How to build a Docker image with environment variables in a Github action ?
In order to reduce the build time of the Docker image, of my application when deploying it to my instance, I came up with the idea of doing this via Github action. Here's what I learned (it wasn't as simple as I thought.)
I host my projects on a Coolify instance. itâs an amazing product, it works really well, Iâve been looking for a while to find a self-hosted PaaS to deploy my projects on an instance that I own. The only problem for now is that when using Cloud version (Coolify instance managed by them), I noticed a rather long build time even more so when using a Docker image. To reduce build time, I came up with a solution that I knew would be faster, Github actions.
Where to store variables on Github ?
My Docker image needs environnment variables to work. I need to set them somewhere in Github. For this I need to go to the settings of my repository.
Then in the âSecurityâ tab > âSecrets and Variablesâ > âactionsâ
When you arrive on this page, there is 4 places divided in 2 tabs where you can set your variables. First in the âSecretsâ tab in the âEnvironment secretsâ section, then in the âVariablesâ tab which is at the same place.
The first lines tells us the best way to set the variables depending our needs. In my case, as itâs confidentials variables, the Secrets tab is the most appropriate.
Once all my variables are set in the ârepository secretsâ section, itâs time to use them in my github action.
How to use them in a Github action
There is multiple ways to use variables inside a github action. As a good developer, I started to follow Github documenatation, thinking naĂŻvely that it would work the first time (spoiler: itâs rare in development).
My mistake was to not immediately think that I wanted to use them inside a Dockerfile. One little research later, taking this into consideration, here i am reading Docker documentation then much more suited to my specific case. So I took care of reproducing this in my Github action, and there is the code:
- name: Build image and push to registry
uses: docker/build-push-action@v6.7.0
with:
context: .
file: Dockerfile
secrets: |
"your_secret=${{ secrets.YOUR_SECRET }}"
platforms: linux/amd64
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latestUsing the variable in the Dockerfile
Inside Docker documentation, it is indicated that the secret must be used as such:
RUN --mount=type=secret,id=github_token,env=YOUR_SECRETIn my case, this didnât work. Itâs the step that caused me the most trouble, during a moment, I was unable to have this value in my Dockerfile. Fortunately, a member of the Coolify Discord community helped me and appeared with this solution:
RUN --mount=type=secret,id=your_secret \
echo "YOUR_SECRET=$(cat /run/secrets/your_secret)" >> .env.productionI will be honest, I still donât know how this magic works, but it works. If you understand it, any help is welcome to help me understand how it works.
â ď¸ The variables must be placed at build time in your Dockerfile, just before the command
npm run buildConclusion
I hope this article will help other peoples who have encountered this problem.
This is my first article, and I hope to write many more on subjects that Iâm passionate about our other problems I have encountered and that I succeed in solving like this one.
I will soon introduce you to the application for which I encountered this problem. Donât forget to subscribe to the RSS feed so you donât miss a thing, and follow me on Twitter @tvn_dev and Bluesky @tvn.dev.