diff --git a/public-site/docs/src/guides/build-secrets/index.md b/public-site/docs/src/guides/build-secrets/index.md index 9e453cec..cde9fef7 100644 --- a/public-site/docs/src/guides/build-secrets/index.md +++ b/public-site/docs/src/guides/build-secrets/index.md @@ -11,7 +11,7 @@ title: Docker Build secrets With an option `spec.build.useBuildKit: false`, to ensure that multiline build secrets are handled correct by the build, **all** [Build secrets](../../references/reference-radix-config/#secrets) are passed as `ARG`-s during container build, base-64 encoded (they need to be decoded before use). ```dockerfile -FROM alpine +FROM docker.io/alpine #an argument, passed to `docker build` with `--build-arg` option ARG SECRET1 @@ -59,7 +59,7 @@ Syntax: `RUN --mount=type=secret,id=SECRET_NAME,dst=DESTINATION_PATH COMMAND`, w - `COMMAND` is a single or multiple commands (separated by &&, semicolon or space), which can use the file with a secret. - `DESTINATION_PATH` is an optional path to a folder, where file with a secret will be created. Default is `/run/secrets`, if not specified. ```dockerfile -FROM alpine +FROM docker.io/alpine #one secret in the specified destination file and folder /abc/my-secrets/secret-1.txt RUN --mount=type=secret,id=SECRET1,dst=/abc/my-secrets/secret-1.txt export BUILD_ARG=$(cat /abc/my-secrets/secret-1.txt) && \ @@ -89,7 +89,7 @@ For verification that secrets are used as expected, Docker image can be built an ``` * Multiple build secrets can be added as multiple `RUN --mount` options (and `docker build` options `--secrets`). Different `dst` files can be used ```dockerfile - FROM alpine + FROM docker.io/alpine #one secret in the specified destination file and folder /abc/my-secrets/secret-1.txt RUN --mount=type=secret,id=SECRET1,dst=/abc/my-secrets/secret-1.txt \ @@ -106,7 +106,7 @@ For verification that secrets are used as expected, Docker image can be built an * Files, created by a `RUN --mount` options are available only for commands, executed in that particular `RUN`, not in following `RUN` commands or within Docker container, running with this image. * If a file, specified in the `dst` option already exists, it will be overridden in the `RUN`, where the `--mount` option use it, but it will have original content in further layers ```dockerfile - FROM alpine + FROM docker.io/alpine #put some original text to a file /abc/db_server.txt RUN mkdir -p /abc && echo "default-server-name">/abc/db_server.txt #verify the file contents a text "default-server-name" diff --git a/public-site/docs/src/references/reference-radix-config/index.md b/public-site/docs/src/references/reference-radix-config/index.md index c379dd06..9a029a54 100644 --- a/public-site/docs/src/references/reference-radix-config/index.md +++ b/public-site/docs/src/references/reference-radix-config/index.md @@ -54,6 +54,11 @@ The `build` section of the spec contains configuration needed during build (CI p `useBuildKit` - (optional, default `false`) build a component with Docker BuildKit. Read [more](../../guides/build-secrets/#build-secrets-with-buildkit) in the guide. +:::tip +When an option `useBuildKit` is `true`, Radix uses [buildah](https://www.redhat.com/en/topics/containers/what-is-buildah) to build components. Buildah requires the `Dockerfile` instruction `FROM` to have a repository prefixing the docker image name. + +E.g. instead of `FROM alpine` use `FROM docker.io/alpine`, as this `alpine` image is located in the [Docker Hub](https://hub.docker.com/) repository. +::: `secret` - (optional) add secrets to Radix config `radixconfig.yaml` in the branch defined as `Config Branch` for your application. This will trigger a new build. This build will fail as no specified build secret has been set. You will now be able to set the secret **values** in the configuration section of your app in the Radix Web Console. These secrets also can be used in the [sub-pipelines](../../guides/sub-pipeline). `variables` - (optional) environment variable names and values (currently available only in [sub-pipelines](../../guides/sub-pipeline)), provided for all build Radix environments in [sub-pipelines](../../guides/sub-pipeline). These common environment variables are overridden by environment-specific environment variables with the same names.