Menu
Wasn't able to find another question quite like this, but let me know if there is one which covers all the same elements (remote access to host machine, Docker container set up there, Github 2FA to access private repos).
I recently joined a company where I'm remotely ssh-ing into the host machines from my laptop at home. On those machines my colleagues each set up a Docker container and I did the same (my first time).
Having said that, I use the following workflows to (a) push to my company's private Github repos (let's say, https://github.com/my_company_name/my_company_repo), (b) clone and install from my company's private Github repos (let's say, https://github.com/my_company_name/colleague_repo).
For (a) I first navigate to my terminal inside the Docker container, then to the repo directory, git fetch from my repo and then (after adding/comitting etc) git push to it, at which point I have to fill in my username and password. Password doesn't work here; I have to fill in my personal access token (which I created with read & write permissions).
For (b) I first git clone from the colleague's repo, and have to enter my username and password. (Again, personal access token required instead of password.) Then I pip install -e to install the repo by name.
I would like to avoid having to constantly supply my credentials, by using some kind of appropriate configuration in my Dockerfile. (So for (a) I would like to just pop open my terminal and git push <origin> <master> and that's it.) I would also like to clone and install my colleague's repos in the Dockerfile itself (i.e. do all the cloning and installing business in the Docker build), since there is a pretty specific set of company repos to be installed everytime -- but as you can imagine, the authentication isn't working.
I tried to add lines like
RUN git config --global user.name <my_username>
RUN git config --global user.password <personal_access_token>
RUN pip install -e git+https://github.com/my_company_name/colleague_repo
to my Dockerfile (and have also tried my actual password in the second line). Didn't work -- got the same message that authentication had failed.
Anyone able to help?
468
You could use an SSH key, with a multi-stage approach as illustrated in "Access Private Repositories from Your Dockerfile Without Leaving Behind Your SSH Keys" by Vladislav Supalov
# this is our first build stage, it will not persist in the final image
FROM ubuntu as intermediate
# install git
RUN apt-get update
RUN apt-get install -y git
# add credentials on build
ARG SSH_PRIVATE_KEY
RUN mkdir /root/.ssh/
RUN echo "${SSH_PRIVATE_KEY}" > /root/.ssh/id_rsa
# make sure your domain is accepted
RUN touch /root/.ssh/known_hosts
RUN ssh-keyscan bitbucket.org >> /root/.ssh/known_hosts
RUN git clone [email protected]:your-user/your-repo.git
FROM ubuntu
# copy the repository form the previous image
COPY --from=intermediate /your-repo /srv/your-repo
# ... actually use the repo :)
The more modern approach is by using BuildKit
With the new SSH mount type you can allow your Docker build to make use of your host’s SSH keys.
Here’s how it looks like:
RUN --mount=type=ssh ...You add the new mount type to your RUN command, and the whole process is taken care of for you.
See BuildKit / Dockerfile frontend syntaxes/ RUN --mount=type=ssh
58
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
