Compare commits

...

4 Commits

Author SHA1 Message Date
Sammy filly
3541703538
Merge df45ce9a13 into 9f6f8c940b 2023-12-04 16:08:10 -08:00
CrazyMax
9f6f8c940b
Merge pull request #1019 from favonia/warn-about-ignored-inputs
feat: warn about ignored inputs
2023-12-01 09:31:23 -08:00
favonia
8411d080ee
feat: warn about ignored inputs
Currently, several inputs can be silently ignored without
any warnings. This change will issue a warning for each
ignored input with a short explanation.

Signed-off-by: favonia <favonia@gmail.com>
2023-12-01 07:50:51 -06:00
Sammy filly
df45ce9a13
Create SSH
Signed-off-by: Sammy filly  <136061549+sammyfilly@users.noreply.github.com>
2023-09-03 07:20:25 +01:00
4 changed files with 76 additions and 2 deletions

66
SSH Normal file
View File

@ -0,0 +1,66 @@
How To Install Private Git Hosted Dependencies Inside Docker Image Using SSH
#
docker
#
devops
#
security
#
python
Introduction
This quick guide will show you how to mount a ssh key inside a container in build time, to allow you to install private dependencies, that won't be persisted in the final image. It uses python but could work with any language/package manager that uses git + ssh.
Dockerfile
First you need to set Dockerfile syntax to docker/dockerfile:1.2. Put this in the beggining of the file:
# syntax = docker/dockerfile:1.2
Now install git and openssh, and setup ssh folders:
RUN apt update && \
apt install -y git openssh-client && \
mkdir -p /root/.ssh && \
ssh-keyscan github.com >> /root/.ssh/known_hosts
May vary depending on the base image you're using, just change with the package manager you use.
Make sure to change github.com with your git host.
Now you have to mount the ssh key in the step that installs the dependency:
RUN --mount=type=secret,id=id_rsa,dst=/root/.ssh/id_rsa \
pip install git+ssh://git@github.com/username/repository.git@version
This will mount secret identified by id_rsa on /root/.ssh/id_rsa.
Building
When building you need to specify your ssh key as id_rsa secret:
docker build . \
-f Dockerfile \
--secret id=id_rsa,src=/home/user/.ssh/id_rsa
Or using docker compose:
version: '3.7'
services:
your_service:
build:
context: .
dockerfile: Dockerfile
secrets:
- id_rsa
secrets:
id_rsa:
file: /home/user/.ssh/id_rsa
Final file
# syntax = docker/dockerfile:1.2
FROM python:3.11
RUN apt update && \
apt install -y git openssh-client && \
mkdir -p /root/.ssh && \
ssh-keyscan github.com >> /root/.ssh/known_hosts
RUN --mount=type=secret,id=id_rsa,dst=/root/.ssh/id_rsa \
pip install git+ssh://git@github.com/username
example
pip install git+ssh://git@github.com/sammyfilly

2
dist/index.js generated vendored

File diff suppressed because one or more lines are too long

2
dist/index.js.map generated vendored

File diff suppressed because one or more lines are too long

View File

@ -102,11 +102,15 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
await Util.asyncForEach(inputs.attests, async attest => {
args.push('--attest', attest);
});
} else if (inputs.attests.length > 0) {
core.warning("Attestations are only supported by buildx >= 0.10.0; the input 'attests' is ignored.");
}
if (await toolkit.buildx.versionSatisfies('>=0.12.0')) {
await Util.asyncForEach(inputs.annotations, async annotation => {
args.push('--annotation', annotation);
});
} else if (inputs.annotations.length > 0) {
core.warning("Annotations are only supported by buildx >= 0.12.0; the input 'annotations' is ignored.");
}
await Util.asyncForEach(inputs.buildArgs, async buildArg => {
args.push('--build-arg', buildArg);
@ -115,6 +119,8 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
await Util.asyncForEach(inputs.buildContexts, async buildContext => {
args.push('--build-context', buildContext);
});
} else if (inputs.buildContexts.length > 0) {
core.warning("Build contexts are only supported by buildx >= 0.8.0; the input 'build-contexts' is ignored.");
}
await Util.asyncForEach(inputs.cacheFrom, async cacheFrom => {
args.push('--cache-from', cacheFrom);
@ -169,6 +175,8 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
if (inputs.sbom) {
args.push('--sbom', inputs.sbom);
}
} else if (inputs.provenance || inputs.sbom) {
core.warning("Attestations are only supported by buildx >= 0.10.0; the inputs 'provenance' and 'sbom' are ignored.");
}
await Util.asyncForEach(inputs.secrets, async secret => {
try {