Can't pass gitlab user defined variable through Docker image through --build-arg

General
1

Hi! I’m trying to create my own docker image inside my gitlab CI to be able to use an external secrets manager. What I want to do is to pass down a variable I defined called INFISICAL_PROJECT_ID through --build-arg to my Dockerfile. Now, I could print out the value with echo inside my ci script which isn’t the best practice but I’m gonna mask the value later however I’m not able to print out that value from my Dockerfile to trace it. This is my code: .gitlab-ci.yml

build-image:
  stage: build
  image: docker
  services:
    - docker:dind
  script: |
    set -x
    echo "INFISICAL_PROJECT_ID=$INFISICAL_PROJECT_ID"
    echo $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER $CI_REGISTRY --password-stdin
    docker build -t $CI_REGISTRY_IMAGE . --build-arg INFISCAL_PROJECT_ID=$INFISICAL_PROJECT_ID
    echo $CI_REGISTRY_IMAGE

Dockerfile

FROM ubuntu:latest
ARG INFISICAL_PROJECT_ID
ENV INFISICAL_PROJECT_ID=$INFISICAL_PROJECT_ID
RUN echo "Debugging arg variable: " $INFISICAL_PROJECT_ID

I change gitlab ci settings to allow my yaml read variables from unprotected branches. That worked for making sure that I could use the value in my pipeline but again I don’t see it in my docker file. This is my CI log:

2026-03-03T15:26:42.371322Z 01E #5 [2/2[] RUN echo "Debugging arg variable: "                            
2026-03-03T15:26:42.413093Z 01E #5 0.198 Debugging arg variable:

Do you guys think I’m missing something? What’s it?

2

Assuming, the variable INFISICAL_PROJECT_ID is defined as global variable in this pipeline, or as CI Variable in your project/group.

Then the only thing that looks off is that your command uses docker build options after . (the context).

According docs, the syntax is docker image build [OPTIONS] PATH | URL | -.

The Dockerfile looks fine.

3

There is a typo. INFISCAL vs INFISICAL.

If you want to avoid that next time, you can add the “-u” option to the shell, or even -e. so instead of

  script: |
    set -x

Use

  script: |
    set -xeu

Then “-u” means showing an error when a variable is undefined. “-e” means it will exit whenever an error happens. -e could also cause unexpected exiting if any command returns an error code without actual errors like grep, but -u is should be easy to use.

The context can be anywhere in the argument list. I often put options after the context when I use a dot as context to make that more visible. Otherwise a dot is hard to notice at the end of a command sometimes.

4

Well spotted. I didn’t catch the typo in the --build-arg argument.

Since I didn’t catch the typo, it was the only thing that caught my eye. Good to know, I never dared to not use the context as last argument :slight_smile: