I try to set up a basic pipeline with .rancher-pipeline.yml. Step 1 is building a docker image which involves pulling a package from private packagist / private repo. So I thought I make the private key available via secrets (in rancher UI, scope: all namespaces). Here are some details of my config files:
From .rancher-pipeline.yml:
stages:
- name: Build
steps:
- publishImageConfig:
dockerfilePath: ./Dockerfile
buildContext: .
tag: example/example:testk8
pushRemote: true
registry: example
envFrom:
- sourceName: gitlab-key
sourceKey: gitlab
targetKey: SSH_PRIVATE_KEY
when:
branch:
include:
- feature-kubernetes
event:
include:
- push
From Dockerfile:
FROM composer:1.8 AS composer-build
ARG SSH_PRIVATE_KEY
RUN mkdir /root/.ssh/ && \
echo "${SSH_PRIVATE_KEY}" > /root/.ssh/id_rsa && \
chmod 600 /root/.ssh/id_rsa && \
echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > /root/.ssh/config && \
chmod 400 /root/.ssh/config && \
eval "$(ssh-agent -s)" && ssh-add -k /root/.ssh/id_rsa
WORKDIR /app
COPY composer.* ./
RUN composer install --no-dev
FROM php:7.2
COPY --from=composer-build /app .
While debugging, I realized that the var “SSH_PRIVATE_KEY” is empty though. I tested the build locally, and it worked flawlessly:
docker build -t example:test --build-arg SSH_PRIVATE_KEY="$(cat /root/.ssh/gitlab_system)" --no-cache .
I followed documentation but did not find any relevant details:
- https://rancher.com/docs/rancher/v2.x/en/k8s-in-rancher/secrets/ (no details for using secrets in pipelines)
- https://rancher.com/docs/rancher/v2.x/en/k8s-in-rancher/pipelines/#build-and-publish-images (no details how to set ENV and ARG in Dockerfiles; setting env vars from UI in advanced options is not possible at all?)
-
https://rancher.com/docs/rancher/v2.x/en/k8s-in-rancher/pipelines/example/ (no documentation at all for
envFrom, so I can’t proof if the copied part involvingenvFromfrom above is correct)
I’m stuck, any pointers for me?