Dockerfile Public Key Permission Denied using Git (Bitbucket)

Question

Although I have scoured multiple SO QnAs, I have been unable to fully resolve my issue when using a Dockerfile to hydrate my Node.js app containing a private repo dependency. Here is the relevant section of my Dockerfile:

FROM node:8.7.0-alpine

RUN \
    # install required packages
    apk --no-cache add --virtual \
    builds-deps \
    build-base \
    python \
    git \
    openssh-client

# git config
RUN git config --global user.name "*****"
RUN git config --global user.email "*****@*****.co"

# *******************
# install git ssh key
# *******************
# create ssh dir
RUN mkdir /root/.ssh

# Copy over private key from volume and set permissions
ADD bitbucket_rsa /root/.ssh/bitbucket_rsa
RUN chmod 600 /root/.ssh/bitbucket_rsa
# start agent
RUN eval $(ssh-agent)
# load key into agent
RUN echo ssh-add /root/.ssh/bitbucket_rsa
RUN echo -e "Host bitbucket.org\n\tStrictHostKeyChecking no\n" >> /root/.ssh/config

...

Here is what gets thrown from NPM:

npm ERR! Error while executing:
npm ERR! /usr/bin/git ls-remote -h -t ssh://[email protected]/someteamname/somereponame.git
npm ERR!
npm ERR! Warning: Permanently added 'bitbucket.org,XXX.XXX.XXX.XXX' (RSA) to the list of known hosts.
npm ERR! Permission denied (publickey).
npm ERR! fatal: Could not read from remote repository.
npm ERR!
npm ERR! Please make sure you have the correct access rights
npm ERR! and the repository exists.
npm ERR!
npm ERR! exited with error code: 128

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2017-10-27T01_12_06_116Z-debug.log

What am I missing here? Thank you in advance for your assistance!

Answer 1

Could not open a connection to your authentication agent.

That seems expected: the agent started in your Dockerfile in one layer would not be running in the next layer created by the next line of the Dockerfile: each container run from each line is then stopped and committed as an image.

Even if you put both commands on the same line, the agent would still be running after said unique line.

That agent starting + ssh-add command should be part of your CMD script, which will run as well a foreground process.
Meaning the Dockerfile should end with CMD script, with 'script' being the path of a (COPY'ed) script which includes what you want to run in your container, and that would start with the ssh agent and the ssh-add command.

The OP Chris points out in the comments:

layers are executed serially, with the current layer not having any context to prior ones.
Based on that "oh snap" moment, I went on to consolidate all RUN commands into a single RUN command using "&& \".
Everything is working as expected.