秘密
我使用以下内容向drone.io添加了一个秘密:
drone org secret add --image=* --conceal --skip-verify=true octocat SSH_KEY @/home/me/.ssh/id_rsa
Dockerfile
由于npm install需要访问私有存储库,我在Dockerfile中指定了 ARG ,以获取我的私有ssh_key:
FROM node:latest
ARG SSH_KEY
ENV SSH_KEY=$SSH_KEY
RUN mkdir /root/.ssh && \
echo $SSH_KEY | cut -d "\"" -f 2 > /root/.ssh/id_rsa && \
chmod 0600 /root/.ssh/id_rsa && \
eval `ssh-agent -s` && \
ssh-add /root/.ssh/id_rsa && \
echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config
RUN mkdir /app
WORKDIR /app
COPY . /app
EXPOSE 3001
CMD ["npm", "start"]
.drone.yml
最后,在我的.drone.yml管道中,在plugin/docker步骤中,我使用build-arg注入ssk_key:
pipeline:
test:
image: node:latest
commands:
- mkdir /root/.ssh && echo "$SSH_KEY" > /root/.ssh/id_rsa && chmod 0600 /root/.ssh/id_rsa
- eval `ssh-agent -s` && ssh-add /root/.ssh/id_rsa
- echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config
- npm install
- npm test
docker:
image: plugins/docker
repo: octocat/bar
tags: latest
build_args:
- SSH_KEY=${SSH_KEY}
我的问题:
/root/.ssh/id_rsa:,任何方式都没有这些"?非常感谢!!
[编辑]感谢Adrian建议更好的方法,从Dockerfile中删除npm install,因为node_modules可以通过管道步骤之间的卷共享。