Cannot clone a private Bitbucket repo from inside a Docker image using docker-compose-CodePudding

I am trying to clone a private Git repo hosted on Bitbucket Cloud from inside a docker image. I build the image using docker-compose (ver 3.9).

I have added the public key as an Access Key in the Repo settings in Bitbucket.

Here is the error I get:

 => ERROR [16/19] RUN git clone [email protected]:some_repo/imp_hmi.git 0.7s
------ 
> [16/19] RUN git clone [email protected]:some_repo/imp_hmi.git:
#0 0.331 Cloning into 'imp_hmi'...
#0 0.636 Host key verification failed.
#0 0.636 fatal: Could not read from remote repository.
#0 0.636 
#0 0.636 Please make sure you have the correct access rights
#0 0.636 and the repository exists.

I can clone the repo using the same SSH keys on the host machine.

Now, for the Dockerfile:

# Update this value when the version changes.
ARG UNITY_VERSION=2020.3.13f1
#ARG HMI_CONFIG=niro_av71oxu.yaml
FROM unityci/editor:ubuntu-${UNITY_VERSION}-linux-il2cpp-1.0.1 AS base

USER root
ENV HOME /home/root
# # don't ask interactive questions
ENV DEBIAN_FRONTEND noninteractive

# Create user bobsaccamano
RUN useradd -m -r bobsaccamano
RUN usermod -aG adm,cdrom,sudo,audio,dip,video,plugdev bobsaccamano

# Setup SSH keys
RUN mkdir -p -m 0700 /home/bobsaccamano/.ssh
COPY id-docker-unity /home/bobsaccamano/.ssh/
RUN chown bobsaccamano:bobsaccamano /home/bobsaccamano/.ssh/id-docker-unity
RUN chmod 600 /home/bobsaccamano/.ssh/id-docker-unity
COPY id-docker-unity.pub /home/bobsaccamano/.ssh/ 
RUN chown bobsaccamano:bobsaccamano /home/bobsaccamano/.ssh/id-docker-unity.pub
RUN touch /home/bobsaccamano/.ssh/known_hosts && chown bobsaccamano:bobsaccamano /home/bobsaccamano/.ssh/known_hosts
RUN ssh-keyscan bitbucket.org >> /home/bobsaccamano/.ssh/known_hosts
RUN cat /home/bobsaccamano/.ssh/id-docker-unity

# Change to bobsaccamano user
USER bobsaccamano
ENV HOME /home/bobsaccamano
ENV HMI_BUILT ${HOME}/HMI_built

# Create folders
RUN mkdir -p -m 0700 /home/bobsaccamano/proj/
RUN mkdir -p -m 0700 ${HMI_BUILT}

# Pull Repositories
WORKDIR /home/bobsaccamano/proj/
RUN git clone [email protected]:some_repo/imp_hmi.git

# Build HMI
RUN cd imp_hmi && chmod  x build_hmi.sh
RUN . build_hmi.sh DEV

WORKDIR ${HOME}
#RUN apt-get -y update
# WORKDIR /home/unity_volume

The docker-compose.yml file:

version: "3.9"
services:
unity_base:
build:
context: .
dockerfile: Dockerfile.unity
# args:
# progress: plain
volumes:
- hmi_built:/home/bobsaccamano/HMI_built
container_name: unity-base
hmi_app:
build:
context: .
dockerfile: Dockerfile.hmi
depends_on:
- unity_base
volumes:
- hmi_built:/home/bobsaccamano/HMI_built
container_name: hmi-app
volumes:
hmi_built:

Any help is much appreciated!

CodePudding user response：

You should use Personal Access Token instead. Check the PAT docs. They also allow more control over what a user that has the PAT can do.

Don't put your ssh keys inside the docker image. If you start distributing the image you will also distribute your ssh keys.

On a more general note, the workflow that you are trying to apply is wrong in my opinion. Doesn't really make sense to make those operations in a Dockerfile. What I would do instead is fork the git repo (if it is not already yours of course) and add a Dockerfile and docker-compose.yml to it. Then whoever has access to the project can also build an image out of it directly.

CodePudding user response：

you need to add add this lines in dockerfile RUN eval "$(ssh-agent -s)" && \ chmod 600 /root/bobsaccamano/.ssh/id_rsa && \ ssh-add /home/bobsaccamano/.ssh/id_rsa

RUN ssh -o UserKnownHostsFile=//home/bobsaccamano/.ssh/known_hosts -o StrictHostKeyChecking=no [email protected]