无法访问Dockerfile中的Azure Devops管道变量

时间：2020-03-31 14:43:54

标签： spring-boot docker azure-devops yaml azure-pipelines

我不确定我在哪里做错了。 -创建了一个空白管道模板 -添加了生成Java可执行文件，构建dockerfile并将其推送到ACR的任务 -向运行时应用所需的管道变量添加了密钥仓库机密

现在，我想将这些机密作为运行时ARG传递给Dockerfile。以下是pipeline.yml和Dockerfile。

Pipeline.yml

trigger:
  branches:
    include:
      - "*"
  tags:
    include:
      - dev-*
      - qa-*
resources:
- repo: self
variables:
  # Accessing zzure keyvault secrets
  KEYVAULT-BASE-URL: "$(UI_Variable_4_BASE_URL)"
  KEYVAULT-CLIENT-ID: "$(UI_Variable_4_CLIENT_ID)"
  KEYVAULT-CLIENT-SECRET: "$(UI_Variable_4_CLIENT_SECRET)"
  dockerRegistryServiceConnection: '123-456'
  containerRegistry: 'my-demo-app.azurecr.io'
  tag: 'latest'
  # Setting variables based on git tag
  ${{ if or(startsWith(variables['Build.SourceBranch'], 'refs/tags/dev-'), startsWith(variables['Build.SourceBranch'], 'refs/heads')) }}:
    imageRepository: 'dev'
    dockerfilePath: '$(Build.SourcesDirectory)/Dockerfile.development'
  ${{ if startsWith(variables['Build.SourceBranch'], 'refs/tags/qa-') }}:
    imageRepository: 'staging'
    dockerfilePath: '$(Build.SourcesDirectory)/Dockerfile.staging'
  vmImageName: 'ubuntu-latest'
stages:
- stage: Build
  displayName: Build and push stage
  jobs:  
  - job: Build
    displayName: Build executables
    pool:
      vmImage: $(vmImageName)
    steps:
    - task: Maven@3
      inputs:
        mavenPomFile: 'pom.xml'
        javaHomeOption: 'JDKVersion'
        jdkVersionOption: 1.11
        jdkArchitectureOption: x64
        publishJUnitResults: false
        goals: 'package'
    - task: Docker@2
      displayName: Build docker image
      inputs:
        command: build
        #arguments: --build-arg KEYVAULT-BASE-URL="$(UI_Variable_4_BASE_URL)",KEYVAULT-CLIENT-ID="$(UI_Variable_4_CLIENT_ID)",KEYVAULT-CLIENT-SECRET="$(UI_Variable_4_CLIENT_SECRET)"
        repository: $(imageRepository)
        dockerfile: $(dockerfilePath)
        containerRegistry: $(dockerRegistryServiceConnection)
        tags: |
          $(tag)
    - task: Docker@2
      displayName: Push docker image
      inputs:
        command: push
        repository: $(imageRepository)
        dockerfile: $(dockerfilePath)
        containerRegistry: $(dockerRegistryServiceConnection)
        tags: |
          $(tag)

Dockerfile

FROM adoptopenjdk/openjdk11:ubi
ARG KEYVAULT-CLIENT-ID
ARG KEYVAULT-CLIENT-SECRET
ARG KEYVAULT-BASE-URL
ENV KEY_VAULT_CLIENT_ID=$(KEYVAULT-CLIENT-ID)
ENV KEY_VAULT_CLIENT_SECRET=$(KEYVAULT-CLIENT-SECRET)
ENV KEY_VAULT_BASE_URL=$(KEYVAULT-BASE-URL)
ENV spring.profiles.active=development
ARG JAR_FILE=target/*.jar
COPY ${JAR_FILE} app.jar
EXPOSE 8080
ENTRYPOINT ["java","-jar","/app.jar"]

1 个答案:

答案 0 :(得分：0)

秘密不会自动映射到环境变量。如果要将它们公开为环境变量，则可以使用内联脚本自己将它们添加为环境变量。