Search code examples
dockerdocker-composedockerfile

Dockerfile Cant Find Successfully Copied Files with RUN

I am attempting to develop a Mozilla SOPS Docker container that uses Age for encryption. Here are my files:

./Dockerfile:

FROM alpine:latest

# Install sops
RUN wget https://github.com/mozilla/sops/releases/download/v3.8.1/sops-v3.8.1.linux.amd64 -O /usr/local/bin/sops \
    && chmod +x /usr/local/bin/sops 

# Install age
RUN wget https://github.com/FiloSottile/age/releases/download/v1.1.1/age-v1.1.1-linux-amd64.tar.gz -O /usr/local/bin/age \
    && chmod +x /usr/local/bin/age

RUN export PATH=/usr/local/bin:${PATH}

# Copy the script to generate_sops_config.sh
COPY ./src/generate_sops_config.sh /app/config/generate_sops_config.sh
RUN chmod +x /app/config/generate_sops_config.sh

# Execute the script to generate .sops.yaml and private keys
RUN /app/config/generate_sops_config.sh
RUN chmod 600 /app/config/.sops.yaml

# Cleanup
RUN rm -f /app/config/generate_sops_config.sh

ENTRYPOINT ["sops"]

./generate_sops_config.sh:

#!/bin/bash

# Generate age key pair
age-keygen -o age_key.dev.txt
age-keygen -o age_key.prod.txt

# Extract the public key
prod_age_pubkey=$(cat age_key.dev.txt.pub)
prod_age_pubkey=$(cat age_key.prod.txt.pub)

# Update .sops.yaml with the public key
cat <<EOF > .sops.yaml
creation_rules:
  - path_regex: \.dev\.yaml$
    age: |
      -----BEGIN AGE ENCRYPTED FILE-----
      ${dev_age_pubkey}
      -----END AGE ENCRYPTED FILE-----

  - path_regex: \.prod\.yaml$
    age: |
      -----BEGIN AGE ENCRYPTED FILE-----
      ${prod_age_pubkey}
      -----END AGE ENCRYPTED FILE-----
EOF

./docker-compose.yml:

version: '3'

services:
  sops-service:
    build:
        context: .
    volumes:
      - ./shared:/app/shared/
      - ./config:/app/config/

This gets to layer 7/9

 => [sops-service 6/9] RUN chmod +x /app/config/generate_sops_config.sh                            0.3s
 => ERROR [sops-service 7/9] RUN /app/config/generate_sops_config.sh

I run this after first creating the two empty volumes (./shared & ./config) Then running docker-compose up.

Any idea whats going wrong here? I have been troubleshooting for about an hour and a half now with no luck getting Docker to see the file during the build process.

Solution

  • Your generate_sops_config.sh script begins with a "shebang" line that requires #!/bin/bash. A minimal Alpine-based image doesn't include the GNU bash shell. However, it also doesn't look like your script is using any bash-specific features; you should be able to use any POSIX shell here.

    If you change the "shebang" line to

    #!/bin/sh
#      ^^ (not bash)

    then the script should run fine. For more complex scripts, you need to make sure to avoid bash-specific features like array-type variables, and unnecessary syntax like function or source keywords.