Production ENV file with docker/build-push-action and GitHub Actions
This is what I came up with.
Dockerfile
...ARG ARG_ENV_SECRETARG ARG_ENV_SECRET_1COPY ./env-script.sh ./RUN ./env-script.sh...
env-script.sh This script creates the .env FILE
#!/bin/shtouch .env{ printf "ENV_SECRET=%sENV_SECRET_1=%s" "$ARG_ENV_SECRET" "ARG_ENV_SECRET_1"} >> .env
docker-action.yml
...jobs: build: runs-on: ubuntu-latest steps: - name: Build, tag, and push the image to Amazon ECR id: build-image env: ENV_SECRET: ${{ secrets.ENV_SECRET }} #naming used below ENV_SECRET_1: ${{ secrets.ENV_SECRET_1 }} run: | docker \ --build-arg ARG_ENV_SECRET=$ENV_SECRET #name declared above --build-arg ARG_ENV_SECRET_1=$ENV_SECRET_1 build ....
I'm pretty sure this is not the best route but it's worked for us since we use a third party to run our AWS services. A better approach would be to use AWS secrets when starting the instance. You can read more about it here.