Backend Development
Golang
How to authenticate using a private repository in a Docker container
How to authenticate using a private repository in a Docker container
php Xiaobian Strawberry introduces you how to use a private repository in a Docker container for authentication. Docker is a popular containerization platform that helps developers quickly deploy and run applications in different environments. However, for some sensitive applications or private code bases, we may need to authenticate the repository in the container to ensure that only authorized personnel can access it. This article will show you how to set up and use authentication for private repositories to protect your sensitive data and code.
Question content
I have a git repository that is a private repository and I need to be able to authenticate to it and be able to run it on container build View it in perspective. For some background information, I have a github workflow that builds and publishes container images to the ghcr.io registry. However, because the repository my package depends on is private, it doesn't work. Now that it works locally, I've considered changing the way the github authentication is stored to allow me to access it, but I was wondering if anyone knew of a better way for me to access the private repository. p>
The following is the github operation published to the ghcr.io registry:
name: docker dataeng_github_metrics
# run workflow on tags starting with v (eg. v2, v1.2.0)
on:
push:
branches: [ "master" ]
paths:
- ./data_pipelines/dataeng_github_metrics/*
pull_request:
branches: [ "master" ]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: checkout code
uses: actions/checkout@v1
- name: login to github container registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.ghcr_registry_token }}
- name: set up docker buildx
uses: docker/setup-buildx-action@v2
- name: build and push docker image
uses: docker/build-push-action@v3
with:
context: ./data_pipelines/dataeng_github_metrics/
file: ./data_pipelines/dataeng_github_metrics/dockerfile
push: true # will only build if this is not here
tags: |
ghcr.io/mirantis/dataeng_github_metrics:latest
# todo: i cannot use dataeng as public and need to change the way gitconfig is used in the dockerfile for authentication
secrets: |
token=${{ secrets.automation_pat}}
This is dockerfile:
###############
# cache image #
###############
arg go_image=golang:1.17.3-alpine3.14
arg base_image=alpine:3.14.2
from ${go_image} as cache
# add the keys
arg github_id
env github_id=$github_id
arg github_token
env github_token=$github_token
# install git
run apk add git
# todo: encrypt the github_id and github_token
# make git configuration
run git config \
--global \
url."https://${github_id}:${github_token}@github.com/".insteadof \
"https://github.com/"
workdir /src
copy go.mod go.sum /src/
run go mod download
##############
# base image #
##############
from cache as dataeng_github_metrics
copy . /bin
workdir /bin
# setup git terminal prompt & go build
run go build .
###############
# final image #
###############
from ${base_image}
copy --from=dataeng_github_metrics /bin/dataeng_github_metrics bin/
entrypoint [ "bin/dataeng_github_metrics" ]I think the important part that's confusing me is this, but wondering if there's a better way to implement it:
# make git configuration
run git config \
--global \
url."https://${github_id}:${github_token}@github.com/".insteadof \
"https://github.com/"How to access private repositories and avoid the following errors in your workflow:
#14 9.438 remote: Repository not found. #14 9.438 fatal: Authentication failed for 'https://github.com/Mirantis/dataeng/' ------ Dockerfile:26 -------------------- 24 | WORKDIR /src 25 | COPY go.mod go.sum /src/ 26 | >>> RUN go mod download 27 | 28 | ############## -------------------- ERROR: failed to solve: process "/bin/sh -c go mod download" did not complete successfully: exit code: 1 Error: buildx failed with: ERROR: failed to solve: process "/bin/sh -c go mod download" did not complete successfully: exit code: 1
Workaround
In the dockerfile, in order to use the key passed by the action (called token), you should run as follows :
RUN --mount=type=secret,id=TOKEN \
echo "machine github.com login x password $(head -n 1 /run/secrets/TOKEN)" > ~/.netrc && \
git config \
--global \
url."https://${GITHUB_ID}:${TOKEN}@github.com/".insteadOf \
"https://github.com/"Remember to also pass github_id to dockerfile
The above is the detailed content of How to authenticate using a private repository in a Docker container. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How is Douyin's IP address displayed? Does the IP address show real-time location?
May 02, 2024 pm 01:34 PM
Users can not only watch a variety of interesting short videos on Douyin, but also publish their own works and interact with netizens across the country and even the world. In the process, Douyin’s IP address display function has attracted widespread attention. 1. How is Douyin’s IP address displayed? Douyin’s IP address display function is mainly implemented through geographical location services. When a user posts or watches a video on Douyin, Douyin automatically obtains the user's geographical location information. This process is mainly divided into the following steps: first, the user enables the Douyin application and allows the application to access its geographical location information; secondly, Douyin uses location services to obtain the user's geographical location information; finally, Douyin transfers the user's geographical location information Geographic location information is associated with the video data they posted or watched and will
What is the value and use of icp coins?
May 09, 2024 am 10:47 AM
As the native token of the Internet Computer (IC) protocol, ICP Coin provides a unique set of values and uses, including storing value, network governance, data storage and computing, and incentivizing node operations. ICP Coin is considered a promising cryptocurrency, with its credibility and value growing with the adoption of the IC protocol. In addition, ICP coins play an important role in the governance of the IC protocol. Coin holders can participate in voting and proposal submission, affecting the development of the protocol.
The meaning of * in sql
Apr 28, 2024 am 11:09 AM
In SQL means all columns, it is used to simply select all columns in a table, the syntax is SELECT FROM table_name;. The advantages of using include simplicity, convenience and dynamic adaptation, but at the same time pay attention to performance, data security and readability. In addition, it can be used to join tables and subqueries.
Kingston U disk mass production tool - an efficient and convenient mass data copy solution
May 01, 2024 pm 06:40 PM
Introduction: For companies and individuals who need to copy data in large quantities, efficient and convenient U disk mass production tools are indispensable. The U disk mass production tool launched by Kingston has become the first choice for large-volume data copying due to its excellent performance and simple and easy-to-use operation. This article will introduce in detail the characteristics, usage and practical application cases of Kingston's USB flash disk mass production tool to help readers better understand and use this efficient and convenient mass data copying solution. Tool materials: System version: Windows1020H2 Brand model: Kingston DataTraveler100G3 U disk software version: Kingston U disk mass production tool v1.2.0 1. Features of Kingston U disk mass production tool 1. Supports multiple U disk models: Kingston U disk volume
The difference between oracle database and mysql
May 10, 2024 am 01:54 AM
Oracle database and MySQL are both databases based on the relational model, but Oracle is superior in terms of compatibility, scalability, data types and security; while MySQL focuses on speed and flexibility and is more suitable for small to medium-sized data sets. . ① Oracle provides a wide range of data types, ② provides advanced security features, ③ is suitable for enterprise-level applications; ① MySQL supports NoSQL data types, ② has fewer security measures, and ③ is suitable for small to medium-sized applications.
What does view mean in sql
Apr 29, 2024 pm 03:21 PM
A SQL view is a virtual table that derives data from the underlying table, does not store actual data, and is dynamically generated during queries. Benefits include: data abstraction, data security, performance optimization, and data integrity. Views created with the CREATE VIEW statement can be used as tables in other queries, but updating a view actually updates the underlying table.
The difference between get and post in vue
May 09, 2024 pm 03:39 PM
In Vue.js, the main difference between GET and POST is: GET is used to retrieve data, while POST is used to create or update data. The data for a GET request is contained in the query string, while the data for a POST request is contained in the request body. GET requests are less secure because the data is visible in the URL, while POST requests are more secure.
How to convert XML files to PDF on your phone?
Apr 02, 2025 pm 10:12 PM
It is impossible to complete XML to PDF conversion directly on your phone with a single application. It is necessary to use cloud services, which can be achieved through two steps: 1. Convert XML to PDF in the cloud, 2. Access or download the converted PDF file on the mobile phone.
