Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to deploy code from Github using deploy key in Docker?

Tags:

git

docker

ssh-agent

I want to pull code from Github into my Docker image while building. I have a deploy key generated from the repository, but it seems to me the ssh-agent is not working on my Docker image.

What I did (my Dockerfile):

FROM python:2.7-stretch
ADD ./id_rsa /root/.ssh/id_rsa
RUN eval "$(ssh-agent -s)"
RUN ssh-add -K /root/.ssh/id_rsa

Output:

Step 12/22 : RUN eval "$(ssh-agent -s)"
 ---> Running in f9ad80981cee
Agent pid 6
Removing intermediate container f9ad80981cee
 ---> d773f7ce5917
Step 13/22 : RUN ssh-add -K /root/.ssh/id_rsa
 ---> Running in 95efeed6a7ad
Could not open a connection to your authentication agent.
The command '/bin/sh -c ssh-add -K /root/.ssh/id_rsa' returned a non-zero code: 2

As you can see, ssh-agent is started, but keys are not adding in it.

If I skip the ssh-add step then my git pull fails later because of privileges, which is failing as expected as no authentication happened.

like image 414
Harsh M Avatar asked Apr 12 '18 18:04

Harsh M

1 Answers

Actually you don't need to copy your private key to your container (and you better not do it).

All you need is the ssh-agent installed and launched on both: your host and your docker container then all you need to do is to mount the ssh-aget's socket file:

If you are using docker-compose:

environment:
  - "SSH_AUTH_SOCK=/tmp/ssh-agent"
volumes:
  - $SSH_AUTH_SOCK:/tmp/ssh-agent

With docker:

docker run -v $SSH_AUTH_SOCK:/tmp/ssh-agent 8be57bbc9561 sleep 1000000 # 8be57bbc9561 is an id of the image
docker exec -it -e SSH_AUTH_SOCK=/tmp/ssh-agent 5b6f4a8f8661 /bin/ash # 5b6f4a8f8661 is an id of the container

P.S

As of your case, I think the problem can be related to the export command which is normally evaled from the code from the output of the ssh-agent.

It should provide you two variables: SSH_AUTH_SOCK and SSH_AGENT_PID. But the export won't persist across images.

You've used RUN two times: first for launching the ssh-agent and exporting variables and then for adding a key. And each Dockerfile directive will generate an intermediate container (and export won't persist across them).

If you still want to use it this way (which I stronly recommend to avoid), you can try to bind both command in a single RUN:

RUN eval "$(ssh-agent -s)" && ssh-add /root/.ssh/id_rsa

I've written a short post based on my answer above.

like image 82
zinovyev Avatar answered Sep 19 '22 10:09

zinovyev
Sign in to Comment

Related questions

How to enforce Coding Standard for the repository located in GIthub
Integrate existing Git Repository with Perforce (P4)
IntelliJ and git, how to ignore white space changes from IDEA?
How do I revert `git fetch upstream; git merge upstream/master`? [duplicate]
Word-by-word blame/annotate in version control?
Dealing with Git fatal: Invalid revision range
Git rebase my forked branch on upstream master
Git SourceTree - Uncommitted Submodules
Updating a GitHub fork repo in the web interface
Using NodeJS to self-update project [closed]
Findbugs for Git Pull Request
Deploy from bitbucket to live server
git commit broken time zone
git imap-send with Gmail
How to set git diff parameter in Github desktop gui
Ansible playbook using private git role dependency
Easiest way to rebase multiple branches in a single lineage
Unable to add files to source control using VS 2015 and GIT
What are the best practices for tagging Docker Hub versions
how do i make git log --graph the default

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!