Home > Backend Development > Golang > How to authenticate using a private repository in a Docker container

How to authenticate using a private repository in a Docker container

WBOY
Release: 2024-02-09 09:40:19
forward
645 people have browsed it

如何使用 Docker 容器中的私有存储库进行身份验证

php Xiaobian Strawberry introduces you how to use a private repository in a Docker container for authentication. Docker is a popular containerization platform that helps developers quickly deploy and run applications in different environments. However, for some sensitive applications or private code bases, we may need to authenticate the repository in the container to ensure that only authorized personnel can access it. This article will show you how to set up and use authentication for private repositories to protect your sensitive data and code.

Question content

I have a git repository that is a private repository and I need to be able to authenticate to it and be able to run it on container build View it in perspective. For some background information, I have a github workflow that builds and publishes container images to the ghcr.io registry. However, because the repository my package depends on is private, it doesn't work. Now that it works locally, I've considered changing the way the github authentication is stored to allow me to access it, but I was wondering if anyone knew of a better way for me to access the private repository. p>

The following is the github operation published to the ghcr.io registry:

name: docker dataeng_github_metrics

# run workflow on tags starting with v (eg. v2, v1.2.0)
on:
  push:
    branches: [ "master" ]
    paths:
      - ./data_pipelines/dataeng_github_metrics/*
  pull_request:
    branches: [ "master" ]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: checkout code
        uses: actions/checkout@v1
        
      - name: login to github container registry
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.ghcr_registry_token }}

      - name: set up docker buildx
        uses: docker/setup-buildx-action@v2

      - name: build and push docker image
        uses: docker/build-push-action@v3
        with:
          context: ./data_pipelines/dataeng_github_metrics/
          file: ./data_pipelines/dataeng_github_metrics/dockerfile
          push: true # will only build if this is not here
          tags: |
            ghcr.io/mirantis/dataeng_github_metrics:latest
          # todo: i cannot use dataeng as public and need to change the way gitconfig is used in the dockerfile for authentication
          secrets: |
            token=${{ secrets.automation_pat}}
Copy after login

This is dockerfile:

###############
# cache image #
###############
arg go_image=golang:1.17.3-alpine3.14
arg base_image=alpine:3.14.2

from ${go_image} as cache
# add the keys
arg github_id
env github_id=$github_id
arg github_token
env github_token=$github_token

# install git
run apk add git

# todo: encrypt the github_id and github_token
# make git configuration
run git config \
    --global \
    url."https://${github_id}:${github_token}@github.com/".insteadof \
    "https://github.com/"

workdir /src
copy go.mod go.sum /src/
run go mod download

##############
# base image #
##############
from cache as dataeng_github_metrics
copy . /bin
workdir /bin

# setup git terminal prompt & go build
run go build .

###############
# final image #
###############
from ${base_image}
copy --from=dataeng_github_metrics /bin/dataeng_github_metrics bin/
entrypoint [ "bin/dataeng_github_metrics" ]
Copy after login

I think the important part that's confusing me is this, but wondering if there's a better way to implement it:

# make git configuration
run git config \
    --global \
    url."https://${github_id}:${github_token}@github.com/".insteadof \
    "https://github.com/"
Copy after login

How to access private repositories and avoid the following errors in your workflow:

#14 9.438   remote: Repository not found.
#14 9.438   fatal: Authentication failed for 'https://github.com/Mirantis/dataeng/'
------
Dockerfile:26
--------------------
  24 |     WORKDIR /src
  25 |     COPY go.mod go.sum /src/
  26 | >>> RUN go mod download
  27 |     
  28 |     ##############
--------------------
ERROR: failed to solve: process "/bin/sh -c go mod download" did not complete successfully: exit code: 1
Error: buildx failed with: ERROR: failed to solve: process "/bin/sh -c go mod download" did not complete successfully: exit code: 1
Copy after login

Workaround

In the dockerfile, in order to use the key passed by the action (called token), you should run as follows :

RUN --mount=type=secret,id=TOKEN \
    echo "machine github.com login x password $(head -n 1 /run/secrets/TOKEN)" > ~/.netrc && \
git config \
    --global \
    url."https://${GITHUB_ID}:${TOKEN}@github.com/".insteadOf \
    "https://github.com/"
Copy after login

Remember to also pass github_id to dockerfile

The above is the detailed content of How to authenticate using a private repository in a Docker container. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:stackoverflow.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template