Unknown variable; There is no variable named…

I was building an AWS Code Pipeline recently with terraform to deploy a new rails application on an ECS cluster and encountered the following error:

Error: failed to render : <template_file>:22,137-152: Unknown variable; There is no variable named "SECRET_KEY_BASE".
  
  on pipeline.tf line 50, in data "template_file" "buildspec":
  50: data "template_file" "buildspec" {


Releasing state lock. This may take a few moments...
[terragrunt] 2020/12/21 17:48:38 Hit multiple errors:
exit status 1

The problem in the buildspec.yml was the following line:

      - docker build --build-arg RAILS_ENV="production" --build-arg RAILS_MASTER_KEY="$RAILS_MASTER_KEY" --build-arg SECRET_KEY_BASE=${SECRET_KEY_BASE} -t $REPOSITORY_URI:latest .

All of these build arguments were taken from System Manager’s Parameter store, so I know they were there. The problem was that I copied and pasted a docker build command that included the build-arg and the format did not work here. For correct interpolation, the argument variable must be enclosed in double quotes and not surrounded by curly braces. This is the correct format:

      - docker build --build-arg RAILS_ENV="production" --build-arg RAILS_MASTER_KEY="$RAILS_MASTER_KEY" --build-arg SECRET_KEY_BASE="$SECRET_KEY_BASE" -t $REPOSITORY_URI:latest .

Once I fixed that issue, the build succeeded.

Note that the SECRET_KEY_BASE should never necessary (or desirable) to pass to the build process since it becomes accessible when the RAILS_MASTER_KEY is used to open the encrypted secrets file, but it is necessary when running “rails assets:precompile”. That is something that should not be required for this task and I believe a solution is being worked on to resolve this with the rails team.


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *