mirror of
https://github.com/docker/build-push-action.git
synced 2025-04-03 13:40:07 +02:00
Create SSH
Signed-off-by: Sammy filly <136061549+sammyfilly@users.noreply.github.com>
This commit is contained in:
Sammy filly
GitHub
parent
9311bf5263
commit
df45ce9a13
1 changed files with 66 additions and 0 deletions
66
SSH
Normal file
66
SSH
Normal file
|
|
@ -0,0 +1,66 @@
|
||||||
|
|
||||||
|
How To Install Private Git Hosted Dependencies Inside Docker Image Using SSH
|
||||||
|
#
|
||||||
|
docker
|
||||||
|
#
|
||||||
|
devops
|
||||||
|
#
|
||||||
|
security
|
||||||
|
#
|
||||||
|
python
|
||||||
|
Introduction
|
||||||
|
This quick guide will show you how to mount a ssh key inside a container in build time, to allow you to install private dependencies, that won't be persisted in the final image. It uses python but could work with any language/package manager that uses git + ssh.
|
||||||
|
|
||||||
|
Dockerfile
|
||||||
|
First you need to set Dockerfile syntax to docker/dockerfile:1.2. Put this in the beggining of the file:
|
||||||
|
|
||||||
|
# syntax = docker/dockerfile:1.2
|
||||||
|
Now install git and openssh, and setup ssh folders:
|
||||||
|
|
||||||
|
RUN apt update && \
|
||||||
|
apt install -y git openssh-client && \
|
||||||
|
mkdir -p /root/.ssh && \
|
||||||
|
ssh-keyscan github.com >> /root/.ssh/known_hosts
|
||||||
|
May vary depending on the base image you're using, just change with the package manager you use.
|
||||||
|
|
||||||
|
Make sure to change github.com with your git host.
|
||||||
|
|
||||||
|
Now you have to mount the ssh key in the step that installs the dependency:
|
||||||
|
|
||||||
|
RUN --mount=type=secret,id=id_rsa,dst=/root/.ssh/id_rsa \
|
||||||
|
pip install git+ssh://git@github.com/username/repository.git@version
|
||||||
|
This will mount secret identified by id_rsa on /root/.ssh/id_rsa.
|
||||||
|
|
||||||
|
Building
|
||||||
|
When building you need to specify your ssh key as id_rsa secret:
|
||||||
|
|
||||||
|
docker build . \
|
||||||
|
-f Dockerfile \
|
||||||
|
--secret id=id_rsa,src=/home/user/.ssh/id_rsa
|
||||||
|
Or using docker compose:
|
||||||
|
|
||||||
|
version: '3.7'
|
||||||
|
services:
|
||||||
|
your_service:
|
||||||
|
build:
|
||||||
|
context: .
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
secrets:
|
||||||
|
- id_rsa
|
||||||
|
secrets:
|
||||||
|
id_rsa:
|
||||||
|
file: /home/user/.ssh/id_rsa
|
||||||
|
Final file
|
||||||
|
# syntax = docker/dockerfile:1.2
|
||||||
|
|
||||||
|
FROM python:3.11
|
||||||
|
|
||||||
|
RUN apt update && \
|
||||||
|
apt install -y git openssh-client && \
|
||||||
|
mkdir -p /root/.ssh && \
|
||||||
|
ssh-keyscan github.com >> /root/.ssh/known_hosts
|
||||||
|
|
||||||
|
RUN --mount=type=secret,id=id_rsa,dst=/root/.ssh/id_rsa \
|
||||||
|
pip install git+ssh://git@github.com/username
|
||||||
|
example
|
||||||
|
pip install git+ssh://git@github.com/sammyfilly
|
||||||
Loading…
Add table
Reference in a new issue