cicd
build_error
ai_generated
true
错误:解析失败:读取密钥 'my_secret' 失败:文件未找到或不是有效密钥
ERROR: failed to solve: failed to read secret 'my_secret': file not found or not a valid secret
ID: cicd/dockerfile-buildkit-secret-not-found
90%修复率
86%置信度
1证据数
2024-02-28首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| Docker 24.0.7 | active | — | — | — |
| Docker BuildKit 0.12.3 | active | — | — | — |
根因分析
Docker BuildKit 无法找到通过 `--secret` 标志指定的密钥文件,因为路径不正确、文件不存在或密钥未正确挂载到构建上下文中。
English
Docker BuildKit could not locate the secret file specified via `--secret` flag because the path is incorrect, the file does not exist, or the secret is not properly mounted in the build context.
官方文档
https://docs.docker.com/build/buildkit/secret-build-args/解决方案
-
Ensure the secret file exists at the specified path before building: `echo "my-secret-value" > /tmp/my_secret && docker build --secret id=my_secret,src=/tmp/my_secret -t myimage .`
-
Use environment variables instead of files for secrets in CI: `DOCKER_BUILDKIT=1 docker build --secret id=my_secret,env=MY_SECRET_ENV -t myimage .` and set `MY_SECRET_ENV` in the CI environment.
无效尝试
常见但无效的做法:
-
90% 失败
Copying a secret into the image defeats the purpose of BuildKit secrets, which are meant to avoid embedding secrets in layers; also, the file must be available at build time, not in the Dockerfile.
-
75% 失败
If the source path is incorrect, BuildKit cannot resolve it; the secret must be an absolute path or relative to the build context root.