Fetching private GitHub repos from a Docker container

rahul444 (25) in github • 7 years ago

Amidst our efforts in containerizing Paperchain’s microservices, we ran into the issue of accessing our private github repos from the docker container. We came across 2 solutions on how to go about this

1. via SSH

Using the SSH method, we need to

Add your ssh key to the container with the right permissions
Setup the configuration in .gitconfig to use the SSH instead of HTTPS
Then skip host verification for git

FROM golang:alpine

# Copy SSH key for git private repos
ADD .ssh/id_rsa /root/.ssh/id_rsa
RUN chmod 600 /root/.ssh/id_rsa

# Use git with SSH instead of https
RUN echo “[url \”[email protected]:\”]\n\tinsteadOf = https://github.com/" >> /root/.gitconfig

# Skip Host verification for git
RUN echo “StrictHostKeyChecking no “ > /root/.ssh/config

While this SSH method is largely popular, the fact that it relied on copying over the private key from an OS specific file location, just wasn’t the most streamlined setup for us. There had to be a better way and there was. We can use GitHub’s access token!

2. via HTTPS with Access Token method

In order to use HTTPS via the access token method, we need to first create the GitHub access token, which you can find at Your Profile → Settings → Personal Access Tokens → Generate New Token

Selecting the very first scope block allows your token to access to private repos

Now we can use the token in the Dockerfile, in a single line! Note that you don’t have to use a password with the token in the url.

RUN git config --global url.”https://{token}:@github.com/".insteadOf “https://github.com/"
You can take things further with arguments and environment variables.

However, the downside of this approach that there needs to be a token generated by every user wishing to build image. It would probably make things easier if GitHub allowed access tokens with stricter scopes on the organization level.

Heroku

Our team has used Heroku for initial builds, prior to containerization and our move to GCP. Heroku’s dyno configuration also requires the access token to be setup as a config variable with key GO_GIT_CRED__HTTPS__GITHUB__COM

Hope these notes help other engineers who may encounter this. Follow Paperchain to keep up with our technical updates and blogs. Cheers!

github docker heroku container ssh

7 years ago by rahul444 (25)

$0.02

3 votes

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!

Sort Order:

Trending

[-]

introduce.bot (63) · 7 years ago

✅ @rahul444, I gave you an upvote on your first post! Please give me a follow and I will give you a follow in return!

Please also take a moment to read this post regarding bad behavior on Steemit.

$0.00

[-]

steemitboard (66) · 7 years ago

Congratulations @rahul444! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

You published your First Post
You got a First Vote

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

Upvote this notification to help all Steemit users. Learn why here!

$0.00

[-]

steemitboard (66) · 6 years ago

Congratulations @rahul444! You received a personal award!

1 Year on Steemit

_{Click here to view your Board of Honor}

Support SteemitBoard's project! Vote for its witness and get one more award!

$0.00

[-]

steemitboard (66) · 5 years ago

Congratulations @rahul444! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 2 years!

_{You can view your badges on your Steem Board and compare to others on the Steem Ranking}

Vote for @Steemitboard as a witness to get one more award and increased upvotes!

$0.00