How to access a private git repo in cloud run build

Question

I have a python Cloud Run container with a private git repo as a dependency. I have found docs of how to use private repos in Cloud Build but am yet to find what is best practice for doing the same thing in a Cloud Run container.

EDIT: extra information as requested in comments.

The container uses a private git repo at build time as a dependency from requirements.txt.

Answer 1

Which is the best practice to use a private repository in a Cloud Run container?

The guide that you shared about how to use private repositories in Cloud Build also applies to Cloud Run, you can follow it as if it was for Cloud Run. You can customize the authentication inside a step in the cloudbuild.yaml file. If you want to keep your credentials safe, what you have to do is to store your private SSH key in the Secret Manager, and your application will pull the key and authenticate git to run the operation.

Is there a simplified flow when using github actions?

A simplified flow is linking your Github repository with your Google Cloud project CLoud Build, doing this you will be able to have a mirror in your project and you’ll get the source code immediately after running your build. As the Github repository is already linked you won’t need any authentication step, but this only works if the repository to build it is one of your private repositories, it won’t work if the private repository is called from a dependency.

---

This answer was created to make the solution given in the comments more visible to the community.