我正在编写一个测试管道并动态创建一系列容器来设置各个部分。
我需要能够将管道中的秘密变量传递到 Docker Compose 构造中,以使容器能够连接到数据库服务器。
我在管道中有许多非秘密变量,它们都被成功传递。
我在 powershell 测试中映射了 $env:addressdatabase_password
以验证我的变量是否可用。
#To Verify if mapped secret variables are coming through (reverse the string)
- powershell: |
$a = $env:addressdatabase_password
Write-Host "$a"
$b = $a.ToCharArray()
[Array]::Reverse($b)
$c = -join($b)
Write-Host "$c"
env:
addressdatabase_password: $(database-address-password) #pipeline secret
我的 azure-pipelines.yml
中的任务如下所示(未显示所有参数)
- task: DockerCompose@0
displayName: 'Container Start'
inputs:
containerregistrytype: 'Azure Container Registry'
azureSubscription: '$(containerSubscription)'
azureContainerRegistry: '{"loginServer":"$(containerLoginServer)", "id" : "$(containerRegistryId)"}'
dockerComposeFile: '**/docker-compose.yml'
action: 'Run a Docker Compose command'
dockerComposeCommand: 'up -d'
arguments: mycontainer
containerName: 'cf_$(CreateDb.buildidentifier)'
detached: true
dockerComposeFileArgs: |
addressdatabase_name=$(database-address-name)
addressdatabase_user=$(database-address-user)
addressdatabase_pass=$(addressdatabase_password)
env:
addressdatabase_password: $(database-address-password) #pipeline secret
docker-compose.yml
文件的相关部分
mycontainer:
image: mycontainer-runtime:latest
ports:
- "80:80"
volumes:
- ${mount_1}:C:/mount1
- ${mount_2}:C:/mount2
environment:
ADDRESS_DATABASE_NAME: ${addressdatabase_name}
ADDRESS_DATABASE_USERNAME: ${addressdatabase_user}
ADDRESS_DATABASE_PASSWORD: ${addressdatabase_pass} #pipeline secret
容器启动成功,但是当我检查容器内的环境变量时
ADDRESS_DATABASE_NAME=pr_address
ADDRESS_DATABASE_USER=test-addressuser
ADDRESS_DATABASE_PASSWORD=$(addressdatabase_password)
我正在寻找一种方法来将这个值安全地传送到我的容器中,而不会将它暴露在管道中。