-
Notifications
You must be signed in to change notification settings - Fork 259
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple Deploy Keys in docker build fails #78
Comments
I don’t see how this is related to the action…? Could you explain please? |
@mpdude sorry, I've edited to add some context. The action is incredibly useful. |
Ok, I think I now understand what this is about. Not sure I can really help, but we can keep this open for some time to get some visibility. Thoughts:
Does that help? |
You should try the RUN like so |
I guess the problem is not having the SSH auth socket itself available, but the necessary mapping in .gitconfig and .ssh/config to map keys to repos. |
I think |
Buildkit support for such things would of course be best. I also would not want to have ~/.ssh in intermediate layers of my images, but at least there is no sensitive data in this file. I am not sure about .gitconfig, though – it might be that |
@mpdude I'm interested in following this, as it's exactly the same issue that I came across - you've summarised it really well. Copying the git and ssh configs and keys into the container, as you suggested, did work for me, but the problem with that is that the private keys are then sitting in the Docker container. It would be better if it could make use of the keys that have been made available to it via ssh agent forwarding - I guess you haven't found a way of doing that? |
So this answer suggests that we could copy just the public keys into the docker container, and use them as the IdentityFile in .ssh/config to pick the correct key from the agent. So no private keys would end up in the container. I'll test this out when I can. .gitconfig should not have anything sensitive in it. |
I didn't realize the Thanks for a very helpful action. |
Very interested if someone has a non-hacky solution to this. It seems the logic that ssh-agent goes through to configure the git aliases needs to occur inside a docker container. For what its worth I ended up copying as well:
|
this is constantly breaking for me. What am i doing wrong here? syntax = docker/dockerfile:1.0-experimentalFROM python:3.9 create a folder and cd into itrun mkdir temp_repo set folder as current working directoryworkdir /temp_repo move hello_world.py script from our local system to current workdir in dockeradd hello_world.py . copy the requirements file from current system to docker directorycopy requirements.txt /temp_repo copy .gitconfig* /etc/gitconfig RUN --mount=type=ssh pip install git+ssh://git@github.com/my_company/repo1.git copy timescale.pem /root run apt-get update -y cmd ["python", "-u", "hello_world.py"] Its constantly failing on the last step with repository not found error. can someone please help? |
While this is a bit of an older issue, I seemed to have solved this with our build process by doing something like this Posting here for any other who come across this
This sets up separate ssh mount IDs you can reference in your build file:
|
@mpdude Is it possible to add the solution to this problem (initial issue) to the docs into a new section |
@nicolo-kira the solution you suggested is the neated IMO. Including the one in the documentation. Note you can also remove the @mpdude Is it possible to add this solution to the documentation? Its safer and easier to implement. I am unsure if there are any downsides to this approach. |
Not exactly a bug, but I found it challenging to find a solution that works with docker build when using multiple deploy keys. The reason seems to be that the build container doesn't have the ssh and git config necessary to map the right key to the right repo.
For example:
The docker build has access to the keys, but it doesn't use the right one for each repo, so one of the checkouts will fail.
My solution was to copy the config into the container:
And in my Dockerfile:
That works, but it feels pretty hacky. I was just wondering if anyone can come up with a better way/wanted to document a way to make it work.
The text was updated successfully, but these errors were encountered: