroubleshooting
Before submitting a bug report please read the Troubleshooting doc.
Behaviour
A secret mount is not made available to the Dockerfile (apparently)
Steps to reproduce this issue
- Create the following
Dockerfile
# syntax = docker/dockerfile:1.3
FROM alpine:3.14
RUN --mount=type=secret,id=JFROG_PASS \
cat /run/secrets/JFROG_PASS
RUN wget --user ${JFROG_USER} --password ${JFROG_PASS} "https://my/jfrog/binary"
- Execute the following action
- name: build and push to local registry
uses: docker/build-push-action@v3
with:
context: ${{ inputs.context }}
file: ${{ inputs.context }}/${{ inputs.dockerfile }}
no-cache: ${{ inputs.no_cache }}
build-args: ${{ inputs.build_args }}
secrets: |
"JFROG_PASS=${{ secrets.MY_PASSWORD }}"
push: true
tags: ${{ env.LOCAL_IMAGE }}
Expected behaviour
Tell us what should happen
The wget command inside the Dockerfile should have succeeded (the values have been tested)
Actual behaviour
Tell us what happens instead
The process of mount fails, check logs
Logs
#9 [stage-0 2/8] RUN --mount=type=secret,id=JFROG_PASS cat /run/secrets/JFROG_PASS
#0 0.062 cat: can't open '/run/secrets/JFROG_PASS': No such file or directory
#9 ERROR: process "/bin/sh -c cat /run/secrets/JFROG_PASS" did not complete successfully: exit code: 1
------
> [stage-0 2/8] RUN --mount=type=secret,id=JFROG_PASS cat /run/secrets/JFROG_PASS:
#0 0.062 cat: can't open '/run/secrets/JFROG_PASS': No such file or directory
------
Dockerfile:5
--------------------
4 |
5 | >>> RUN --mount=type=secret,id=JFROG_PASS \
6 | >>> cat /run/secrets/JFROG_PASS
7 |
--------------------
ERROR: failed to solve: process "/bin/sh -c cat /run/secrets/JFROG_PASS" did not complete successfully: exit code: 1
Error: buildx failed with: ERROR: failed to solve: process "/bin/sh -c cat /run/secrets/JFROG_PASS" did not complete successfully: exit code: 1
Issue Analytics
- State:
- Created a year ago
- Comments:7 (4 by maintainers)
Top Results From Across the Web
Secrets not working as ImagePullSecrets, but mounting ...
When trying to use the CSI driver for AWS Parameter Store I get the generic "ImagePullBackOff", but no other reported error either at...
Read more >kubernetes secret items not mounted as file path
I expect the secret is mounted on /app/appsettings.secret.json but it isn't. I don't know where it is mounted and the container crashes and...
Read more >1410118 – Containers fail to start due to /run/secrets mount ...
I suspect it is complaining about that /run/secrets/ does not exist. If that's the case, one possibility is. - /run/secrets is created. -...
Read more >Secrets | Developer Guide | OpenShift Container Platform 3.11
Secrets decouple sensitive content from the pods. You can mount secrets into containers using a volume plug-in or the system can use secrets...
Read more >Troubleshooting kubeadm | Kubernetes
This page lists some common failure scenarios and have provided steps that can help you understand and fix the problem. If your problem...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Yes you need this or explicitly specify your secret.
Looking at this issue, I think I will open a PR to warn if secret is empty.
Edit: Actually we already check this: https://github.com/docker/build-push-action/blob/48888e0b1305dca3a741ceb3b5a04ea336cd2626/src/buildx.ts#L60-L62
And you should have a warning in your workflow for invalid secret: https://github.com/docker/build-push-action/blob/48888e0b1305dca3a741ceb3b5a04ea336cd2626/src/context.ts#L160
Like: https://github.com/docker/build-push-action/actions/runs/3214670394/jobs/5255218916#step:4:107