How to pass secrets to containers

Hello,

I want to use Github secret with Github Actions to put environment variable to a container.

But I can’t find a way to do it.

There is the code I made for an example : test-actions repository

Dockerfile :

FROM ubuntu:latest

RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*

CMD ["echo", "${INPUT_FOO}"]

.github/workflows:

Container creation:

name: build-and-push-image-dockerhub
on:
  push:

jobs:
  checkout:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1

      - name: Login to DockerHub
        uses: docker/login-action@v1 
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Build and push
        uses: docker/build-push-action@v2
        with:
          context: .
          push: true
          tags: ${{ secrets.DOCKERHUB_RELEASENAME }}:latest
          cache-from: type=registry,ref=${{ secrets.DOCKERHUB_RELEASENAME }}:buildcache
          cache-to: type=registry,ref=${{ secrets.DOCKERHUB_RELEASENAME }}:buildcache,mode=max

The action where I want to use secret inside my container

name: test-vars
on:
  push:
    branches:
      - '*'

jobs:
  echo_variable:
    runs-on: ubuntu-latest
    container:
      image: diotheparadiz/testvars

    env:
      FOO: "Hello world!"
      BAR: ${{ secrets.BAR }}
    steps:
      - run: "echo ${INPUT_FOO}|curl -F 'sprunge=<-' http://sprunge.us"
      - run: "echo ${INPUT_BAR}|curl -F 'sprunge=<-' http://sprunge.us"

As you can see there, if you click on the sprunge link, there is no output from my command.

I use sprunge just in case a simple echo ${INPUT_BAR} will be masked by Github actions secret management.

Shouldn’t your last action be:

name: test-vars
on:
  push:
    branches:
      - '*'

jobs:
  echo_variable:
    runs-on: ubuntu-latest
    container:
      image: diotheparadiz/testvars

    env:
      INPUT_FOO: "Hello world!"
      INPUT_BAR: ${{ secrets.BAR }}
    steps:
      - run: "echo ${INPUT_FOO}|curl -F 'sprunge=<-' http://sprunge.us"
      - run: "echo ${INPUT_BAR}|curl -F 'sprunge=<-' http://sprunge.us"

?

Actually it worked thanks.

I read somewhere that Github added INPUT before env variables, and I must have lost myself into multiple test sessions :slight_smile:

If you look at this commit, I can’t use ${{ secret.FOO }} to use variable at image: key.