将环境变量注入图像的构建阶段

Question

将环境变量注入图像的构建阶段

soc*_*pet 3 azure docker dockerfile azure-devops azure-pipelines

为基于 Django 的 API 开发 CI/CD 管道。我需要在构建阶段注入环境变量才能成功构建图像。

python manage.py collectstaticDockerfile在构建映像时运行
collectstatic需要SECRET_KEY在settings.py运行
SECRET_KEY在此阶段为空，因为它是用os.environ['SECRET_KEY]
因为是空的，所以构建失败
因此，我需要设置环境来拥有这个变量

我无法将这么多内容放在一起，所以想看看是否有人可以帮助我。

这是我到目前为止所拥有的：

Azure管道

azure-pipelines.yml

trigger:
  branches:
    include:
    - master

resources:
- repo: self

variables:
  # Container registry service connection established during pipeline creation
  secretKey: $(SECRET_KEY)

  # Agent VM image name
  vmImageName: 'ubuntu-latest'

stages:
- stage: Build
  displayName: Build and push stage
  jobs:  
  - job: Build
    displayName: Build
    pool:
      vmImage: $(vmImageName)
    steps:
    - bash:
      env:
        SECRET_KEY: $(secretKey)
    - task: Docker@2
      displayName: Build and push api image to container registry
      inputs:
        command: buildAndPush
        repository: $(imageRepository)-api
        dockerfile: $(dockerfilePath)/api/Dockerfile
        containerRegistry: $(dockerRegistryServiceConnection)
        tags: |
          $(tag)
    - upload: manifests
      artifact: manifests

Run Code Online (Sandbox Code Playgroud)

Dockerfile

FROM python:3.7-slim
ENV PYTHONUNBUFFERED 1
WORKDIR /app
EXPOSE 5000
COPY requirements*.txt ./
RUN pip install -r requirements.txt
COPY . .
RUN python manage.py collectstatic
CMD ["gunicorn", "-b", ":5000", "--log-level", "info", "config.wsgi:application"]

Run Code Online (Sandbox Code Playgroud)

构建失败日志（可能没有帮助，因为我知道它失败的原因......SECRET_KEY不在环境变量中）

Step 8/18 : RUN python manage.py collectstatic
 ---> Running in 1f42a5c062aa
Traceback (most recent call last):
  File "manage.py", line 21, in <module>
    main()
  File "manage.py", line 17, in main
    execute_from_command_line(sys.argv)
  File "/usr/local/lib/python3.7/site-packages/django/core/management/__init__.py", line 381, in execute_from_command_line
    utility.execute()
  File "/usr/local/lib/python3.7/site-packages/django/core/management/__init__.py", line 325, in execute
    settings.INSTALLED_APPS
  File "/usr/local/lib/python3.7/site-packages/django/conf/__init__.py", line 79, in __getattr__
    self._setup(name)
  File "/usr/local/lib/python3.7/site-packages/django/conf/__init__.py", line 66, in _setup
    self._wrapped = Settings(settings_module)
  File "/usr/local/lib/python3.7/site-packages/django/conf/__init__.py", line 157, in __init__
    mod = importlib.import_module(self.SETTINGS_MODULE)
  File "/usr/local/lib/python3.7/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1006, in _gcd_import
  File "<frozen importlib._bootstrap>", line 983, in _find_and_load
  File "<frozen importlib._bootstrap>", line 967, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 677, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 728, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "/app/config/settings.py", line 26, in <module>
    SECRET_KEY = os.environ['SECRET_KEY']
  File "/usr/local/lib/python3.7/os.py", line 679, in __getitem__
    raise KeyError(key) from None
KeyError: 'SECRET_KEY'
The command '/bin/sh -c python manage.py collectstatic' returned a non-zero code: 1
##[error]The command '/bin/sh -c python manage.py collectstatic' returned a non-zero code: 1
##[error]The process '/usr/bin/docker' failed with exit code 1

Run Code Online (Sandbox Code Playgroud)

我只是不确定如何完成将环境变量放入其中。我的方法可能从一开始就完全错误。

那么我应该怎么做：

安全地声明管道中的环境变量？
将所述环境变量传递到构建阶段？

谢谢！

Answer 1

Lev*_*SFT 6

您python manage.py collectstatic正在 docker 容器中运行，它os.environ['SECRET_KEY]会尝试获取正在运行的容器的环境变量。但是您在管道中设置的环境变量 SECRET_KEY 用于构建代理。

您可以尝试按照以下步骤将管道环境变量传递给 docker 容器。

1、我在你的dockerfile中添加一个ARG和一个ENVARG SECRET; ENV SECRET_KEY $SECRET

ENV SECRET_KEY 指的是价值 ARG SECRET

FROM python:3.7-slim

ARG SECRET
ENV SECRET_KEY $SECRET

ENV PYTHONUNBUFFERED 1
WORKDIR /app
EXPOSE 5000
COPY requirements*.txt ./
RUN pip install -r requirements.txt
COPY . .
RUN python manage.py collectstatic
CMD ["gunicorn", "-b", ":5000", "--log-level", "info", "config.wsgi:application"]

Run Code Online (Sandbox Code Playgroud)

2，我将docker buildandpush任务分开来dock build和dock push，因为buildandpush命令不能接受参数。

在 docker构建任务中。我将变量传递secretKey给了arguments字段--build-arg SECRET=$(secretKey)。这样当 docker run build 时，ARG SECRET会被secretKey. 它将被传递给ENV SECRET_KEY上面 dockerfile 中定义的。这样 SECRET_KEY 将被设置为 docker 容器的环境变量。

然后你的python代码应该能够使用 os.environ['SECRET_KEY]

stages:
- stage: Build
  displayName: Build and push stage
  jobs:  
  - job: Build
    displayName: Build
    pool:
      vmImage: $(vmImageName)
    steps:
    - task: Docker@2
      displayName: Build
      inputs:
        command: build
        repository: $(imageRepository)-api
        dockerfile: $(dockerfilePath)/api/Dockerfile
        containerRegistry: $(dockerRegistryServiceConnection)

        arguments: --build-arg SECRET=$(secretKey)

        tags: |
          $(tag)

    - task: Docker@2
      displayName: Push
      inputs:
        command: push
        repository: $(imageRepository)-api
        containerRegistry: $(dockerRegistryServiceConnection)
        tags: |
          $(tag)


- upload: manifests
  artifact: manifests

Run Code Online (Sandbox Code Playgroud)

归档时间：	5 年，11 月前
查看次数：	3615 次
最近记录：	5 年，11 月前