Use case for deprecated balena build -B

Thibaut · October 20, 2022, 2:23pm

Hello,

Context: build image for a multi-container project.

I haven’t find an alternative to use balena build -B in my use case, so I would like to share it with you as mentionned in the warning message

Basically I want to pass an NPM_TOKEN to my Dockerfile. I tried to use the “build secrets” feature but it only works on balena-engine. When I use balena build locally on my Mac to build the docker image I cannot build it using secrets.

I plan to use balena build in our CI to build and push images in our Docker registry for our components. If this feature works only in balena-engine, I cannot use it and I have to fallback to a build arg.

Unless there is a way to use balena build with remote Belena builders, but pushing to a custom registry after building ?

cywang117 · October 21, 2022, 6:52pm

Hi,

Build args using the -B / --buildArg flag is deprecated and the recommended method for passing tokens during image build is to use build secrets, per this link: Deploy to your fleet - Balena Documentation

However, I understand that this only works for balena push. I’ve attached a pattern for adding this feature to balena build as well. In the meantime, as a workaround, could you invoke balena push, then pull the built image from the balena registry then push it to your docker registry? You can find the URL for the image location using the following Node SDK call (which can be translated into an API call):

await sdk.pine.get({
    resource:'image',
    options: {
        $select: ['id', 'is_stored_at__image_location'],
        $filter: {
            is_part_of__release: {
                release: YOUR_RELEASE_ID
            }
        }
    }
})

Let us know if you’d like further help with this workaround!

Regards,
Christina

Thibaut · October 24, 2022, 8:29am

Thanks for your answer !

Unfortunately it’s not possible for me to use balena push because when I build one image I’m not in the repository containing the docker-compose file. Also, pushing means creating a realease, which I don’t want at this step.

Here is my setup :

Multiple Git repositories: one per docker container running on my device
Every repository has its own CI in charge of building the image (using balena build)
When I want to release a new version, I run balena push which uses existing built images.

I don’t think I can do this without using -B until secrets are supported in balena build.

Topic		Replies	Views
Build time secrets / best practices for SSH keys Product support	15	2465	July 15, 2019
Balena CLI deploy buildArg not passed through Product support resin-cli , docker	2	509	December 26, 2018
Doubt related to the integration of Docker registry? Product support	17	1271	June 20, 2019
Optimizing release build Product support builder	3	481	December 18, 2020
Use pre build multiarch image from docker hub Product support	15	1202	September 17, 2019

Use case for deprecated balena build -B

Related topics