如何在CircleCI上使用Dockerfile中的私有仓库。

huangapple go评论82阅读模式
英文:

How to use private repos in Dockerfile on circleci

问题

我正在开始使用CircleCI构建和部署一个小的Go应用程序。我的应用程序还使用了一个私有仓库,并且我已经设置了CircleCI的SSH密钥来获取该仓库。
所以在构建作业中,我有一个go mod download步骤,这个步骤运行良好。

下一步是构建Docker镜像,在Dockerfile中,我使用以下命令进行go build:

go build -o app ./app/

这也会下载依赖项,其中包括一个私有仓库。在这种情况下,最好的解决方案是什么?我应该将SSH密钥传递到Dockerfile中,以便在Docker中获取它吗?

英文:

I'm getting started with build and deploying a small go app using circleci. My app also uses a private repository, and I've set up circleci with the ssh key to fetch that repo.
So in the build job, I have a go mod download step and that works fine.

The next step is building the docker image, in the Dockerfile I do a go build like this;

go build -o app ./app/

This also downloads the dependencies, one of which is a private repo. What would be the best path forward here? Should I be passing the ssh key into the dockerfile, so it can be fetched within docker?

答案1

得分: 1

经过更详细的调查,似乎不同的作业在不同的容器或构建环境中运行,因此后续步骤无法访问已经下载的私有存储库。

为了解决这个问题,我通过以下方式传递github密钥:
extra_build_args: --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_rsa)"

我使用的是这个orb:circleci/gcp-gcr@0.13.0。

然后在我的Dockerfile中:
我进行一些格式设置,并使用ssh而不是https进行设置。

示例代码如下:

RUN mkdir -p ~/.ssh && umask 0077 && echo "${SSH_PRIVATE_KEY}" > ~/.ssh/id_rsa \
&& git config --global url."git@github.com:".insteadOf https://github.com/ \
&& ssh-keyscan github.com >> ~/.ssh/known_hosts
ENV GOPRIVATE github.com/my-private-org/secret-repo

也欢迎其他建议。到目前为止,这对我来说是有效的。

英文:

So after some more detailed digging around, it seems different jobs run in different containers or build environments, so the step after it has no access to the private repos that were already downloaded.

To get around this I'm passing the github key like so:
extra_build_args: --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_rsa)"

and I'm using this orb circleci/gcp-gcr@0.13.0.

Then in my Dockerfile:
I do some formatting and set up using ssh instead of https.

Example is this:

RUN mkdir -p ~/.ssh && umask 0077 && echo "${SSH_PRIVATE_KEY}" > ~/.ssh/id_rsa \
&& git config --global url."git@github.com:".insteadOf https://github.com/ \
&& ssh-keyscan github.com >> ~/.ssh/known_hosts
ENV GOPRIVATE github.com/my-private-org/secret-repo

Open to any other suggestions as well. So far this is working for me.

huangapple
  • 本文由 发表于 2021年9月22日 17:09:25
  • 转载请务必保留本文链接:https://go.coder-hub.com/69281251.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定