I am trying to clone github private repo in dockerFile to my ubuntu server.
In order to authenticate it, I had to add id_rsa file into root folder.
FROM python:3.8.12
RUN mkdir /root/.ssh
ADD ./.ssh/id_rsa /root/.ssh/id_rsa
RUN chmod 600 /root/.ssh/id_rsa
RUN touch /root/.ssh/known_hosts
RUN ssh-keyscan github.com >> /root/.ssh/known_hosts
WORKDIR /home/
RUN git clone [email protected]:~~~/~~~.git
But when I try to command sudo docker build image in /home/ubuntu
it returns a message saying error checking context: 'no permission to read from '/home/ubuntu/.bash_history''.
So I moved my dockerfile to /home/ubuntu/abc
and I changed Dockerfile below
FROM python:3.8.12
RUN mkdir /root/.ssh
ADD ../.ssh/id_rsa /root/.ssh/id_rsa <------------------------ HERE
RUN chmod 600 /root/.ssh/id_rsa
RUN touch /root/.ssh/known_hosts
RUN ssh-keyscan github.com >> /root/.ssh/known_hosts
WORKDIR /home/
RUN git clone [email protected]:~~~/~~~.git
then it returns ADD failed: forbidden path outside the build context: ../.ssh/id_rsa ()
Is there any way I can fix it?
Thanks!
CodePudding user response:
I think (!) that there may be a new recommended mechanism to do this.
My approach has been to create a Personal Access Token (PAD) and then pass it as a build argument when building containers that need to git clone repos. This saves ADD'ing keys and the credentials are passed in memory only.
FROM ...
ARG TOKEN
RUN git config \
--global url."https://${TOKEN}@github.com".insteadOf "https://github.com"
...
And then e.g. podman build --build-arg=TOKEN=${TOKEN} ...
CodePudding user response:
If possible, avoid running docker build as sudo (by, for instance, adding your user to the docker group or, preferably, running a docker daemon in a rootless mode, like podman)
You can see a similar error here, where a comment adds:
A previous docker run had left a
bash_historyfile owned by root in the project folder.