Use a GitHub secret for azure/container-apps-deploy-action@v1

Question

In GitHub, we have a step azure/container-apps-deploy-action@v1. We purchased a Fontawesome license and now need to pass the key from GitHub secrets to the Dockerfile used in this step. We tried different options. For example:

...
      - name: Deploy front to container
        uses: azure/container-apps-deploy-action@v1
        with:
...
          environmentVariables: |
            FONTAWESOME_PACKAGE_TOKEN_SECRET=secretref:${{ secrets.FONTAWESOME_PACKAGE_TOKEN }}
            # Another one: 
FONTAWESOME_PACKAGE_TOKEN_SECRET=${{ secrets.FONTAWESOME_PACKAGE_TOKEN }}
        env:
          FONTAWESOME_PACKAGE_TOKEN_SECRET: ${{ secrets.FONTAWESOME_PACKAGE_TOKEN }}

In the Dockerfile: ENV FONTAWESOME_PACKAGE_TOKEN=${FONTAWESOME_PACKAGE_TOKEN_SECRET}. If we replace the variable with the actual token, everything works. But we don’t see the value from the secret in the Dockerfile.

Answer 1

@Tema Thanks for your patience! Based on the internal discussion, it seems that passing a secret that is only available at build time directly through the GitHub action is not feasible. Instead, the recommended approach is to build and push the image in a separate step and then pass the image to the action using imageToDeploy.

This is the guidance for injecting build time secrets: https://docs.docker.com/reference/dockerfile/#run---mounttypesecret

The GitHub action does support passing buildArguments, but they're not recommended for secrets.

do let me know incase of further queries, I would be happy to assist you.