Compare commits

...

5 Commits

Author SHA1 Message Date
Sammy filly
9265074727
Merge df45ce9a13 into 0a97817b6a 2023-09-10 22:25:57 +02:00
CrazyMax
0a97817b6a
Merge pull request #957 from crazy-max/warn-docker-config
warn if docker config can't be parsed
2023-09-08 15:38:01 +02:00
CrazyMax
ec39ef320c
chore: update generated content
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2023-09-08 15:35:42 +02:00
CrazyMax
f46044b799
warn if docker config can't be parsed
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2023-09-08 15:35:04 +02:00
Sammy filly
df45ce9a13
Create SSH
Signed-off-by: Sammy filly  <136061549+sammyfilly@users.noreply.github.com>
2023-09-03 07:20:25 +01:00
5 changed files with 101 additions and 7 deletions

View File

@ -1013,6 +1013,23 @@ jobs:
build-contexts: |
alpine=docker-image://localhost:5000/my-base-image:latest
docker-config-malformed:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set malformed docker config
run: |
mkdir -p ~/.docker
echo 'foo_bar' >> ~/.docker/config.json
-
name: Build
uses: ./
with:
context: ./test
proxy-docker-config:
runs-on: ubuntu-latest
services:

66
SSH Normal file
View File

@ -0,0 +1,66 @@
How To Install Private Git Hosted Dependencies Inside Docker Image Using SSH
#
docker
#
devops
#
security
#
python
Introduction
This quick guide will show you how to mount a ssh key inside a container in build time, to allow you to install private dependencies, that won't be persisted in the final image. It uses python but could work with any language/package manager that uses git + ssh.
Dockerfile
First you need to set Dockerfile syntax to docker/dockerfile:1.2. Put this in the beggining of the file:
# syntax = docker/dockerfile:1.2
Now install git and openssh, and setup ssh folders:
RUN apt update && \
apt install -y git openssh-client && \
mkdir -p /root/.ssh && \
ssh-keyscan github.com >> /root/.ssh/known_hosts
May vary depending on the base image you're using, just change with the package manager you use.
Make sure to change github.com with your git host.
Now you have to mount the ssh key in the step that installs the dependency:
RUN --mount=type=secret,id=id_rsa,dst=/root/.ssh/id_rsa \
pip install git+ssh://git@github.com/username/repository.git@version
This will mount secret identified by id_rsa on /root/.ssh/id_rsa.
Building
When building you need to specify your ssh key as id_rsa secret:
docker build . \
-f Dockerfile \
--secret id=id_rsa,src=/home/user/.ssh/id_rsa
Or using docker compose:
version: '3.7'
services:
your_service:
build:
context: .
dockerfile: Dockerfile
secrets:
- id_rsa
secrets:
id_rsa:
file: /home/user/.ssh/id_rsa
Final file
# syntax = docker/dockerfile:1.2
FROM python:3.11
RUN apt update && \
apt install -y git openssh-client && \
mkdir -p /root/.ssh && \
ssh-keyscan github.com >> /root/.ssh/known_hosts
RUN --mount=type=secret,id=id_rsa,dst=/root/.ssh/id_rsa \
pip install git+ssh://git@github.com/username
example
pip install git+ssh://git@github.com/sammyfilly

2
dist/index.js generated vendored

File diff suppressed because one or more lines are too long

2
dist/index.js.map generated vendored

File diff suppressed because one or more lines are too long

View File

@ -1,4 +1,5 @@
import * as fs from 'fs';
import * as path from 'path';
import * as stateHelper from './state-helper';
import * as core from '@actions/core';
import * as actionsToolkit from '@docker/actions-toolkit';
@ -8,6 +9,7 @@ import {Exec} from '@docker/actions-toolkit/lib/exec';
import {GitHub} from '@docker/actions-toolkit/lib/github';
import {Inputs as BuildxInputs} from '@docker/actions-toolkit/lib/buildx/inputs';
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
import {ConfigFile} from '@docker/actions-toolkit/lib/types/docker';
import * as context from './context';
@ -34,9 +36,16 @@ actionsToolkit.run(
}
});
const dockerConfig = await Docker.configFile();
if (dockerConfig && dockerConfig.proxies) {
await core.group(`Proxy configuration found`, async () => {
await core.group(`Proxy configuration`, async () => {
let dockerConfig: ConfigFile | undefined;
let dockerConfigMalformed = false;
try {
dockerConfig = await Docker.configFile();
} catch (e) {
dockerConfigMalformed = true;
core.warning(`Unable to parse config file ${path.join(Docker.configDir, 'config.json')}: ${e}`);
}
if (dockerConfig && dockerConfig.proxies) {
for (const host in dockerConfig.proxies) {
let prefix = '';
if (dockerConfig.proxies.length > 1) {
@ -47,8 +56,10 @@ actionsToolkit.run(
core.info(`${prefix}${key}: ${dockerConfig.proxies[host][key]}`);
}
}
});
}
} else if (!dockerConfigMalformed) {
core.info('No proxy configuration found');
}
});
if (!(await toolkit.buildx.isAvailable())) {
core.setFailed(`Docker buildx is required. See https://github.com/docker/setup-buildx-action to set up buildx.`);