更新时间:2022-01-24 22:24:58
你的python manage.py collectstatic
在docker容器中运行,它的os.environ['SECRET_KEY]
将尝试获取运行它的容器的环境变量.但是您在管道中设置的环境变量 SECRET_KEY 用于构建代理.
Your python manage.py collectstatic
is running in the docker container, and its os.environ['SECRET_KEY]
will try to get the environment variable of the container where it is running. But the environment variable SECRET_KEY you were setting in your pipeline is for build agent.
您可以尝试按照以下步骤将管道环境变量传递给 docker 容器.
You can try following below steps to pass your pipeline env variable to the docker container.
1,我在你的 dockerfile ARG SECRET 中添加了一个
ARG
和一个 ENV
;ENV SECRET_KEY $SECRET
1, I add an ARG
and an ENV
in your dockerfile ARG SECRET; ENV SECRET_KEY $SECRET
ENV SECRET_KEY
指的是ARG SECRET
FROM python:3.7-slim
ARG SECRET
ENV SECRET_KEY $SECRET
ENV PYTHONUNBUFFERED 1
WORKDIR /app
EXPOSE 5000
COPY requirements*.txt ./
RUN pip install -r requirements.txt
COPY . .
RUN python manage.py collectstatic
CMD ["gunicorn", "-b", ":5000", "--log-level", "info", "config.wsgi:application"]
2,我将 docker buildandpush 任务分离为停靠构建和停靠推送,因为 buildandpush 命令不能接受参数.
2, I separate docker buildandpush task to dock build and dock push, as buildandpush command cannot accept arguments.
在 docker build 任务中.我将变量 secretKey
传递给 arguments 字段 --build-arg SECRET=$(secretKey)
.这样当 docker run build 时,ARG SECRET
将被替换为 secretKey
.它将被传递给上面 dockerfile 中定义的 ENV SECRET_KEY
.这样 SECRET_KEY 将被设置为 docker 容器的环境变量.
In docker build task. I passed the variable secretKey
to the arguments field --build-arg SECRET=$(secretKey)
. So that when docker run build, ARG SECRET
will be replaced by secretKey
. And it will be passed to the ENV SECRET_KEY
as defined in above dockerfile. So that SECRET_KEY will be set to the docker container's Environment variable.
那么你的 python 代码应该能够使用 os.environ['SECRET_KEY]
Then you python code should be able to get the environment variable's value using os.environ['SECRET_KEY]
stages:
- stage: Build
displayName: Build and push stage
jobs:
- job: Build
displayName: Build
pool:
vmImage: $(vmImageName)
steps:
- task: Docker@2
displayName: Build
inputs:
command: build
repository: $(imageRepository)-api
dockerfile: $(dockerfilePath)/api/Dockerfile
containerRegistry: $(dockerRegistryServiceConnection)
arguments: --build-arg SECRET=$(secretKey)
tags: |
$(tag)
- task: Docker@2
displayName: Push
inputs:
command: push
repository: $(imageRepository)-api
containerRegistry: $(dockerRegistryServiceConnection)
tags: |
$(tag)
- upload: manifests
artifact: manifests