Forward ssh agent socket to docker build

Question

Connecting to the server where I build docker images

ssh -A user@myserver

Dockerfile

# syntax=docker/dockerfile:experimental

FROM golang
WORKDIR /go/src/github.com/xxx/xxx
RUN --mount=type=ssh git clone git@github.com:xxx/xxx.git .
...

Building image:

export DOCKER_BUILDKIT=1
docker build --ssh default=$SSH_AUTH_SOCK -t xxx/xxx .

...
#8 1.579 Host key verification failed.
#8 1.579 fatal: Could not read from remote repository.
#8 1.579 
#8 1.579 Please make sure you have the correct access rights
#8 1.579 and the repository exists.
------
rpc error: code = Unknown desc = executor failed running [/bin/sh -c git clone git@github.com:xxx/xxx.git .]: exit code: 128

What I am missing?

UPDATE

export DOCKER_BUILDKIT=1
docker build --ssh default -t xxx/xxx .

Building locally produces same result.

Answer 1

You might have figured this out or moved on by now, but in my case, I had skipped this step when configuring my build:

RUN mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts

turns out ssh will throw up its hands in disgust without checking the agent if the .ssh directory isn't there, and then will fail early if you haven't imported the server's public key.

Answer 2

Your error message says, It could not verify the host (i.e) the docker image which you are trying to build.

In order to do git clone via ssh you have to follow these steps.

But, if you want to clone a repo during image build. you can clone using https instead of ssh.

git clone https://username:password@github.com/username/repository.git

So, your Dockerfile should look something like this:

FROM golang
WORKDIR /xxx
RUN git clone https://username:password@github.com/xxx/xxx.git
...

CREDITS: Git clone using username and password