I'm trying to clone private git repository from github. I did a Dockerfile like this: FROM ubuntu:12.04 RUN apt-get update RUN apt-get install -y git RUN mkdir -p /root/.ssh/ ADD ./id_rsa /root/.ssh/id_rsa RUN git clone git@github.com:usr/repo.git I use this repo with this key just fine locally, so it seems I'm missing something inside docker. One more thing I may be missing is that both ~ and $HOME inside docker point to / instead of /root , but I'm not sure if that can be related.

What's the output of the build process? Random guess: try to chmod 600 the private key. If it still doesn't work, try to RUN ssh -v git@github.com (after adding the key); the output should explain what's happening.

sshdocker

Kostia R

Reputation: 2565

Dockerfile for cloning private git repo

I'm trying to clone private git repository from github. I did a Dockerfile like this:

FROM ubuntu:12.04

RUN apt-get update
RUN apt-get install -y git
RUN mkdir -p /root/.ssh/
ADD ./id_rsa /root/.ssh/id_rsa
RUN git clone [email protected]:usr/repo.git

I use this repo with this key just fine locally, so it seems I'm missing something inside docker.

One more thing I may be missing is that both ~ and $HOME inside docker point to / instead of /root, but I'm not sure if that can be related.

Upvotes: 23

Answers (4)

Youngjae

Reputation: 25080

Below approach is using https with Personal Access Token, and it works like charm.

ARG git_personal_token
RUN git config --global url."https://${git_personal_token}:@github.com/".insteadOf "https://github.com/"
RUN git clone https://github.com/your/project.git /project

Then, supply a docker argument as below.

docker build --build-arg git_personal_token={your_token} .

Basic idea is from https://medium.com/paperchain/fetching-private-github-repos-from-a-docker-container-273f25ec5a74

Upvotes: 3

tanguy_k

Reputation: 12323

(Will probably not fit your needs)

There is another approach: https://stackoverflow.com/a/29464430/990356

Go to Settings > Personal access tokens and generate a personal access token with repo scope enabled. Now you can do git clone https://[email protected]/user-or-org/repo

Pros:

very simple approach
token can be easily revoked

Cons:

if someone has access to the Dockerfile he has access to the token

To fix this, you can use an environment variable to store the token

Upvotes: 3

Dan Sabin

Reputation: 886

RUN ssh-keyscan github.com >> ~/.ssh/known_hosts

The keyscan works great since it accepts the host. The following complete answer worked:

RUN mkdir -p /root/.ssh
RUN cp /var/my-app/id_rsa /root/.ssh/id_rsa
RUN chmod 600 /root/.ssh/id_rsa
RUN ssh-keyscan github.com >> /root/.ssh/known_hosts

Also as mentioned:

RUN ssh -v [email protected]

^ Great way to debug the flow. That's how I realized I needed the keyscan >> known_hosts

Upvotes: 18

jpetazzo

Reputation: 15511

What's the output of the build process?

Random guess: try to chmod 600 the private key.

If it still doesn't work, try to RUN ssh -v [email protected] (after adding the key); the output should explain what's happening.

Upvotes: 24

Dockerfile for cloning private git repo

Answers (4)

Related Questions