Use env variables in Dockerfile

Question

I have a Dockerfile in a php project where I need to pass a user and a password to download a library during the execution.

The user and password must be hidden in production or in the local .env files. At the moment I'm just trying the local option and the user and password come empty.

I have used "${USER}" and ${USER}, but not only the login fails, but when I print the variables they come empty. Also I've tried putting the variables hardcoded and it works fine, so the problem is that the variables are not retrieve from the .env file.

The docker-compose starts as follows

version: '3'

services:
  server:
    build:
      context: .
      dockerfile: docker/Server/Dockerfile
    container_name: "server"
    ports:
      - 80:80
      - 8888:8888
    networks:
      - network
    env_file:
      - .env
    command: sh /start-workers.sh

And the Dockerfile:

FROM php:7.3-cli-alpine3.10
RUN apk add --update

#
# Dependencies
#
RUN apk add --no-cache --no-progress \
    libzip-dev zip php7-openssl pkgconfig \
    php-pear php7-dev openssl-dev bash \
    build-base composer

#
# Enable PHP extensions
#
RUN docker-php-ext-install bcmath sockets pcntl

#
# Server Dependencies
#
RUN echo '' | pecl install swoole \
    && echo "extension=swoole.so" >> /usr/local/etc/php/conf.d/swoole.ini

#
# installation
#
WORKDIR /var/www/service
COPY . .

RUN echo "START"

RUN echo "${USER}"

RUN echo "${PASSWORD}"

RUN echo "END"


RUN composer config http.libraries.com "${USER}" "${PASSWORD}" --global \
    && composer install -n -o --prefer-dist --no-dev --no-progress --no-suggest \
    && composer clear-cache \
    && mv docker/Server/start-workers.sh /
EXPOSE 80

The .env starts and ends as follows:

APP_ENV=dev
APP_SECRET=666666666666666
.
.
.
USER=user
PASSWORD=password

At the moment if I execute docker-compose up --build the output as follows

Step 10/15 : RUN echo "START"
 ---> Running in 329b1707c2ab
START
Removing intermediate container 329b1707c2ab
 ---> 362b915ef616
Step 11/15 : RUN echo "${USER}"
 ---> Running in e052e7ee686a

Removing intermediate container e052e7ee686a
 ---> 3c9cfd43a4df
Step 12/15 : RUN echo "${PASSWORD}"
 ---> Running in b568e7b8d9b4

Removing intermediate container b568e7b8d9b4
 ---> 26a727ba6842
Step 13/15 : RUN echo "END"
 ---> Running in 726898b3eb42
END

I'd like the user and the password to be printed, so I know I'm receiving the .env data and I can use it.

Answer 1

You could use args to meet your requirement.

And one notice here is: you should not use USER in .env as a keyword, as it will be override by bash's default environment USER which will make your dockerfile not get the correct value.

A full workable minimal example as follows, FYI:

docker/Server/Dockerfile:

FROM php:7.3-cli-alpine3.10

ARG USER
ARG PASSWORD

RUN echo ${USER}
RUN echo ${PASSWORD}

.env (NOTE: you had to use USR, not USER here):

USR=user
PASSWORD=password

docker-compose.yaml:

version: '3'

services:
  server:
    build:
      context: .
      dockerfile: docker/Server/Dockerfile
      args:
         - USER=${USR}
         - PASSWORD=${PASSWORD}

Execute:

$ docker-compose build --no-cache
Building server
Step 1/5 : FROM php:7.3-cli-alpine3.10
 ---> 84d7ac5a44d4
Step 2/5 : ARG USER
 ---> Running in 86b35f6903e2
Removing intermediate container 86b35f6903e2
 ---> ee6a0e84c76a
Step 3/5 : ARG PASSWORD
 ---> Running in 92480327a820
Removing intermediate container 92480327a820
 ---> 1f886e8f6fbb
Step 4/5 : RUN echo ${USER}
 ---> Running in 8c207c7e6080
user
Removing intermediate container 8c207c7e6080
 ---> cf97b2cc0317
Step 5/5 : RUN echo ${PASSWORD}
 ---> Running in 7cbdd909826d
password
Removing intermediate container 7cbdd909826d
 ---> 6ab7987e080a
Successfully built 6ab7987e080a
Successfully tagged 987_server:latest

Answer 2

The problem here that your ENV will bem accessed only from run phase not build.

I suggest you to use build args for example:

build:
  context: .
  args:
    buildno: 1
    gitcommithash: cdc3b19