Use a GitHub secret for azure/container-apps-deploy-action@v1

Tema 20 Reputation points
2024-11-23T17:54:52.4833333+00:00

In GitHub, we have a step azure/container-apps-deploy-action@v1. We purchased a Fontawesome license and now need to pass the key from GitHub secrets to the Dockerfile used in this step. We tried different options. For example:

...
      - name: Deploy front to container
        uses: azure/container-apps-deploy-action@v1
        with:
...
          environmentVariables: |
            FONTAWESOME_PACKAGE_TOKEN_SECRET=secretref:${{ secrets.FONTAWESOME_PACKAGE_TOKEN }}
            # Another one: 
FONTAWESOME_PACKAGE_TOKEN_SECRET=${{ secrets.FONTAWESOME_PACKAGE_TOKEN }}
        env:
          FONTAWESOME_PACKAGE_TOKEN_SECRET: ${{ secrets.FONTAWESOME_PACKAGE_TOKEN }}

In the Dockerfile: ENV FONTAWESOME_PACKAGE_TOKEN=${FONTAWESOME_PACKAGE_TOKEN_SECRET}. If we replace the variable with the actual token, everything works. But we don’t see the value from the secret in the Dockerfile.

Azure Container Instances
Azure Container Instances
An Azure service that provides customers with a serverless container experience.
717 questions
Azure Container Apps
Azure Container Apps
An Azure service that provides a general-purpose, serverless container platform.
486 questions
{count} votes

Accepted answer
  1. JananiRamesh-MSFT 29,191 Reputation points
    2024-11-25T17:33:59.3966667+00:00

    @Tema Thanks for your patience! Based on the internal discussion, it seems that passing a secret that is only available at build time directly through the GitHub action is not feasible. Instead, the recommended approach is to build and push the image in a separate step and then pass the image to the action using imageToDeploy.

    This is the guidance for injecting build time secrets: https://docs.docker.com/reference/dockerfile/#run---mounttypesecret

    The GitHub action does support passing buildArguments, but they're not recommended for secrets.

    do let me know incase of further queries, I would be happy to assist you.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.