你的python manage.py collectstatic在docker容器中运行，它的os.environ['SECRET_KEY] 将尝试获取运行它的容器的环境变量.但是您在管道中设置的环境变量 SECRET_KEY 用于构建代理.

Your python manage.py collectstatic is running in the docker container, and its os.environ['SECRET_KEY] will try to get the environment variable of the container where it is running. But the environment variable SECRET_KEY you were setting in your pipeline is for build agent.

您可以尝试按照以下步骤将管道环境变量传递给 docker 容器.

You can try following below steps to pass your pipeline env variable to the docker container.

1，我在你的 dockerfile ARG SECRET 中添加了一个 ARG 和一个 ENV；ENV SECRET_KEY $SECRET

1, I add an ARG and an ENV in your dockerfile ARG SECRET; ENV SECRET_KEY $SECRET

ENV SECRET_KEY指的是ARG SECRET

FROM python:3.7-slim

ARG SECRET
ENV SECRET_KEY $SECRET

ENV PYTHONUNBUFFERED 1
WORKDIR /app
EXPOSE 5000
COPY requirements*.txt ./
RUN pip install -r requirements.txt
COPY . .
RUN python manage.py collectstatic
CMD ["gunicorn", "-b", ":5000", "--log-level", "info", "config.wsgi:application"]

2，我将 docker buildandpush 任务分离为停靠构建和停靠推送，因为 buildandpush 命令不能接受参数.

2, I separate docker buildandpush task to dock build and dock push, as buildandpush command cannot accept arguments.

在 docker build 任务中.我将变量 secretKey 传递给 arguments 字段 --build-arg SECRET=$(secretKey).这样当 docker run build 时，ARG SECRET 将被替换为 secretKey.它将被传递给上面 dockerfile 中定义的 ENV SECRET_KEY.这样 SECRET_KEY 将被设置为 docker 容器的环境变量.

In docker build task. I passed the variable secretKey to the arguments field --build-arg SECRET=$(secretKey). So that when docker run build, ARG SECRET will be replaced by secretKey. And it will be passed to the ENV SECRET_KEY as defined in above dockerfile. So that SECRET_KEY will be set to the docker container's Environment variable.

那么你的 python 代码应该能够使用 os.environ['SECRET_KEY]

Then you python code should be able to get the environment variable's value using os.environ['SECRET_KEY]

stages:
- stage: Build
  displayName: Build and push stage
  jobs:  
  - job: Build
    displayName: Build
    pool:
      vmImage: $(vmImageName)
    steps:
    - task: Docker@2
      displayName: Build
      inputs:
        command: build
        repository: $(imageRepository)-api
        dockerfile: $(dockerfilePath)/api/Dockerfile
        containerRegistry: $(dockerRegistryServiceConnection)

        arguments: --build-arg SECRET=$(secretKey)

        tags: |
          $(tag)

    - task: Docker@2
      displayName: Push
      inputs:
        command: push
        repository: $(imageRepository)-api
        containerRegistry: $(dockerRegistryServiceConnection)
        tags: |
          $(tag)


- upload: manifests
  artifact: manifests