Auto DevOps environment variable not forwarded when using Environment Scope

Hello !

First, thank you for all your work, I’m using Gitlab on a daily basis and it’s (almost) always perfect.

I’m currently using Gitlab CI/CD 13.2.1 with a Kubernetes server, and Auto DevOps with a custom Dockerfile.

Today, I’ve been trying to pass environment variables to the “docker build” stage of the CI/CD.
Here is an example of a Dockerfile I’m using :

# syntax = docker/dockerfile:experimental
FROM nginx:1.17.1-alpine
RUN --mount=type=secret,id=auto-devops-build-secrets . /run/secrets/auto-devops-build-secrets && echo $MY_SERVER_URL # debugging purpose
COPY nginx.conf /etc/nginx/nginx.conf
COPY . /usr/share/nginx/html
RUN --mount=type=secret,id=auto-devops-build-secrets . /run/secrets/auto-devops-build-secrets && envsubst < /usr/share/nginx/html/scripts/main.js > /usr/share/nginx/html/scripts/main-filled.js # real purpose : replace URL in a file
RUN mv /usr/share/nginx/html/scripts/main-filled.js /usr/share/nginx/html/scripts/main.js

In this example, the use case is to change an URL in a simple webapp’s file based on the environment.

I followed the instructions given by https://docs.gitlab.com/ee/topics/autodevops/customize.html#forward-ci-variables-to-the-build-environment and defined two variables in my CI/CD :

  • AUTO_DEVOPS_BUILD_IMAGE_FORWARDED_CI_VARIABLES with value MY_SERVER_URL
  • MY_SERVER_URL with value foo

And it works perfectly !

However, it only works when the Environment scope is set to All (default). As soon as I change either of theses 2 variables’ scope to the environment I’m targetting, it no longer works.
To be precise :

  • if I change the scope of AUTO_DEVOPS_BUILD_IMAGE_FORWARDED_CI_VARIABLES, the build phase crashes because the Docker BuildKit feature is no longer enabled
  • if I change the scope of MY_SERVER_URL, it is no longer passed to the build phase (as a proof : it is no longer displayed when running RUN --mount=type=secret,id=auto-devops-build-secrets . /run/secrets/auto-devops-build-secrets && echo $MY_SERVER_URL)

This problem is quite annoying, since in my opinion, the whole purpose of AUTO_DEVOPS_BUILD_IMAGE_FORWARDED_CI_VARIABLES is to use different values based on the environment.

Regarding the amount of time I already passed to figure out the problem, I tend to think that it’s a bug.
However, I may just be using the feature the wrong way, and I would be happy if you told me that it’s just my fault.
Do you have any idea about that ?

Feel free to ask if you need any details on the parameters/values/… I used.

Thanks in advance and have a good day.

Hello,

I ended up using another way of passing environment variables, which appears cleaner to me : instead of passing my variables to the docker build (in the RUN lines of the Dockerfile), I pass them to the docker run (in the CMD line of the Dockerfile).
Then, I prefix my variables with K8S_SECRET_ to make sure they are forwarded to the docker run.
This is cleaner because the docker image is then independent of the environment it is run in.
Final Dockerfile :

FROM nginx:1.17.1-alpine
COPY nginx.conf /etc/nginx/nginx.conf
COPY . /usr/share/nginx/html
CMD envsubst < /usr/share/nginx/html/scripts/main.js > /usr/share/nginx/html/scripts/main-filled.js; \
    mv /usr/share/nginx/html/scripts/main-filled.js /usr/share/nginx/html/scripts/main.js; \
    nginx -g 'daemon off;'

I still think there is a problem with the AUTO_DEVOPS_BUILD_IMAGE_FORWARDED_CI_VARIABLES but I didn’t found the solution. (As a reminder, I may just be using it the wrong way :slight_smile: )

Have a nice day !