How to authenticate using a private repository in a Docker container

php Xiaobian Strawberry introduces you how to use a private repository in a Docker container for authentication. Docker is a popular containerization platform that helps developers quickly deploy and run applications in different environments. However, for some sensitive applications or private code bases, we may need to authenticate the repository in the container to ensure that only authorized personnel can access it. This article will show you how to set up and use authentication for private repositories to protect your sensitive data and code.

Question content

I have a git repository that is a private repository and I need to be able to authenticate to it and be able to run it on container build View it in perspective. For some background information, I have a github workflow that builds and publishes container images to the ghcr.io registry. However, because the repository my package depends on is private, it doesn't work. Now that it works locally, I've considered changing the way the github authentication is stored to allow me to access it, but I was wondering if anyone knew of a better way for me to access the private repository. p>

The following is the github operation published to the ghcr.io registry:

name: docker dataeng_github_metrics

# run workflow on tags starting with v (eg. v2, v1.2.0)
on:
  push:
    branches: [ "master" ]
    paths:
      - ./data_pipelines/dataeng_github_metrics/*
  pull_request:
    branches: [ "master" ]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: checkout code
        uses: actions/checkout@v1
        
      - name: login to github container registry
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.ghcr_registry_token }}

      - name: set up docker buildx
        uses: docker/setup-buildx-action@v2

      - name: build and push docker image
        uses: docker/build-push-action@v3
        with:
          context: ./data_pipelines/dataeng_github_metrics/
          file: ./data_pipelines/dataeng_github_metrics/dockerfile
          push: true # will only build if this is not here
          tags: |
            ghcr.io/mirantis/dataeng_github_metrics:latest
          # todo: i cannot use dataeng as public and need to change the way gitconfig is used in the dockerfile for authentication
          secrets: |
            token=${{ secrets.automation_pat}}

This is dockerfile:

###############
# cache image #
###############
arg go_image=golang:1.17.3-alpine3.14
arg base_image=alpine:3.14.2

from ${go_image} as cache
# add the keys
arg github_id
env github_id=$github_id
arg github_token
env github_token=$github_token

# install git
run apk add git

# todo: encrypt the github_id and github_token
# make git configuration
run git config \
    --global \
    url."https://${github_id}:${github_token}@github.com/".insteadof \
    "https://github.com/"

workdir /src
copy go.mod go.sum /src/
run go mod download

##############
# base image #
##############
from cache as dataeng_github_metrics
copy . /bin
workdir /bin

# setup git terminal prompt & go build
run go build .

###############
# final image #
###############
from ${base_image}
copy --from=dataeng_github_metrics /bin/dataeng_github_metrics bin/
entrypoint [ "bin/dataeng_github_metrics" ]

I think the important part that's confusing me is this, but wondering if there's a better way to implement it:

# make git configuration
run git config \
    --global \
    url."https://${github_id}:${github_token}@github.com/".insteadof \
    "https://github.com/"

How to access private repositories and avoid the following errors in your workflow:

#14 9.438   remote: Repository not found.
#14 9.438   fatal: Authentication failed for 'https://github.com/Mirantis/dataeng/'
------
Dockerfile:26
--------------------
  24 |     WORKDIR /src
  25 |     COPY go.mod go.sum /src/
  26 | >>> RUN go mod download
  27 |     
  28 |     ##############
--------------------
ERROR: failed to solve: process "/bin/sh -c go mod download" did not complete successfully: exit code: 1
Error: buildx failed with: ERROR: failed to solve: process "/bin/sh -c go mod download" did not complete successfully: exit code: 1

Workaround

In the dockerfile, in order to use the key passed by the action (called token), you should run as follows ：

RUN --mount=type=secret,id=TOKEN \
    echo "machine github.com login x password $(head -n 1 /run/secrets/TOKEN)" > ~/.netrc && \
git config \
    --global \
    url."https://${GITHUB_ID}:${TOKEN}@github.com/".insteadOf \
    "https://github.com/"

Remember to also pass github_id to dockerfile

The above is the detailed content of How to authenticate using a private repository in a Docker container. For more information, please follow other related articles on the PHP Chinese website!