CODEWITHSUNDEEP
dockerdockerfile
markf78
markf78

Reputation: 627

How to expose private git repo during docker build without including ssh key in image

I'm trying to use the ADD command to expose a private git LFS repo during the docker build process but I keep getting errors:

------
> git://192.168.189.143/REPO/my-libs.git:
#37 0.761 Permission denied, please try again.
#37 0.819 Permission denied, please try again.
#37 0.883 [email protected]: Permission denied (publickey,password).
#37 0.885 fatal: Could not read from remote repository.
#37 0.885 
#37 0.885 Please make sure you have the correct access rights
#37 0.885 and the repository exists.
------
failed to load cache key: failed to fetch remote [email protected]:REPO/my-libs.git: exit status 128

Here's the reference to the command:

enter image description here

My docker file looks like this:

# syntax=docker/dockerfile-upstream:master-labs
FROM ubuntu:18.04
ENV USER=markf78
USER ${USER}
WORKDIR /home/${USER}/temp
ADD [email protected]:REPO/my-libs.git /home/${USER}/temp

My build command on my MacOS X host is

docker build -t my-image --ssh default .

I am able to successfully clone from the terminal on the MacOS X host using my ed25519 SSH key.

Any ideas how to fix this? I realize there are other solutions available but this one seems the cleanest as it does not store my private key in the image.

Upvotes: 0

Views: 875

Answers (2)

tellioğlu
tellioğlu

Reputation: 11

RUN --mount=type=ssh git clone yourrepo

you need to run an ssh agent and add your private ssh key in it by ssh-add command then run docker build with --ssh default

Upvotes: 1

zsolt
zsolt

Reputation: 1611

Do not clone the repo inside the image build, you do not need to do that at all.

Just put the Dockerfile in the / of the repo (also commit it to the repo to have it version controlled), and COPY the repo files with a Dockerfile command inside the image: COPY . . First dot is the source that is your current directory on your machine that is your git repo, second dot is the target, the working dir inside the image. You build the image and publish it, push it to a docker registry so others can pull it and start using it. If you want more complex stuff building and publishing with a help of a server, look up CI/CD techniques.

Upvotes: 2

Related Questions