Issue
I'm trying to write a Dockerfile that pulls a private repository from github. The problem is that I can't get Docker buildkit to use my SSH key properly. Even using the precise instructions and example code from their website does not work. Here is what I did:
- Created a passphraseless SSH key using
ssh-keygen -t ed25519 -C my_email@my_company.com - Copied the public key and added it as a Github deploy key to my repository
ssh-added the key- Ran the Dockerfile
# syntax=docker/dockerfile:1
FROM alpine
# Install ssh client and git
RUN apk add --no-cache openssh-client git
# Download public key for github.com
RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts
# Clone private repository
RUN --mount=type=ssh git clone [email protected]:myorg/myproject.git myproject
replacing myproject and myorg appropriately. Copy-pasting the git clone command from the Dockerfile to the terminal works. Running DOCKER_BUILDKIT=1 docker build --ssh default and DOCKER_BUILDKIT=1 docker build --ssh default=/path/to/key both fail with the error
> [4/4] RUN --mount=type=ssh git clone [email protected]/myorg/myrepository.git myrepository
#9 0.262 fatal: repository '[email protected]/myorg/myrepository.git' does not exist
What could be going on here? I'm using Docker 20.10.12 build e91ed57 on MacOS 10.14.6.
Solution
This is a workaround rather than a solution to the problem. Instead of the --ssh option, use secrets.
# syntax=docker/dockerfile:experimental
FROM alpine
RUN apk add openssh-client git
RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts
ENV GIT_SSH_COMMAND="ssh -i /run/secrets/deploy_key"
RUN --mount=type=secret,id=deploy_key git clone [email protected]:myorg/myrepository.git myrepository
building with the command
DOCKER_BUILDKIT=1 docker build --no-cache --secret id=deploy_key,src=/Users/Holmes5/.ssh/deploy_key .
Answered By - Zorgoth Answer Checked By - Marie Seifert (WPSolving Admin)