mirror of
https://github.com/docker/build-push-action.git
synced 2026-07-04 22:25:35 +00:00
Compare commits
5 Commits
365844f3bf
...
9265074727
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
9265074727 | ||
|
|
0a97817b6a | ||
|
|
ec39ef320c | ||
|
|
f46044b799 | ||
|
|
df45ce9a13 |
17
.github/workflows/ci.yml
vendored
17
.github/workflows/ci.yml
vendored
@ -1013,6 +1013,23 @@ jobs:
|
||||
build-contexts: |
|
||||
alpine=docker-image://localhost:5000/my-base-image:latest
|
||||
|
||||
docker-config-malformed:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
-
|
||||
name: Set malformed docker config
|
||||
run: |
|
||||
mkdir -p ~/.docker
|
||||
echo 'foo_bar' >> ~/.docker/config.json
|
||||
-
|
||||
name: Build
|
||||
uses: ./
|
||||
with:
|
||||
context: ./test
|
||||
|
||||
proxy-docker-config:
|
||||
runs-on: ubuntu-latest
|
||||
services:
|
||||
|
||||
66
SSH
Normal file
66
SSH
Normal file
@ -0,0 +1,66 @@
|
||||
|
||||
How To Install Private Git Hosted Dependencies Inside Docker Image Using SSH
|
||||
#
|
||||
docker
|
||||
#
|
||||
devops
|
||||
#
|
||||
security
|
||||
#
|
||||
python
|
||||
Introduction
|
||||
This quick guide will show you how to mount a ssh key inside a container in build time, to allow you to install private dependencies, that won't be persisted in the final image. It uses python but could work with any language/package manager that uses git + ssh.
|
||||
|
||||
Dockerfile
|
||||
First you need to set Dockerfile syntax to docker/dockerfile:1.2. Put this in the beggining of the file:
|
||||
|
||||
# syntax = docker/dockerfile:1.2
|
||||
Now install git and openssh, and setup ssh folders:
|
||||
|
||||
RUN apt update && \
|
||||
apt install -y git openssh-client && \
|
||||
mkdir -p /root/.ssh && \
|
||||
ssh-keyscan github.com >> /root/.ssh/known_hosts
|
||||
May vary depending on the base image you're using, just change with the package manager you use.
|
||||
|
||||
Make sure to change github.com with your git host.
|
||||
|
||||
Now you have to mount the ssh key in the step that installs the dependency:
|
||||
|
||||
RUN --mount=type=secret,id=id_rsa,dst=/root/.ssh/id_rsa \
|
||||
pip install git+ssh://git@github.com/username/repository.git@version
|
||||
This will mount secret identified by id_rsa on /root/.ssh/id_rsa.
|
||||
|
||||
Building
|
||||
When building you need to specify your ssh key as id_rsa secret:
|
||||
|
||||
docker build . \
|
||||
-f Dockerfile \
|
||||
--secret id=id_rsa,src=/home/user/.ssh/id_rsa
|
||||
Or using docker compose:
|
||||
|
||||
version: '3.7'
|
||||
services:
|
||||
your_service:
|
||||
build:
|
||||
context: .
|
||||
dockerfile: Dockerfile
|
||||
secrets:
|
||||
- id_rsa
|
||||
secrets:
|
||||
id_rsa:
|
||||
file: /home/user/.ssh/id_rsa
|
||||
Final file
|
||||
# syntax = docker/dockerfile:1.2
|
||||
|
||||
FROM python:3.11
|
||||
|
||||
RUN apt update && \
|
||||
apt install -y git openssh-client && \
|
||||
mkdir -p /root/.ssh && \
|
||||
ssh-keyscan github.com >> /root/.ssh/known_hosts
|
||||
|
||||
RUN --mount=type=secret,id=id_rsa,dst=/root/.ssh/id_rsa \
|
||||
pip install git+ssh://git@github.com/username
|
||||
example
|
||||
pip install git+ssh://git@github.com/sammyfilly
|
||||
2
dist/index.js
generated
vendored
2
dist/index.js
generated
vendored
File diff suppressed because one or more lines are too long
2
dist/index.js.map
generated
vendored
2
dist/index.js.map
generated
vendored
File diff suppressed because one or more lines are too long
21
src/main.ts
21
src/main.ts
@ -1,4 +1,5 @@
|
||||
import * as fs from 'fs';
|
||||
import * as path from 'path';
|
||||
import * as stateHelper from './state-helper';
|
||||
import * as core from '@actions/core';
|
||||
import * as actionsToolkit from '@docker/actions-toolkit';
|
||||
@ -8,6 +9,7 @@ import {Exec} from '@docker/actions-toolkit/lib/exec';
|
||||
import {GitHub} from '@docker/actions-toolkit/lib/github';
|
||||
import {Inputs as BuildxInputs} from '@docker/actions-toolkit/lib/buildx/inputs';
|
||||
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
|
||||
import {ConfigFile} from '@docker/actions-toolkit/lib/types/docker';
|
||||
|
||||
import * as context from './context';
|
||||
|
||||
@ -34,9 +36,16 @@ actionsToolkit.run(
|
||||
}
|
||||
});
|
||||
|
||||
const dockerConfig = await Docker.configFile();
|
||||
if (dockerConfig && dockerConfig.proxies) {
|
||||
await core.group(`Proxy configuration found`, async () => {
|
||||
await core.group(`Proxy configuration`, async () => {
|
||||
let dockerConfig: ConfigFile | undefined;
|
||||
let dockerConfigMalformed = false;
|
||||
try {
|
||||
dockerConfig = await Docker.configFile();
|
||||
} catch (e) {
|
||||
dockerConfigMalformed = true;
|
||||
core.warning(`Unable to parse config file ${path.join(Docker.configDir, 'config.json')}: ${e}`);
|
||||
}
|
||||
if (dockerConfig && dockerConfig.proxies) {
|
||||
for (const host in dockerConfig.proxies) {
|
||||
let prefix = '';
|
||||
if (dockerConfig.proxies.length > 1) {
|
||||
@ -47,8 +56,10 @@ actionsToolkit.run(
|
||||
core.info(`${prefix}${key}: ${dockerConfig.proxies[host][key]}`);
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
} else if (!dockerConfigMalformed) {
|
||||
core.info('No proxy configuration found');
|
||||
}
|
||||
});
|
||||
|
||||
if (!(await toolkit.buildx.isAvailable())) {
|
||||
core.setFailed(`Docker buildx is required. See https://github.com/docker/setup-buildx-action to set up buildx.`);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user