Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

podman-compose build does not support environment type secrets #1066

Open
pikkle-rick opened this issue Nov 1, 2024 · 2 comments
Open

podman-compose build does not support environment type secrets #1066

pikkle-rick opened this issue Nov 1, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@pikkle-rick
Copy link

pikkle-rick commented Nov 1, 2024

Describe the bug
When using podman-compose build it errors out on having any secrets defines as environment:. This is supported in the compose spec

To Reproduce
Steps to reproduce the behavior:

  1. From the root of a repo create the following:
  • test-image/Dockerfile
  • docker-compose.yml
  1. Contents of Dockerfile:
FROM redhat/ubi9:latest

RUN --mount=type=secret,id=proxy_username,target=/etc/yum/vars/proxy_username \
    --mount=type=secret,id=proxy_token,target=/etc/yum/vars/proxy_token \
    microdnf upgrade -y --nodocs && \
    microdnf install -y --nodocs tar gzip
  1. Contents of docker-compose.yml
version: "3.8"
services:
  test-image:
    build:
      dockerfile: ./test-image/Dockerfile
      secrets:
        - proxy_username
        - proxy_api_token
    image: ${IMAGE_PATH:-test-image}:${IMAGE_TAG:-latest}
secrets:
  proxy_api_token:
    environment: PROXY_REGISTRY_API_TOKEN
  proxy_username:
    environment: PROXY_REGISTRY_USERNAME
  1. Set the variables in your environment
export PROXY_REGISTRY_USERNAME="test-user"
export PROXY_REGISTRY_API_TOKEN="test-token"
  1. Run podman-compose build
    podman-compose build test-image

Expected behavior
podman-compose should have access to the environment variables set on the host/container it is running in and pass them along.

Actual behavior
podman-compose fails at parsing the yaml file.

Output

$ podman-compose -v
podman-compose version 1.2.0
podman version 4.9.4-rhel

$ podman-compose build test-image
Traceback (most recent call last):
  File "/usr/local/bin/podman-compose", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.9/site-packages/podman_compose.py", line 3504, in main
    asyncio.run(async_main())
  File "/usr/lib64/python3.9/asyncio/runners.py", line 44, in run
    return loop.run_until_complete(main)
  File "/usr/lib64/python3.9/asyncio/base_events.py", line 647, in run_until_complete
    return future.result()
  File "/usr/local/lib/python3.9/site-packages/podman_compose.py", line 3500, in async_main
    await podman_compose.run()
  File "/usr/local/lib/python3.9/site-packages/podman_compose.py", line 1743, in run
    retcode = await cmd(self, args)
  File "/usr/local/lib/python3.9/site-packages/podman_compose.py", line 2422, in compose_build
    s = await t
  File "/usr/lib64/python3.9/asyncio/tasks.py", line 611, in _wait_for_one
    return f.result()  # May raise f.exception().
  File "/usr/local/lib/python3.9/site-packages/podman_compose.py", line 2376, in build_one
    build_args.extend(get_secret_args(compose, cnt, secret, podman_is_building=True))
  File "/usr/local/lib/python3.9/site-packages/podman_compose.py", line 646, in get_secret_args
    raise ValueError(
ValueError: ERROR: unparsable secret: "proxy_api_token", service: "test-image"

Environment:

  • OS: Linux
  • podman version: 4.9.4-rhel
  • podman compose version: 1.2.0
@pikkle-rick pikkle-rick added the bug Something isn't working label Nov 1, 2024
@ArthurHNL
Copy link

Looks like this was fixed in #971 which was merged back in July, but the latest release of podman-compose was in June.

@teohhanhui
Copy link

teohhanhui commented Dec 20, 2024

@ArthurHNL #971 does not fix this. See #671 (comment)

In fact it does not even fix #671.

From the OP in #671:

The compose spec specifies that secrets can be read from the environment (https://github.com/compose-spec/compose-spec/blob/master/spec.md#secrets-top-level-element, list item environment)

Note that they were talking about the secrets top level element.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants