Merge pull request #49 from shgtkshruch/dockerfile-prod-ci

Pass `RAILS_MASTER_KEY` through docker secret
shgtkshruch · Jul 31, 2021 · 68e3228 · 68e3228
2 parents 1093b12 + a818c68
commit 68e3228
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -77,6 +77,8 @@ jobs:
         file: ./Dockerfile.prod
         push: true
         tags: ${{ steps.login-ecr.outputs.registry }}/chronos/rails:${{ github.sha }}
+        secrets: |
+            "master_key=${{ secrets.RAILS_MASTER_KEY }}"
         cache-from: |
           type=local,src=/tmp/.buildx-cache-new/bundle
           type=local,src=/tmp/.buildx-cache-new/npm

diff --git a/Dockerfile.prod b/Dockerfile.prod
@@ -48,9 +48,9 @@ COPY . .
 COPY --from=bundle /app/vendor/bundle /app/vendor/bundle
 COPY --from=npm /app/node_modules node_modules
 
-# Set a dummy value to avoid errors when building docker image.
-# refs: https://github.com/rails/rails/issues/32947
-RUN SECRET_KEY_BASE=dummy bin/rails assets:precompile \
+# refs: https://github.com/rails/rails/issues/32947#issuecomment-653478965
+RUN --mount=type=secret,id=master_key,dst=/app/config/master.key \
+      bin/rails assets:precompile \
       && rm -rf tmp/cache/*
 
 FROM base AS main

diff --git a/README.md b/README.md
@@ -6,6 +6,12 @@
 $ COMPOSE_DOCKER_CLI_BUILD=1 docker-compose build
 ```
 
+Build docker image for production.
+
+```sh
+$ docker build -f Dockerfile.prod --secret id=master_key,src=config/master.key .
+```
+
 ## Dev
 
 ```sh