Builder Configuration

These environment variables control how migetpacks builds your application.
VariableRequiredDefaultDescription
SOURCE_DIRNo/workspace/sourceSource code directory
OUTPUT_IMAGEYes-Target image name (e.g., registry.io/app:tag)
LANGUAGENoauto-detectedProgramming language override
RUN_COMMANDNofrom Procfile/defaultCommand to run the application
PORTNo5000Port the application listens on
ARCHNox86_64Target architecture (x86_64, arm64)
PROJECT_PATHNo-Subdirectory within SOURCE_DIR for monorepo support
DOCKERFILE_PATHNo-Custom Dockerfile path (relative to PROJECT_PATH or absolute)
COMPOSE_FILENo-Custom compose file path (auto-detects compose.yaml, compose.yml, docker-compose.yaml, docker-compose.yml)
BUILDPACKSNoauto-detectedExplicit buildpack order (e.g., ruby,python,nodejs - first is primary)
TAG_LATESTNofalseAlso tag image with :latest in addition to primary tag
RESULT_FILENo-Path to write build results JSON (for Shipwright post-build steps)
STORAGE_DRIVERNooverlay2Docker storage driver override (e.g., fuse-overlayfs for nested DinD)

Caching Options

These variables configure build caching for faster subsequent builds.
VariableRequiredDefaultDescription
CACHE_IMAGENo-Registry image for BuildKit cache
CACHE_REGISTRY_INSECURENofalseSet to true for HTTP registries (e.g., internal cache registry)
NO_CACHENofalseForce fresh build (--no-cache), skips cache-from but still exports to cache-to
CACHE_MODENominBuildKit cache export mode: min (final layer only, smaller) or max (all layers, better hits)
CACHE_FROMNo-Additional read-only cache sources (comma-separated registry refs, skipped when NO_CACHE=true)
REGISTRY_MIRRORNo-Docker registry mirror URL (e.g., https://registry.example.io/mirror)
BUILD_CACHE_DIRNo-Shared cache directory for package managers (mount RWX volume here)

Docker Hardened Images

These variables enable Docker Hardened Images for secure, minimal containers.
VariableRequiredDefaultDescription
USE_DHINofalseUse Docker Hardened Images (dhi.io) for secure, minimal runtime containers
DHI_USERNAMENo-DHI registry username (alternative to mounting docker config)
DHI_PASSWORDNo-DHI registry password/token
DHI_MIRRORNo-DHI registry mirror URL (e.g., https://registry.example.io/dhi-io)

External Private Registry

Set these variables when your Dockerfile pulls a base image from a private registry (any FROM <private-host>/... line). The builder runs docker login before invoking the build, so subsequent pulls authenticate. Values may come from the environment directly or from the platform’s BUILD_VARS JSON envelope.
VariableRequiredDefaultDescription
EXTERNAL_REGISTRY_URLNo-Registry host (e.g., docker.io, ghcr.io, registry.digitalocean.com, <account>.dkr.ecr.<region>.amazonaws.com). No protocol prefix.
EXTERNAL_REGISTRY_USERNAMENo-Username (or token name where the provider uses it as the username, e.g., AWS for ECR).
EXTERNAL_REGISTRY_PASSWORDNo-Password or read-only access token. Read-only tokens are recommended.
All three must be present for the login step to run. Login failure is logged and non-fatal — the FROM-pull error then surfaces during docker build, matching the DHI block’s behaviour.

Example

docker
docker run --rm \
  -v "$(pwd):/workspace/source:ro" \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -e EXTERNAL_REGISTRY_URL=docker.io \
  -e EXTERNAL_REGISTRY_USERNAME=my-user \
  -e EXTERNAL_REGISTRY_PASSWORD=$DOCKERHUB_TOKEN \
  -e OUTPUT_IMAGE=myapp:latest \
  miget/migetpacks:latest-alpine

Custom Environment Variables

Any environment variable passed to migetpacks that is not in the known builder variables list is automatically injected into the generated Dockerfile as an ENV statement. This allows you to configure your application’s build environment without modifying any configuration files.

How It Works

  1. You pass an environment variable to the migetpacks container (e.g., -e NODE_OPTIONS="--max-old-space-size=4096")
  2. The builder checks whether it matches any known builder variable pattern
  3. If it does not match, it is added to the generated Dockerfile as an ENV instruction
  4. The variable becomes available during both the build and runtime stages
docker run --rm \
  -v /path/to/app:/workspace/source \
  -e OUTPUT_IMAGE=my-app:latest \
  -e NODE_OPTIONS="--max-old-space-size=4096" \
  -e VITE_API_URL="https://api.example.com" \
  miget/migetpacks:latest
The generated Dockerfile will include: 
# Custom build environment variables
ENV NODE_OPTIONS="--max-old-space-size=4096"
ENV VITE_API_URL="https://api.example.com"

Common Use Cases

Increase the V8 heap size for large builds that run out of memory:
-e NODE_OPTIONS="--max-old-space-size=4096"
Inject variables consumed by Vite, Next.js, or similar frameworks during the build:
-e VITE_API_URL="https://api.example.com"
-e NEXT_PUBLIC_ANALYTICS_ID="UA-123456"
Provide the master key so Rails can decrypt credentials during asset precompilation:
-e RAILS_MASTER_KEY="abc123def456"
Pass arbitrary flags to your build tooling:
-e CARGO_BUILD_JOBS="4"
-e MIX_ENV="prod"
-e BUNDLE_DEPLOYMENT="true"

Filtered Variables

The following categories of variables are never passed through to the Dockerfile:
  • Builder config: SOURCE_DIR, OUTPUT_IMAGE, LANGUAGE, BUILD_COMMAND, RUN_COMMAND, PORT, ARCH, CACHE_IMAGE, NO_CACHE, CACHE_MODE, CACHE_FROM, BUILDPACKS, USE_DHI, REGISTRY_MIRROR, RESULT_FILE, STORAGE_DRIVER, etc.
  • Language-specific: Go build flags, Scala/sbt options, Clojure/Leiningen settings
  • Credentials: AWS_* variables (never exposed in images)
  • Docker/system: DOCKER_HOST, DOCKER_CONFIG, DOCKER_BUILDKIT, etc.
  • Shell/system: PATH, HOME, PWD, TERM, SHELL, USER, HOSTNAME, LANG, LC_*, XDG_*, SSH_*, etc.

Build-arg name requirements

App environment variables reach the build through the platform’s BUILD_VARS envelope and are projected as Docker build args (--build-arg flags and generated ARG lines). Build args — like shell variables and Dockerfile ARG/ENV keys — must be POSIX identifiers (IEEE Std 1003.1 §8.1): a letter or underscore followed by letters, digits, or underscores, i.e. ^[A-Za-z_][A-Za-z0-9_]*$. Keys that don’t satisfy this rule — for example dotted settings such as discovery.seed_hosts (used by Elasticsearch and other JVM apps) — are skipped from the build-arg projection and logged. They are still delivered to the running container as ordinary environment variables; they simply cannot be build args, because ARG discovery.seed_hosts is not a valid Dockerfile instruction.
  • Runtime env (Compose Specification, permissive): keys are preserved verbatim.
  • Build args (POSIX / Docker ARG): only identifier-safe keys are projected; the rest are runtime-only.
If you need a non-identifier setting available at build time, expose it under an identifier-safe alias (e.g. ES_DISCOVERY_SEED_HOSTS) and reference that in your Dockerfile or build script.