Please support build-time secrets

[nodakai]

• https://docs.docker.com/compose/compose-file/build/#secrets
• https://docs.podman.io/en/latest/markdown/podman-build.1.html#secret-id-id-src-path

[yozachar]

#645 seems to address this issue, but I keep getting the following error.

First some context:

$ podman-compose --version                                      
podman-compose version: 1.0.7
['podman', '--version', '']
using podman version: 4.5.0
podman-compose version 1.0.7
podman --version 
podman version 4.5.0
exit code: 0

$ podman secret ls
ID    NAME                      DRIVER      CREATED         UPDATED
id-1  nextcloud_admin_password  file        14 minutes ago  14 minutes ago
id-2  postgres_db               file        15 minutes ago  15 minutes ago
id-3  postgres_password         file        14 minutes ago  14 minutes ago
id-4  nextcloud_admin_user      file        13 minutes ago  13 minutes ago
id-5  postgres_user             file        15 minutes ago  15 minutes ago

I'm trying to setup a local NextCloud instance using the compose file available on docker hub.

services:
  db:
    image: docker.io/postgres
    restart: always
    volumes:
      - db:/var/lib/postgresql/data
    environment:
      - POSTGRES_DB_FILE=/run/secrets/postgres_db
      - POSTGRES_USER_FILE=/run/secrets/postgres_user
      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
    secrets:
      - postgres_db
      - postgres_password
      - postgres_user

  app:
    image: docker.io/nextcloud
    restart: always
    ports:
      - 8080:80
    volumes:
      - nextcloud:/var/www/html
    environment:
      - POSTGRES_HOST=db
      - POSTGRES_DB_FILE=/run/secrets/postgres_db
      - POSTGRES_USER_FILE=/run/secrets/postgres_user
      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
      - NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/nextcloud_admin_password
      - NEXTCLOUD_ADMIN_USER_FILE=/run/secrets/nextcloud_admin_user
    depends_on:
      - db
    secrets:
      - nextcloud_admin_password
      - nextcloud_admin_user
      - postgres_db
      - postgres_password
      - postgres_user

volumes:
  db:
  nextcloud:

But the I get the following error:

$ podman-compose -p nextcloud --in-pod nc -f ./compose.yaml up -d
podman-compose version: 1.0.7
['podman', '--version', '']
using podman version: 4.5.0
** excluding:  set()
['podman', 'ps', '--filter', 'label=io.podman.compose.project=nextcloud', '-a', '--format', '{{ index .Labels "io.podman.compose.config-hash"}}']
podman pod create --name=pod_nextcloud --infra=false --share=
8b10a0ca98a77c8e5db2bb393699c076e47ec3289b6681b435d5471f51c81885
exit code: 0
podman volume inspect nextcloud_db || podman volume create nextcloud_db
['podman', 'volume', 'inspect', 'nextcloud_db']
['podman', 'network', 'exists', 'nextcloud_default']
['podman', 'network', 'create', '--label', 'io.podman.compose.project=nextcloud', '--label', 'com.docker.compose.project=nextcloud', 'nextcloud_default']
['podman', 'network', 'exists', 'nextcloud_default']
Traceback (most recent call last):
  File "/home/us-er/.local/bin/podman-compose", line 8, in <module>
    sys.exit(main())
  File "/home/us-er/.local/pipx/venvs/podman-compose/lib/python3.10/site-packages/podman_compose.py", line 3084, in main
    podman_compose.run()
  File "/home/us-er/.local/pipx/venvs/podman-compose/lib/python3.10/site-packages/podman_compose.py", line 1490, in run
    retcode = cmd(self, args)
  File "/home/us-er/.local/pipx/venvs/podman-compose/lib/python3.10/site-packages/podman_compose.py", line 1866, in wrapped
    return func(*args, **kw)
  File "/home/us-er/.local/pipx/venvs/podman-compose/lib/python3.10/site-packages/podman_compose.py", line 2196, in compose_up
    podman_args = container_to_args(compose, cnt, detached=args.detach)
  File "/home/us-er/.local/pipx/venvs/podman-compose/lib/python3.10/site-packages/podman_compose.py", line 967, in container_to_args
    podman_args.extend(get_secret_args(compose, cnt, secret))
  File "/home/us-er/.local/pipx/venvs/podman-compose/lib/python3.10/site-packages/podman_compose.py", line 555, in get_secret_args
    raise ValueError(
ValueError: ERROR: undeclared secret: "postgres_db", service: db

What am I missing?

[muayyad-alsadi]

You are missing the top level secrets
Possibly external

https://github.com/compose-spec/compose-spec/blob/master/09-secrets.md

[yozachar]

It works, here's my updated compose.yaml

secrets:
  nextcloud-admin-password:
    environment: ${nextcloud_admin_password}
    external: true
  nextcloud-admin-user:
    environment: ${nextcloud_admin_user}
    external: true
  postgres-db:
    environment: ${postgres_db}
    external: true
  postgres-password:
    environment: ${postgres_password}
    external: true
  postgres-user:
    environment: ${postgres_user}
    external: true

volumes:
  pgdb:
  nextcloud:


services:
  db:
    container_name: nc_home_db
    image: docker.io/postgres
    restart: always
    environment:
      POSTGRES_DB: /run/secrets/postgres_db
      POSTGRES_USER: /run/secrets/postgres_user
      POSTGRES_PASSWORD: /run/secrets/postgres_password
    secrets:
      - postgres-db
      - postgres-password
      - postgres-user
    volumes:
      - pgdb:/var/lib/postgresql/data

  app:
    container_name: nc_home_app
    image: docker.io/nextcloud
    restart: always
    ports:
      - 8080:80
    depends_on:
      - db
    environment:
      POSTGRES_HOST: db
      POSTGRES_DB: /run/secrets/postgres_db
      POSTGRES_USER: /run/secrets/postgres_user
      POSTGRES_PASSWORD: /run/secrets/postgres_password
      NEXTCLOUD_ADMIN_PASSWORD: /run/secrets/nextcloud_admin_password
      NEXTCLOUD_ADMIN_USER: /run/secrets/nextcloud_admin_user
    secrets:
      - nextcloud-admin-password
      - nextcloud-admin-user
      - postgres-db
      - postgres-password
      - postgres-user
    volumes:
      - nextcloud:/var/www/html

I had to create each secret manually, as podman-compose won't create it from the environment variables, then I had to set external: true . But now I've some other problems: #673 (comment)