Doppler run in a Docker Image Created with Nix Gets a Certificate Signed by Unkown Authority Error

Need Help
1

Hi,

I have a node.js server built with Nix that is deployed to ECS Fargate. Once deployed I get these errors:

Screenshot 2023-12-27 at 9.26.34 PM
Screenshot 2023-12-27 at 9.26.34 PM2394×1344 396 KB

What is normally the reason for such errors? I have already tried --no-dns-resolver flag.

Here’s the relevant flake-parts module that defines the docker image for those who are familiar with nix. I have found this article that uses direnv, but I would like to use doppler run if possible. Thank you!

{inputs, ...}: let
  imageName = "myproject/app";
  imageTag = "latest";
in {
  config = {
    perSystem = {
      self',
      pkgs,
      lib,
      system,
      ...
    }: {
      packages = lib.optionalAttrs pkgs.stdenv.isLinux {
        appStgDockerImage = pkgs.dockerTools.buildImage {
          name = imageName;
          tag = imageTag;
          created = "now";
          copyToRoot = pkgs.buildEnv {
            name = imageName;
            paths = with pkgs; [doppler coreutils bash_5 self'.packages.app];
            pathsToLink = ["/bin" "/lib" ];
          };
          keepContentsDirlinks = true;
          config = {
            Cmd = ["doppler" "run" "-p" "app" "-c" "stg" "-t" "$DOPPLER_TOKEN" "--no-dns-resolver" "--debug" "--" "/bin/app"];
            ExposedPorts = {"8080/tcp" = {};};
          };
        };
      };
    };
  };
}
2

Adding cacert in paths attribute solves the problem. Also had to change the CMD to access the env variable. This is the flake that works:

{...}: let
  imageName = "myproject/app";
  imageTag = "latest";
in {
  config = {
    perSystem = {
      self',
      pkgs,
      lib,
      system,
      ...
    }: {
      packages = lib.optionalAttrs pkgs.stdenv.isLinux {
        appStgDockerImage = pkgs.dockerTools.buildImage {
          name = imageName;
          tag = imageTag;
          created = "now";
          copyToRoot = pkgs.buildEnv {
            name = imageName;
            paths = with pkgs; [doppler cacert coreutils bash_5 self'.packages.app];
            pathsToLink = ["/bin" "/lib"];
          };
          keepContentsDirlinks = true;
          config = {
            Cmd = [
              "sh"
              "-c"
              "doppler -p app -c stg -t $DOPPLER_TOKEN run -- /bin/app"
            ];
            ExposedPorts = {"8080/tcp" = {};};
          };
        };
      };
    };
  };
}