SHA of currently deployed release

I would like to access the Git SHA of the currently deployed release when my app is started.
I expected a env var that contains it but couldn’t find one…
Can I set it myself in my app’s Dockerfile or fly.toml?
Any ideas are appreciated! :smile:

We tag our images with the commit-sha instead of burning it in an env (which is mutable), which then appears in our FLY VM as FLY_IMAGE_REF=registry.fly.io/<appname>@sha256:<sha256>

FLY_TOML = "fly.toml"
# or use rolling
FLY_DEPLOY_START="immediate"
# or use {{ github.sha }}
GIT_HEAD=$(git rev-parse HEAD)

flyctl deploy
        --image-label GIT_HEAD
        --config FLY_TOML
        --strategy FLY_DEPLOY_STRAT
        --auto-confirm
        --verbose

If you use github-actions, then see: serverless-dns/fly.yml at 8a07a50e901ec16045b6de1d90036a81ebf4c872 · serverless-dns/serverless-dns · GitHub

1 Like

Great, thanks! I’ll use FLY_IMAGE_REF to get the SHA.

Or could I easily set a separate env var in the Dockerfile?

In case you misunderstood it… by default, Fly doesn’t burn in the commit-sha. You’d have to explicitly pass it along with the flyctl deploy --image-label <sha> <other-args> switch (note the I shared cmd above).

Yep, that works just as nicely.

In case you misunderstood it… by default, Fly doesn’t burn in the commit-sha. You’d have to explicitly pass it along with the flyctl deploy --image-label <sha> <other-args> switch (note the I shared cmd above).

Are you sure? When I check the VMs of all the apps I have deployed on Fly, FLY_IMAGE_REF is there (and I haven’t used the --image-label ever).

Yeah FLY_IMAGE_REF should be present regardless. We explicitly set the label to match the git commit we deploy.

If one doesn’t set --image-label during deploys, then Fly assigns (what looks like) a random 16-byte base-32 (rfc3584) label to images prefixed with deployment-; ex: deployment-018EW9W8WZW05MW3DJTFWXWZD8.

Ah ok, got it! :grinning:

1 Like

When exactly is FLY_IMAGE_REF set?
When I check for it during the load phase of my Rails app, it’s not there yet.

 => [internal] load remote build context                                                                                                                                                                                                        0.0s
 => copy /context /                                                                                                                                                                                                                             0.1s
 => resolve image config for docker.io/docker/dockerfile:experimental                                                                                                                                                                           0.7s
 => CACHED docker-image://docker.io/docker/dockerfile:experimental@sha256:600e5c62eedff338b3f7a0850beb7c05866e0ef27b2d2e8c02aa468e78496ff5                                                                                                      0.0s
 => [internal] load metadata for quay.io/evl.ms/fullstaq-ruby:3.1.2-jemalloc-slim                                                                                                                                                               0.5s
 => [base 1/5] FROM quay.io/evl.ms/fullstaq-ruby:3.1.2-jemalloc-slim@sha256:6a18708ef1cbc3dfa8c14a1fa3942d8b13c2ed2eebf5caa30e7099b11f2ae120                                                                                                    0.0s
 => CACHED [base 2/5] RUN mkdir /app                                                                                                                                                                                                            0.0s
 => CACHED [base 3/5] WORKDIR /app                                                                                                                                                                                                              0.0s
 => CACHED [base 4/5] RUN mkdir -p tmp/pids                                                                                                                                                                                                     0.0s
 => CACHED [base 5/5] RUN gem update --system --no-document &&     gem install -N bundler -v 2.3.24                                                                                                                                             0.0s
 => CACHED [stage-3 1/7] RUN --mount=type=cache,id=prod-apt-cache,sharing=locked,target=/var/cache/apt     --mount=type=cache,id=prod-apt-lib,sharing=locked,target=/var/lib/apt     apt-get update -qq &&     apt-get install --no-install-re  0.0s
 => CACHED [build_deps 1/1] RUN --mount=type=cache,id=dev-apt-cache,sharing=locked,target=/var/cache/apt     --mount=type=cache,id=dev-apt-lib,sharing=locked,target=/var/lib/apt     apt-get update -qq &&     apt-get install --no-install-r  0.0s
 => CACHED [gems 1/3] COPY Gemfile* ./                                                                                                                                                                                                          0.0s
 => CACHED [gems 2/3] COPY .ruby-version ./                                                                                                                                                                                                     0.0s
 => CACHED [gems 3/3] RUN bundle install &&  rm -rf vendor/bundle/ruby/*/cache                                                                                                                                                                  0.0s
 => CACHED [stage-3 2/7] COPY --from=gems /app /app                                                                                                                                                                                             0.0s
 => CACHED [stage-3 3/7] COPY --from=gems /usr/lib/fullstaq-ruby/versions /usr/lib/fullstaq-ruby/versions                                                                                                                                       0.0s
 => CACHED [stage-3 4/7] COPY --from=gems /usr/local/bundle /usr/local/bundle                                                                                                                                                                   0.0s
 => [stage-3 5/7] COPY . .                                                                                                                                                                                                                      0.0s
 => [stage-3 6/7] RUN chmod +x /app/bin/* &&     sed -i 's/ruby.exe/ruby/' /app/bin/* &&     sed -i '/^#!/aDir.chdir File.expand_path("..", __dir__)' /app/bin/*                                                                                0.4s
 => ERROR [stage-3 7/7] RUN bin/rails fly:build                                                                                                                                                                                                 5.1s
------
 > [stage-3 7/7] RUN bin/rails fly:build:
#20 4.961 rails aborted!
#20 4.961 Could not determine revision.
#20 4.961 /app/config/application.rb:12:in `<class:Application>'
#20 4.961 /app/config/application.rb:8:in `<module:NoteToSelf>'
#20 4.961 /app/config/application.rb:7:in `<main>'
#20 4.961 /app/Rakefile:1:in `require_relative'
#20 4.961 /app/Rakefile:1:in `<main>'
#20 4.961 /app/vendor/bundle/ruby/3.1.0/gems/railties-7.0.4/lib/rails/commands/rake/rake_command.rb:20:in `block in perform'
#20 4.961 /app/vendor/bundle/ruby/3.1.0/gems/railties-7.0.4/lib/rails/commands/rake/rake_command.rb:18:in `perform'
#20 4.961 /app/vendor/bundle/ruby/3.1.0/gems/railties-7.0.4/lib/rails/command.rb:51:in `invoke'
#20 4.961 /app/vendor/bundle/ruby/3.1.0/gems/railties-7.0.4/lib/rails/commands.rb:18:in `<main>'
#20 4.961 /app/vendor/bundle/ruby/3.1.0/gems/bootsnap-1.13.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:32:in `require'
#20 4.961 /app/vendor/bundle/ruby/3.1.0/gems/bootsnap-1.13.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:32:in `require'
#20 4.961 bin/rails:5:in `<main>'
#20 4.962 (See full trace by running task with --trace)
------
Error failed to fetch an image or build from source: error building: executor failed running [/bin/bash -o pipefail -c ${BUILD_COMMAND}]: exit code: 1

@ignoramous Could you give me a hint how to save the Git SHA to a env var during deploy?
I can’t figure out how to get it into the Dockerfile…

Once you fetch the git commit id, pass it on to Docker as build-args via fly deploy: What is the correct workflow for utilising secrets during deployment? - #5 by kurt

Also see: Environment variables - #22 by ignoramous

Note though, don’t use build-args for secrets: How to include `fly-log-shipper` in a project? - #4 by ignoramous

I should have been clearer. FLY_IMAGE_REF is set for a Fly app at runtime (not build-time).

Thanks for your help!
I am now setting the Git SHA via the Dockerfile before building using build-args.

1 Like