Support for passing env to docker build as args #2769
Description
Currently, there's no way to pass any sort of dynamic or secret build arguments to the docker build process. The manifest supports passing secrets from SSM to the running process, but the build: args section only supports constant values coded into the manifest file itself.
This limits the ability to pass secrets such as NPM credentials to the docker build, limiting the ability for professional CI usage if you have private packages.
Your available options in this care are either:
- Code your private values into the manifest (bad)
- Run your build process manually, upload the image to ECR yourself, and deploy the resulting image.
Option 2 is better, but runs into a few issues with the copilot cli:
- The build process must be managed separately
- The resulting image must either overwrite the last image's tag (e.g. by moving the "latest" tag) or else you must edit your manifest.yml to point to the new location.
- If you overwrite the last image's tag and do not otherwise change manifest.yml, then the
copilot deploycommand will not detect a change and will not deploy.
I think the ideal solution here would be the ability to specify ${VALUE} values in the manifest.yml build: args section that would indicate that the value should be pulled from the local env and then passed to the build process.
If for some reason that is not possible, two other possibilities would be A) to have a way to force copilot deploy to redeploy even if it believed nothing had changed, but that solution is far less graceful or B) to have a way to pass in the build image location as an argument to the copilot deploy command in the same way that one may override other values.