为什么我的 docker 构建文件 return 中的 bash 脚本会损坏 json?
Why does the bash script in my docker build file return corrupt json?
为什么 docker 构建会破坏 $VSS_NUGET_EXTERNAL_FEED_ENDPOINTS 中的 JSON?
我正在使用 this article(特别是使用 Buildkit 和 docker build secrets 的示例 2)来帮助填充我的 Dockerfile。该过程将:
- 在
docker build、 期间通过 PAT
- 将 PAT 挂载为秘密,
- 使用秘密(通过
cat /pat)将转义的 JSON 字符串导出到 ENV,以及
- ^^^ 上面的JSON 已经损坏了^^^
- 之前使用 env 变量调用 NuGet 私有提要
- 发出
dotnet restore 请求。
有问题的 bash 命令是:
RUN --mount=type=secret,id=pat,dst=/pat export VSS_NUGET_EXTERNAL_FEED_ENDPOINTS="{\"endpointCredentials\": [{\"endpoint\":\"https://<my private feed URL>/nuget/v3/index.json\", \"username\":\"docker\", \"password\":\"`cat /pat`\"}]}" && \
echo $VSS_NUGET_EXTERNAL_FEED_ENDPOINTS
echo 命令的输出(注意 PAT 的末尾附加在 JSON 右大括号之后):
{"endpointCredentials": [{"endpoint":"https://<my private feed URL>/nuget/v3/index.json", "username":"docker", "password":"qwak...jiq5"}]}vtzkzv4a
当我 运行 bash 中的命令(在 Linux 的 Windows 子系统中)时,它工作得很好:
~ echo "my-pat-token" >> /pat
~ export MY_ENV_VAR="{\"endpointCredentials\": [{\"endpoint\":\"https://<URL of private feed>/nuget/v3/index.json\", \"username\":\"build\", \"password\":\"`cat /pat`\"}]}"
~ echo $MY_ENV_VAR
{"endpointCredentials": [{"endpoint":"https://<URL of private feed>/nuget/v3/index.json", "username":"build", "password":"my-pat-token"}]}
Docker 文件:
# syntax=docker/dockerfile:1.2
FROM mcr.microsoft.com/dotnet/aspnet:3.1 AS base
WORKDIR /app
EXPOSE 443
FROM mcr.microsoft.com/dotnet/sdk:3.1 AS build
WORKDIR /src
# Install NuGet credential provider
RUN apt-get update && apt-get install -y locales \
&& sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen \
&& dpkg-reconfigure --frontend=noninteractive locales && update-locale LANG=en_US.UTF-8 \
# Download the artifact credential provider
&& wget -qO- https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | bash
COPY NuGet.Config .
COPY ["src/Discovery.Api/Discovery.Api.csproj", "src/Discovery.Api/"]
COPY ["src/Discovery.Service/Discovery.Service.csproj", "src/Discovery.Service/"]
COPY ["src/Discovery.Data/Discovery.Data.csproj", "src/Discovery.Data/"]
# Use the secret to set the credential provider variable and run restore.
ENV NUGET_CREDENTIALPROVIDER_SESSIONTOKENCACHE_ENABLED true
RUN --mount=type=secret,id=pat,dst=/pat export VSS_NUGET_EXTERNAL_FEED_ENDPOINTS="{\"endpointCredentials\": [{\"endpoint\":\"https://<my private feed URL>/nuget/v3/index.json\", \"username\":\"docker\", \"password\":\"`cat /pat`\"}]}" && \
echo $VSS_NUGET_EXTERNAL_FEED_ENDPOINTS
RUN dotnet restore "src/Discovery.Api/Discovery.Api.csproj" --configfile NuGet.Config
COPY . .
WORKDIR "/src/Discovery.Api"
RUN dotnet build "src/Discovery.Api/Discovery.Api.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "src/Discovery.Api/Discovery.Api.csproj" -c Release -o /app/publish
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "src/Discovery.Api/Discovery.Api.dll"]
docker 构建命令:
docker build --no-cache --progress=plain --secret id=pat,src=./pat -t discovery-api:dev -f src\Discovery.Api\Dockerfile .
docker --版本
Docker version 20.10.8, build 3967b7d
我在 linux 个容器上 运行 宁 docker。
根据@glenn jackman 和@dan 在评论中的建议,我发现 /pat 文件在文件末尾有一个换行符。删除换行符解决了 json 问题。
为什么 docker 构建会破坏 $VSS_NUGET_EXTERNAL_FEED_ENDPOINTS 中的 JSON?
我正在使用 this article(特别是使用 Buildkit 和 docker build secrets 的示例 2)来帮助填充我的 Dockerfile。该过程将:
- 在
docker build、 期间通过 PAT
- 将 PAT 挂载为秘密,
- 使用秘密(通过
cat /pat)将转义的 JSON 字符串导出到 ENV,以及- ^^^ 上面的JSON 已经损坏了^^^
- 之前使用 env 变量调用 NuGet 私有提要
- 发出
dotnet restore请求。
有问题的 bash 命令是:
RUN --mount=type=secret,id=pat,dst=/pat export VSS_NUGET_EXTERNAL_FEED_ENDPOINTS="{\"endpointCredentials\": [{\"endpoint\":\"https://<my private feed URL>/nuget/v3/index.json\", \"username\":\"docker\", \"password\":\"`cat /pat`\"}]}" && \
echo $VSS_NUGET_EXTERNAL_FEED_ENDPOINTS
echo 命令的输出(注意 PAT 的末尾附加在 JSON 右大括号之后):
{"endpointCredentials": [{"endpoint":"https://<my private feed URL>/nuget/v3/index.json", "username":"docker", "password":"qwak...jiq5"}]}vtzkzv4a
当我 运行 bash 中的命令(在 Linux 的 Windows 子系统中)时,它工作得很好:
~ echo "my-pat-token" >> /pat
~ export MY_ENV_VAR="{\"endpointCredentials\": [{\"endpoint\":\"https://<URL of private feed>/nuget/v3/index.json\", \"username\":\"build\", \"password\":\"`cat /pat`\"}]}"
~ echo $MY_ENV_VAR
{"endpointCredentials": [{"endpoint":"https://<URL of private feed>/nuget/v3/index.json", "username":"build", "password":"my-pat-token"}]}
Docker 文件:
# syntax=docker/dockerfile:1.2
FROM mcr.microsoft.com/dotnet/aspnet:3.1 AS base
WORKDIR /app
EXPOSE 443
FROM mcr.microsoft.com/dotnet/sdk:3.1 AS build
WORKDIR /src
# Install NuGet credential provider
RUN apt-get update && apt-get install -y locales \
&& sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen \
&& dpkg-reconfigure --frontend=noninteractive locales && update-locale LANG=en_US.UTF-8 \
# Download the artifact credential provider
&& wget -qO- https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | bash
COPY NuGet.Config .
COPY ["src/Discovery.Api/Discovery.Api.csproj", "src/Discovery.Api/"]
COPY ["src/Discovery.Service/Discovery.Service.csproj", "src/Discovery.Service/"]
COPY ["src/Discovery.Data/Discovery.Data.csproj", "src/Discovery.Data/"]
# Use the secret to set the credential provider variable and run restore.
ENV NUGET_CREDENTIALPROVIDER_SESSIONTOKENCACHE_ENABLED true
RUN --mount=type=secret,id=pat,dst=/pat export VSS_NUGET_EXTERNAL_FEED_ENDPOINTS="{\"endpointCredentials\": [{\"endpoint\":\"https://<my private feed URL>/nuget/v3/index.json\", \"username\":\"docker\", \"password\":\"`cat /pat`\"}]}" && \
echo $VSS_NUGET_EXTERNAL_FEED_ENDPOINTS
RUN dotnet restore "src/Discovery.Api/Discovery.Api.csproj" --configfile NuGet.Config
COPY . .
WORKDIR "/src/Discovery.Api"
RUN dotnet build "src/Discovery.Api/Discovery.Api.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "src/Discovery.Api/Discovery.Api.csproj" -c Release -o /app/publish
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "src/Discovery.Api/Discovery.Api.dll"]
docker 构建命令:
docker build --no-cache --progress=plain --secret id=pat,src=./pat -t discovery-api:dev -f src\Discovery.Api\Dockerfile .
docker --版本
Docker version 20.10.8, build 3967b7d
我在 linux 个容器上 运行 宁 docker。
根据@glenn jackman 和@dan 在评论中的建议,我发现 /pat 文件在文件末尾有一个换行符。删除换行符解决了 json 问题。