Bug: sam build --container-env-var is not working

[glg-satish-tripathi]

Description:

sam build --parameter-overrides --use-container --container-env-var GITHUB_TOKEN="pat-token" --debug

FROM public.ecr.aws/lambda/nodejs:20

# Declare GITHUB_TOKEN as a build argument
ARG GITHUB_TOKEN

# Create .npmrc file inside the Docker image
RUN echo "@abc:registry=https://npm.pkg.github.com/" > ${LAMBDA_TASK_ROOT}/.npmrc && \
    echo "//npm.pkg.github.com/:_authToken=${GITHUB_TOKEN}" >> ${LAMBDA_TASK_ROOT}/.npmrc

# Optional: Echo the token to verify its presence (remove in production)
RUN echo "GITHUB_TOKEN is set to: ${GITHUB_TOKEN}"

# Set the GITHUB_TOKEN environment variable inside the Docker image
ENV GITHUB_TOKEN=${GITHUB_TOKEN}

# Copy all the files to lambda task root.
COPY . ${LAMBDA_TASK_ROOT}

# Install all the required package.
RUN npm install

# Set the CMD to your handler.
CMD [ "index.handler" ]

When i run docker inspect imgae_id, GITHUB_TOKEN value is empty.

Steps to reproduce:

sam build --use-container --container-env-var GITHUB_TOKEN="pat-token" --debug

Observed result:

i] Setting the Enviromnet variables to prepare for sam deployment!
[i] Building the Image
2024-08-16 14:35:51,852 | Config file location: /Users/satishtripathi/Documents/glg-work/deployinator-infrastructure-lambdas/deployment/deployinator-v2-update-secrets-list/samconfig.toml                     
2024-08-16 14:35:51,854 | Loading configuration values from [default.['build'].parameters] (env.command_name.section) in config file at                                                                        
'/Users/satishtripathi/Documents/glg-work/deployinator-infrastructure-lambdas/deployment/deployinator-v2-update-secrets-list/samconfig.toml'...                                                                
2024-08-16 14:35:51,855 | Configuration values successfully loaded.                                                                                                                                            
2024-08-16 14:35:51,855 | Configuration values are: {'cached': True, 'parallel': True}                                                                                                                         
2024-08-16 14:35:51,860 | Using SAM Template at /Users/satishtripathi/Documents/glg-work/deployinator-infrastructure-lambdas/deployment/deployinator-v2-update-secrets-list/template.yaml                      
2024-08-16 14:35:51,884 | Using config file: samconfig.toml, config environment: default                                                                                                                       
2024-08-16 14:35:51,885 | Expand command line arguments to:                                                                                                                                                    
2024-08-16 14:35:51,885 | --template_file=/Users/satishtripathi/Documents/glg-work/deployinator-infrastructure-lambdas/deployment/deployinator-v2-update-secrets-list/template.yaml --use_container            
--parameter_overrides={'accountName': 'prototype', 'dynamoAccount': '988857891049', 'dynamoKey': 'prototype.all.secrets', 'dynamoDbTableName': 'test-table', 'dynamoRole': 'test-dynamodb-role',               
'FunctionName': 'deployinator-v2-update-secrets-list', 'DockerContextPath': '../../src/deployinator-v2-update-secrets-list', 'LambdaArchitecture': 'x86_64', 'LambdaTimeout': '60', 'LambdaMemorySize': '160', 
'LambdaDescription': 'This is a lambda that updates a dynamo table when aws secrets are created or deleted.'} --container_env_var=('GITHUB_TOKEN=pat-token',) --parallel --mount_with=READ                     
--build_dir=.aws-sam/build --cache_dir=.aws-sam/cache --cached                                                                                                                                                 
2024-08-16 14:35:51,924 | 'build' command is called                                                                                                                                                            
2024-08-16 14:35:51,925 | Starting Build use cache                                                                                                                                                             
2024-08-16 14:35:51,925 | Starting Build inside a container                                                                                                                                                    
2024-08-16 14:35:51,930 | Collected default values for parameters: {}                                                                                                                                          
2024-08-16 14:35:51,945 | There is no customer defined id or cdk path defined for resource DeployinatorV2UpdateSecretsList, so we will use the resource logical id as the resource id                          
2024-08-16 14:35:51,946 | 0 stacks found in the template                                                                                                                                                       
2024-08-16 14:35:51,946 | Collected default values for parameters: {}                                                                                                                                          
2024-08-16 14:35:51,959 | There is no customer defined id or cdk path defined for resource DeployinatorV2UpdateSecretsList, so we will use the resource logical id as the resource id                          
2024-08-16 14:35:51,960 | 1 resources found in the stack                                                                                                                                                       
2024-08-16 14:35:51,960 | Found Serverless function with name='DeployinatorV2UpdateSecretsList' and ImageUri='None'                                                                                            
2024-08-16 14:35:51,961 | --base-dir is not presented, adjusting uri ../../src/deployinator-v2-update-secrets-list relative to                                                                                 
/Users/satishtripathi/Documents/glg-work/deployinator-infrastructure-lambdas/deployment/deployinator-v2-update-secrets-list/template.yaml                                                                      
2024-08-16 14:35:51,961 | --base-dir is not presented, adjusting uri . relative to                                                                                                                             
/Users/satishtripathi/Documents/glg-work/deployinator-infrastructure-lambdas/deployment/deployinator-v2-update-secrets-list/template.yaml                                                                      
2024-08-16 14:35:51,967 | 1 resources found in the stack                                                                                                                                                       
2024-08-16 14:35:51,967 | Found Serverless function with name='DeployinatorV2UpdateSecretsList' and ImageUri='None'                                                                                            
2024-08-16 14:35:51,968 | Error occurred while trying to track an event: Event 'BuildFunctionRuntime' does not accept value 'None'.                                                                            
2024-08-16 14:35:51,969 | Instantiating build definitions                                                                                                                                                      
2024-08-16 14:35:51,971 | Unique function build definition found, adding as new (Function Build Definition: BuildDefinition(None,                                                                              
/Users/satishtripathi/Documents/glg-work/deployinator-infrastructure-lambdas/deployment/deployinator-v2-update-secrets-list, Image, , 22a6518b-38c4-4441-ae4f-f705c8600240, {'Dockerfile': 'Dockerfile',       
'DockerContext': '/Users/satishtripathi/Documents/glg-work/deployinator-infrastructure-lambdas/src/deployinator-v2-update-secrets-list'}, {'GITHUB_TOKEN': 'pat-token'}, x86_64, []), Function:                
Function(function_id='DeployinatorV2UpdateSecretsList', name='DeployinatorV2UpdateSecretsList', functionname='deployinator-v2-update-secrets-list', runtime=None, memory='160', timeout='60', handler=None,    
imageuri=None, packagetype='Image', imageconfig=None, codeuri='/Users/satishtripathi/Documents/glg-work/deployinator-infrastructure-lambdas/deployment/deployinator-v2-update-secrets-list',                   
environment={'Variables': {'AWS_RETRY_MODE': 'standard', 'AWS_MAX_ATTEMPTS': 1, 'accountName': 'prototype', 'dynamoAccount': '988857891049', 'dynamoKey': 'prototype.all.secrets', 'dynamoRole':               
'test-dynamodb-role', 'dynamoDbTableName': 'test-table', 'awsRegion': 'awsRegion'}}, rolearn='LambdaRole', layers=[], events=None, metadata={'Dockerfile': 'Dockerfile', 'DockerContext':                      
'/Users/satishtripathi/Documents/glg-work/deployinator-infrastructure-lambdas/src/deployinator-v2-update-secrets-list', 'SamResourceId': 'DeployinatorV2UpdateSecretsList'}, inlinecode=None,                  
codesign_config_arn=None, architectures=['x86_64'], function_url_config=None, function_build_info=<FunctionBuildInfo.BuildableImage: ('BuildableImage', 'Regular IMAGE function which can be build with SAM    
CLI')>, stack_path='', runtime_management_config=None, logging_config=None))                                                                                                                                   
2024-08-16 14:35:51,976 | Async execution started                                                                                                                                                              
2024-08-16 14:35:51,976 | Invoking function functools.partial(<bound method ParallelBuildStrategy.build_single_function_definition of <samcli.lib.build.build_strategy.ParallelBuildStrategy object at         
0x113766490>>, <samcli.lib.build.build_graph.FunctionBuildDefinition object at 0x1137861f0>)                                                                                                                   
2024-08-16 14:35:51,977 | Running incremental build for runtime None for following resources (DeployinatorV2UpdateSecretsList)                                                                                 
2024-08-16 14:35:51,978 | Waiting for async results                                                                                                                                                            
2024-08-16 14:35:51,978 | Building codeuri: /Users/satishtripathi/Documents/glg-work/deployinator-infrastructure-lambdas/deployment/deployinator-v2-update-secrets-list runtime: None metadata: {'Dockerfile': 
'Dockerfile', 'DockerContext': '/Users/satishtripathi/Documents/glg-work/deployinator-infrastructure-lambdas/src/deployinator-v2-update-secrets-list'} architecture: x86_64 functions:                         
DeployinatorV2UpdateSecretsList                                                                                                                                                                                
2024-08-16 14:35:51,979 | Building to following folder                                                                                                                                                         
/Users/satishtripathi/Documents/glg-work/deployinator-infrastructure-lambdas/deployment/deployinator-v2-update-secrets-list/.aws-sam/build/DeployinatorV2UpdateSecretsList                                     
2024-08-16 14:35:51,979 | Building image for DeployinatorV2UpdateSecretsList function                                                                                                                          
2024-08-16 14:35:51,987 | Setting DockerBuildArgs: {} for DeployinatorV2UpdateSecretsList function                                                                                                             
2024-08-16 14:36:06,723 | Failed building function DeployinatorV2UpdateSecretsList                                                                                                                             
2024-08-16 14:36:06,725 | Exception raised during the execution                                                                                                                                                
2024-08-16 14:36:06,727 | Telemetry endpoint configured to be https://aws-serverless-tools-telemetry.us-west-2.amazonaws.com/metrics                                                                           
2024-08-16 14:36:06,792 | Telemetry endpoint configured to be https://aws-serverless-tools-telemetry.us-west-2.amazonaws.com/metrics                                                                           
2024-08-16 14:36:06,793 | Sending Telemetry: {'metrics': [{'commandRun': {'requestId': 'e91a1bdc-0c9b-4d62-9394-b7545a352ba6', 'installationId': '76c9ff6c-fe20-48dc-aa2b-3cc973aacdeb', 'sessionId':          
'cac9896c-53ee-43dd-92f5-5c64ef43a9da', 'executionEnvironment': 'CLI', 'ci': False, 'pyversion': '3.8.13', 'samcliVersion': '1.121.0', 'awsProfileProvided': False, 'debugFlagProvided': True, 'region': '',   
'commandName': 'sam build', 'metricSpecificAttributes': {'projectType': 'CFN', 'gitOrigin': None, 'projectName': 'e48f535bcd42a7aed89fa103f014ceea7f249c08fa3582698af3d3b9fdca7bb4', 'initialCommit': None},   
'duration': 14842, 'exitReason': 'DockerBuildFailed', 'exitCode': 1}}]}                                                                                                                                        
2024-08-16 14:36:06,793 | Unable to find Click Context for getting session_id.                                                                                                                                 
2024-08-16 14:36:06,797 | Sending Telemetry: {'metrics': [{'events': {'requestId': 'b8683d66-4a86-4b59-ad5c-a5d032061ba9', 'installationId': '76c9ff6c-fe20-48dc-aa2b-3cc973aacdeb', 'sessionId':              
'cac9896c-53ee-43dd-92f5-5c64ef43a9da', 'executionEnvironment': 'CLI', 'ci': False, 'pyversion': '3.8.13', 'samcliVersion': '1.121.0', 'commandName': 'sam build', 'metricSpecificAttributes': {'events':      
[{'event_name': 'SamConfigFileExtension', 'event_value': '.toml', 'thread_id': 'c6b45c12931e401dbbd8fc12c680849a', 'time_stamp': '2024-08-16 09:05:51.852', 'exception_name': None}, {'event_name':            
'SamConfigFileExtension', 'event_value': '.toml', 'thread_id': '176d2a3258ed4131b673483270e8b3ad', 'time_stamp': '2024-08-16 09:05:51.884', 'exception_name': None}]}}}]}                                      
2024-08-16 14:36:07,474 | HTTPSConnectionPool(host='aws-serverless-tools-telemetry.us-west-2.amazonaws.com', port=443): Read timed out. (read timeout=0.1)                                                     
Error: The command '/bin/sh -c npm install' returned a non-zero code: 1
2024-08-16 14:36:07,475 | HTTPSConnectionPool(host='aws-serverless-tools-telemetry.us-west-2.amazonaws.com', port=443): Read timed out. (read timeout=0.1)                                                     
make: *** [local-with-event] Error 1

Expected result:

docker inspect should show the value of GITHUB_TOKEN but it's blank.
"GITHUB_TOKEN="

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

1. OS:
2. sam --version:
3. AWS region:

# Paste the output of `sam --info` here

{
"version": "1.121.0",
"system": {
"python": "3.8.13",
"os": "macOS-14.5-arm64-arm-64bit"
},
"additional_dependencies": {
"docker_engine": "20.10.21",
"aws_cdk": "Not available",
"terraform": "1.5.6"
},
"available_beta_feature_env_vars": [
"SAM_CLI_BETA_FEATURES",
"SAM_CLI_BETA_BUILD_PERFORMANCE",
"SAM_CLI_BETA_TERRAFORM_SUPPORT",
"SAM_CLI_BETA_RUST_CARGO_LAMBDA"
]
}

`Add --debug flag to command you are running`

[hawflau]

Hi @glg-satish-tripathi thanks for raising the issue.

It looks like you are build a Image-type Lambda Function rather than a Zip-type Lambda Function. In such case, you don't need to use --use-container since you don't need to build an image (your Lambda Function) inside a container (the build container provided by SAM CLI). Therefore, you don't need to use --container-env-var since this is --use-container specific. (See https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-command-reference-sam-build.html#ref-sam-cli-build-options)

[hnnasit]

Closing as the issue has been stale for a while. Please open a new issue if you still have questions or concerns.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.