Pumping lots of env vars into the build step

[JohnSmall]

I've inherited an application that was running on Heroku, then moved to Dokku and now I'm moving it to Kamal.

I'm running inside a VSCode dev container.

For reasons, the application doesn't use encrypted credentials, it uses env vars for everything. There are nearly 150 env vars, and a dotenv initialiser checks to make sure they're present.

When the build runs it fails the asset compilation step because that starts up Rails, which runs the dotenv initialiser, which then bombs out because environment variables are not present.

Obviously I can't just add the environment variables into the Docker file, because that gets checked in.

I'm not going to change things to use encrypted credentials as it should have been done.

So somehow I have to get a .env file into the container before it runs the assets:precompile step.

I've tried adding COPY /workspaces/myapp/.env.sandbox .env but that fails because ERROR: failed to calculate checksum of ref y155nerbqvwgqvf25cdezca3s::mggi4i7w5y8xu0w1aubi5jnf6: "/workspaces/myapp/.env.sandbox": not found

Which implies that the process running the Docker build in the /tmp/kamal-clones directory doesn't have access to /workspaces/myapp . Even though I can see that /tmp/kamal-clones is owned by the vscode user.

Any idea how I can get an .env file into the Docker build before the assets:precompile step?

[JohnSmall]

I thought I could encrypt the entire .env.sandbox file, check it in to the repo and then pass the decryption key into the build process somehow. The problem is 'somehow'.

The command line for Kamal to start the build process has no place for build args, and even then you shouldn't use build args for secrets but instead use Buildkit's secret mounting.