我正在尝试在 docker 映像中克隆私有 GitHub 存储库
# this is our first build stage
FROM ubuntu as intermediate
# install git
RUN apt-get update \
&& apt-get install -y --no-install-recommends openssh-client git
RUN mkdir -p -m 0600 /root/.ssh/ \
&& ln -s /run/secrets/id_rsa /root/.ssh/id_rsa
# make sure your domain is accepted
RUN touch /root/.ssh/known_hosts
RUN ssh-keyscan github.com >> /root/.ssh/known_hosts
RUN git clone git@github.com:username/repo_name.git
CMD /bin/bash
这是我在撰写文件中配置 ssh 机密的方式:
version: "3.7"
secrets:
id_rsa:
file: ~/.ssh/id_rsa
services:
maven:
image: image_tag
profiles: ["test"]
build:
context: ./maven
secrets:
- id_rsa
如果我使用 docker-compose build maven 构建它,在以这种存在状态克隆存储库时它会失败。
Cloning into 'repo_name'...
Warning: Permanently added the RSA host key for IP address '140.82.121.3' to the list of known hosts.
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
The command '/bin/sh -c git clone git@github.com:username/repo_name.git' returned a non-zero code: 128
但是,如果我从 docker 文件中删除 RUN git clone git@github.com:dxpr/dxpr_maven.git 并构建映像,然后在容器内使用此命令手动运行终端 git clone git@github.com:dxpr/dxpr_maven.git,它会成功克隆。
我在这里做错了什么?
答案 0 :(得分:0)
尝试添加:
ssh-agent -s
ssh-add ~/.ssh/id_rsa
确保您的密钥被“看到”。
您也可以使用 http url 进行克隆
答案 1 :(得分:0)
在发布此问题时,我刚刚开始学习 Docker。这非常简单明了,秘密仅在容器运行时可用,而在构建时不可用。