To use build secrets, make a subdirectory .resin
in the root of your repository. Inside that directory, make another
directory named secrets
and a file named resin.yml
, without any secrets, your tree should look like
[19:48] ➜ project tree -a
.
├── docker-compose.yml
├── .resin
│ ├── resin.yml
│ └── secrets
├── service1
│ └── Dockerfile.template
└── service2
└── Dockerfile.template
4 directories, 4 files
to add a secret file, first add the file to the .resin/secrets
directory:
[19:49] ➜ project tree -a
.
├── docker-compose.yml
├── .resin
│ ├── resin.yml
│ └── secrets
│ └── super-secret-recipe
├── service1
│ └── Dockerfile.template
└── service2
└── Dockerfile.template
4 directories, 5 files
now, in the .resin/resin.yml
file, add the following to mount that secret into every service:
build-secrets:
global:
- source: super-secret-recipe
dest: my-recipe
This will mount the super-secret-recipe
file into /run/secrets/my-recipe
file in every build container.
To add a secret file to a specific service's build:
[19:53] ➜ project tree -a
.
├── docker-compose.yml
├── .resin
│ ├── resin.yml
│ └── secrets
│ ├── super-secret-recipe
│ └── super-secret-recipe-2
├── service1
│ └── Dockerfile.template
└── service2
└── Dockerfile.template
4 directories, 6 files
and resin.yml:
build-secrets:
global:
- source: super-secret-recipe
dest: my-recipe
services:
service1:
- source: super-secret-recipe-2
dest: my-recipe2
and that will mount both the global and the service1 specific secret into /run/secrets
as my-recipe2
.
Subdirectories are supported in both the source (.resin/secrets
) and the destination (/run/secrets
)
It is also possible to define build variables which will be added to your build from the resin.yml file:
build-variables:
global:
- MY_VAR_1=This is a variable
- MY_VAR_2=Also a variable
services:
service1:
- SERVICE1_VAR=This is a service specific variable
These will be added as build args to your builds, so for example, to read it in your build:
FROM resin/armv7hf-debian
ARG MY_VAR_1
RUN echo "The build variable is ${MY_VAR_1}"
Hm, you can override build variables on a per-service basis, but is there some way to vary them per-application? We have a number of apps that are bound to our test lab, and we'd like to feed that information automatically into the build process.