I am trying to build a docker container with a private repo installed. I have no issue cloning the other repos that I require, but because one is private, it was suggested by a colleague to use --mount=type=ssh. I have skimmed a few articles, looked at a working example this colleague supplied (the example does not work for me but does for everyone else), and double checked the info in these questions:
unable to close private repo during docker build [closed]
Git clone private repo inside a docker container
git clone private repo with --mount=type=ssh does not work
But I have been unable to get it working. I have verified that the ssh agent is running:
$ eval $(ssh-agent)
Agent pid 169089
$ echo $SSH_AUTH_SOCK
/tmp/ssh-.../agent.169088
ssh-add /home/<username>/.ssh/id_ed25519
And I believe it is configured properly because I can clone the repository on my host machine with no issue. When I attempt to clone this into a container during build however (using docker build . -t test:latest from the terminal in the folder with this dockerfile):
FROM ubuntu:20.04
SHELL ["/bin/bash", "-c"]
ARG proj_name=test
ARG test_user=test
ARG test_uid=1000
ARG test_gid=1000
# fix hashsum mismatch error during apt-get update/install
RUN echo $'Acquire::http::Pipeline-Depth 0;\n\
Acquire::http::No-Cache true;\n\
Acquire::BrokenProxy true;\n'\
>> /etc/apt/apt.conf.d/90fix-hashsum-mismatch
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && \
echo $TZ > /etc/timezone && \
apt-get update -o Acquire::CompressionTypes::Order::=gz && \
apt-get install --no-install-recommends --yes \
openssh-client git ca-certificates && update-ca-certificates
RUN groupadd --gid $test_gid $test_user && \
useradd --create-home --gid $test_gid --uid $test_uid --shell /bin/bash --groups sudo $test_user && \
echo "$test_user:test" | chpasswd && \
echo "root:test" | chpasswd && \
echo 'set -o vi' > /home/$test_user/.bashrc && \
mkdir -p /home/$test_user/.ssh && \
chmod 700 /home/$test_user/.ssh && \
ssh-keyscan github.com >> /home/$test_user/.ssh/known_hosts && \
mkdir -p /opt/$proj_name/{source,build} && \
chown -R $test_user:$test_user /opt/$proj_name /opt/$proj_name/{source,build} /home/$test_user/.ssh
USER $test_user
# LibApriltag (public)
RUN cd /opt/$proj_name && \
git clone https://github.com/AprilRobotics/apriltag.git
# Private repo
RUN --mount=type=ssh,uid=$test_uid cd /opt/$proj_name && \
git clone git@github.com:<private_repo>.git
I get the ouput:
> [stage-0 6/6] RUN --mount=type=ssh,uid=1000 cd /opt/test && git clone git@github.com:<private_repo>.git:
#0 0.282 Cloning into '<private_repo>'...
#0 0.368 Warning: Permanently added the ECDSA host key for IP address <IP> to the list of known hosts.
#0 0.457 git@github.com: Permission denied (publickey).
#0 0.458 fatal: Could not read from remote repository.
#0 0.458
#0 0.458 Please make sure you have the correct access rights
#0 0.458 and the repository exists.
I have tried a few various combinations of user/uid/ssh setup that made sense as potential culprits (although the coworkers example most closely resembled the above) to no avail, as well as disabled strict host key checking. Past what I have done, anything more I try will be a shot in the dark as I am not very experienced with docker or git permission issues, so I am hoping someone can explain what else I may need be missing that could allow me to clone this private repo.
This one was a relatively simple fix, the argument --ssh default was missing from my docker build command. when running
docker build --ssh default . -t test:latest
the build was able to complete.