Private gems are not getting installed in docker

Question

I am trying to run a rails app with docker. There are few gems which are getting installed by the ssh url of github which are as follows:

Gemfile

gem 'swagger-docs', :git => '[email protected]:xyz/swagger-docs.git', :branch => 'my_branch'

I have added the keys in docker which is able to clone the required repo and install the gems from git.

Dockerfile

RUN mkdir -p /root/.ssh
COPY ./id_rsa /root/.ssh/id_rsa

RUN chmod 700 /root/.ssh/id_rsa

RUN ssh-keygen -f /root/.ssh/id_rsa -y > /root/.ssh/id_rsa.pub

RUN ssh-keyscan github.com >> /root/.ssh/known_hosts

When I build the it (which includes bundle install), all goes well and the image gets successfully built. But when I run docker-compose up, it gives the following error

/usr/local/bundle/gems/bundler-1.9.2/lib/bundler/source/git/git_proxy.rb:155:in `allowed_in_path': The git source [email protected]:xyz/swagger-docs.git is not yet checked out. Please run `bundle install` before trying to start your application (Bundler::GitError)

Answer 1

Have you tried using the docker experimental features? They have something meant for using ssh to access private data in builds which has allowed me to use my private gems hosted on Github in my docker builds. To enable it, you need to do the following 4 things:

1. Add the private gem to your Gemfile using the git tag:

gem 'rack', git: 'https://github.com/rack/rack'

2. Set the DOCKER_BUILDKIT environment variable to 1 and enable the default ssh flag when invoking the build command:

$ DOCKER_BUILDKIT=1 docker build --ssh default .

3. Set the first line of your docker file to be the following comment:

# syntax=docker/dockerfile:experimental

4. Perform your ssh setup in the Docker file using the --mount=type=ssh flag to add your ssh key and use the ssh key when installing the gem:

# Make ssh dir and download public key for github.com to add it to known_hosts
RUN mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts

# Add your ssh key, update bundler, and use bundler to install all your gems
RUN --mount=type=ssh ssh-add -L && gem install bundler && bundle install

Using the --mount=type=ssh with the docker experimental features lets docker take care of keeping your ssh-key-information secret. This has been a complaint against docker in the past, and it seems like using the experimental feature is currently the safest and easiest way to pass your ssh private key to your build that I have come across.

All together you should have something like this as your Dockerfile: (personal example)

# syntax=docker/dockerfile:experimental
FROM ruby:3.0.0
    
WORKDIR /usr/src/app
    
COPY Gemfile Gemfile.lock /usr/src/app/
    
# Make ssh dir and download public key for github.com to add it to known_hosts
RUN mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts

# Add your ssh key, update bundler, and use bundler to install all your gems
RUN --mount=type=ssh ssh-add -L && gem install bundler && bundle install
    
COPY . .
    
EXPOSE 8080
    
CMD ["bundle", "exec", "rackup", "-o", "0.0.0.0", "-p", "8080"]