将SSH代理与Docker组成和Dockerfile一起使用

发布于 2025-02-01 09:05:54 字数 1733 浏览 1 评论 0原文

在我的一个Nestjs应用程序中，我使用私人GitHub存储库遇到问题。当我使用Docker build命令创建Docker Image时，该图像将成功创建并且一切正常。但是，我无法将Dockerfile与Docker-Compose一起使用。

这是dockerfile的一部分，其中我使用buildKit登录功能：

RUN mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts

RUN --mount=type=ssh npm install

使用dockerfile单独构建图像时，我通过- SSH默认参数，像这样，它成功安装了私人仓库：

docker build --ssh default -t CONTAINER_NAME .

跟随 “ noreferrer”>“ noreferrer”>本文，在docker-compose.yml文件中，我包含了$ ssh_auth_sock这样：

environment:
      - NODE_ENV:${NODE_ENV}
      - SSH_AUTH_SOCK:${SSH_AUTH_SOCK}
volumes:
      - $SSH_AUTH_SOCK:${SSH_AUTH_SOCK}

但是，每当我尝试运行docker-compose

#11 44.97 npm ERR! code 128
#11 44.97 npm ERR! An unknown git error occurred
#11 44.97 npm ERR! command git --no-replace-objects ls-remote ssh://[email protected]/organization/repo.git
#11 44.97 npm ERR! [email protected]: Permission denied (publickey).
#11 44.97 npm ERR! fatal: Could not read from remote repository.
#11 44.97 npm ERR! 
#11 44.97 npm ERR! Please make sure you have the correct access rights
#11 44.97 npm ERR! and the repository exists.

知道我在做什么错吗？

原文

I am having issues using a private github repo in one of my NestJS apps. When I create the docker image using the docker build command, the image is successfully created and everything works fine. However I can't use the Dockerfile with docker-compose.

Here's the part of Dockerfile where I use the BuildKit mount feature:

RUN mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts

RUN --mount=type=ssh npm install

When building the image with Dockerfile alone I pass the --ssh default argument, like this and it successfully installs the private repo:

docker build --ssh default -t CONTAINER_NAME .

Following this article, inside the docker-compose.yml file I have included the $SSH_AUTH_SOCK like this:

environment:
      - NODE_ENV:${NODE_ENV}
      - SSH_AUTH_SOCK:${SSH_AUTH_SOCK}
volumes:
      - $SSH_AUTH_SOCK:${SSH_AUTH_SOCK}

However I get this error whenever I try to run docker-compose up

#11 44.97 npm ERR! code 128
#11 44.97 npm ERR! An unknown git error occurred
#11 44.97 npm ERR! command git --no-replace-objects ls-remote ssh://[email protected]/organization/repo.git
#11 44.97 npm ERR! [email protected]: Permission denied (publickey).
#11 44.97 npm ERR! fatal: Could not read from remote repository.
#11 44.97 npm ERR! 
#11 44.97 npm ERR! Please make sure you have the correct access rights
#11 44.97 npm ERR! and the repository exists.

Any idea what I am doing wrong?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

平定天下 2025-02-08 09:05:54

他们已经在组合中添加了SSH标志作为选项： https：// https：// github.com/compose-pec/compose-pec/pull/234

services:
  sample:
    build:
      context: .
      ssh:
        - default

They have added the ssh flag as option to the build key in compose: https://github.com/compose-spec/compose-spec/pull/234

services:
  sample:
    build:
      context: .
      ssh:
        - default

回复收藏 0 原文

过潦 2025-02-08 09:05:54

您的环境语法不正确。 环境块可以是name = value Pairs的列表：

environment:
  - SSH_AUTH_SOCK=${SSH_AUTH_SOCK}

或者它可以是字典：

environment:
  SSH_AUTH_SOCK: ${SSH_AUTH_SOCK}

您的都不是这些东西，因此您的容器没有> ssh_auth_sock环境变量。

如果我使用此docker-compose.yaml文件：

version: "3"

services:
  ssh:
    image: fedora:35
    environment:
      - SSH_AUTH_SOCK=${SSH_AUTH_SOCK}
    volumes:
      - ${SSH_AUTH_SOCK}:${SSH_AUTH_SOCK}
    command:
      - sh
      - -c
      - |
        yum -y install openssh-clients
        sleep inf

我可以exec进入容器（等待包装安装完成后）并验证它能够与我的代理人：

$ docker-compose exec ssh ssh-add -l
2048 SHA256:... (RSA)
4096 SHA256:... (RSA)

另外，关于您的卷的一个无关评论： block：您在参考变量的方式上不一致。这不是问题，但它会伤害我的大脑（这样的不一致有时会在其他情况下导致奇怪的问题）。您不妨始终使用$ {varname}语法，当时参考环境变量：

volumes:
  - ${SSH_AUTH_SOCK}:${SSH_AUTH_SOCK}

Your environment syntax is incorrect. The environment block can either be a list of NAME=VALUE pairs:

environment:
  - SSH_AUTH_SOCK=${SSH_AUTH_SOCK}

Or it can be a dictionary:

environment:
  SSH_AUTH_SOCK: ${SSH_AUTH_SOCK}

Yours is neither of those things, so your container has no SSH_AUTH_SOCK environment variable.

If I use this docker-compose.yaml file:

version: "3"

services:
  ssh:
    image: fedora:35
    environment:
      - SSH_AUTH_SOCK=${SSH_AUTH_SOCK}
    volumes:
      - ${SSH_AUTH_SOCK}:${SSH_AUTH_SOCK}
    command:
      - sh
      - -c
      - |
        yum -y install openssh-clients
        sleep inf

I can exec into the container (after waiting for the package installation to complete) and verify that it is able to talk to my agent:

$ docker-compose exec ssh ssh-add -l
2048 SHA256:... (RSA)
4096 SHA256:... (RSA)

Also, one unrelated comment about your volumes: block: you're being inconsistent in how you refer to variables. This isn't a problem, but it hurts my brain (and inconsistencies like this can sometimes lead to weird problems in other contexts). You might as well just always use the ${varname} syntax when referring to environment variables:

volumes:
  - ${SSH_AUTH_SOCK}:${SSH_AUTH_SOCK}

回复收藏 0 原文

中性美 2025-02-08 09:05:54

我想对过程中涉及的不同组件给出更完整的答案，还包括GitHub Actions Workflow，以防有人需要。

我还制作了一个“ nofollow noreferrer” 。

docker compose（docker-compose.yaml）：

 版本：'3.2'

服务：
  my-app：
    平台：Linux/AMD64
    建造：
      SSH：
         - 默认值= $ {ssh_auth_sock}
    命令：my-command.sh

dockerfile（只是相关部分）：

 ＃＃将GitHub的SSH主机密钥添加到已知主机并安装您的依赖项
运行-Mount = type = SSH MKDIR -P -M 0600〜/.SSH＆amp;＆amp; \ \
    ssh-keyscan github.com＆gt;＆gt; 〜/.ssh/nownow_hosts＆amp;＆amp; \ \
    NPM安装

github工作流程：

 名称：构建my-app
在：
  推：
    分支：
       - “*”

工作：
  构建测试：
    运行：ubuntu-latest
    env：
      ssh_auth_sock：$ ssh_auth_sock
    步骤：
       - 名称：结帐代码
        用途：Action/Checkout@V3

       - 名称：设置SSH键
        运行：|
          mkdir -p〜/.ssh
          ssh -agent -a $ {ssh_auth_sock}＆gt; /dev/null
          ssh -add  - ＆lt;＆lt;＆lt;＆lt; “ $ {{secrets.ssh_private_key}}”
       - 名称：构建Docker图像
        运行：Docker构建My-App

I'd like to give a more complete answer with the different components involved in the process, also including a GitHub Actions workflow in case someone needs it.

I also made a gist on GitHub for Python, I'll just adapt it to your scenario here.

Docker Compose (docker-compose.yaml):

version: '3.2'

services:
  my-app:
    platform: linux/amd64
    build:
      ssh:
        - default=${SSH_AUTH_SOCK}
    command: my-command.sh

Dockerfile (just the relevant part):

# Add GitHub's SSH host keys to the known hosts and install your dependencies
RUN --mount=type=ssh mkdir -p -m 0600 ~/.ssh && \
    ssh-keyscan github.com >> ~/.ssh/known_hosts && \
    npm install

GitHub workflow:

name: Build My-App
on:
  push:
    branches:
      - "*"

jobs:
  build-test:
    runs-on: ubuntu-latest
    env:
      SSH_AUTH_SOCK: $SSH_AUTH_SOCK
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Set up SSH key
        run: |
          mkdir -p ~/.ssh
          ssh-agent -a ${SSH_AUTH_SOCK} > /dev/null
          ssh-add - <<< "${{ secrets.SSH_PRIVATE_KEY }}"
      - name: Build docker image
        run: docker compose build my-app

回复收藏 0 原文

~没有更多了~