mirror of
https://github.com/docker/build-push-action.git
synced 2025-03-30 19:50:07 +02:00
66 lines
1.9 KiB
Text
66 lines
1.9 KiB
Text
|
|
How To Install Private Git Hosted Dependencies Inside Docker Image Using SSH
|
|
#
|
|
docker
|
|
#
|
|
devops
|
|
#
|
|
security
|
|
#
|
|
python
|
|
Introduction
|
|
This quick guide will show you how to mount a ssh key inside a container in build time, to allow you to install private dependencies, that won't be persisted in the final image. It uses python but could work with any language/package manager that uses git + ssh.
|
|
|
|
Dockerfile
|
|
First you need to set Dockerfile syntax to docker/dockerfile:1.2. Put this in the beggining of the file:
|
|
|
|
# syntax = docker/dockerfile:1.2
|
|
Now install git and openssh, and setup ssh folders:
|
|
|
|
RUN apt update && \
|
|
apt install -y git openssh-client && \
|
|
mkdir -p /root/.ssh && \
|
|
ssh-keyscan github.com >> /root/.ssh/known_hosts
|
|
May vary depending on the base image you're using, just change with the package manager you use.
|
|
|
|
Make sure to change github.com with your git host.
|
|
|
|
Now you have to mount the ssh key in the step that installs the dependency:
|
|
|
|
RUN --mount=type=secret,id=id_rsa,dst=/root/.ssh/id_rsa \
|
|
pip install git+ssh://git@github.com/username/repository.git@version
|
|
This will mount secret identified by id_rsa on /root/.ssh/id_rsa.
|
|
|
|
Building
|
|
When building you need to specify your ssh key as id_rsa secret:
|
|
|
|
docker build . \
|
|
-f Dockerfile \
|
|
--secret id=id_rsa,src=/home/user/.ssh/id_rsa
|
|
Or using docker compose:
|
|
|
|
version: '3.7'
|
|
services:
|
|
your_service:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
secrets:
|
|
- id_rsa
|
|
secrets:
|
|
id_rsa:
|
|
file: /home/user/.ssh/id_rsa
|
|
Final file
|
|
# syntax = docker/dockerfile:1.2
|
|
|
|
FROM python:3.11
|
|
|
|
RUN apt update && \
|
|
apt install -y git openssh-client && \
|
|
mkdir -p /root/.ssh && \
|
|
ssh-keyscan github.com >> /root/.ssh/known_hosts
|
|
|
|
RUN --mount=type=secret,id=id_rsa,dst=/root/.ssh/id_rsa \
|
|
pip install git+ssh://git@github.com/username
|
|
example
|
|
pip install git+ssh://git@github.com/sammyfilly
|