How to authenticate using a private repository in a Docker container-Golang-php.cn

Home

Backend Development

Golang

How to authenticate using a private repository in a Docker container

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Feb 09, 2024 am 09:40 AM

Sensitive data

如何使用 Docker 容器中的私有存储库进行身份验证

php Xiaobian Strawberry introduces you how to use a private repository in a Docker container for authentication. Docker is a popular containerization platform that helps developers quickly deploy and run applications in different environments. However, for some sensitive applications or private code bases, we may need to authenticate the repository in the container to ensure that only authorized personnel can access it. This article will show you how to set up and use authentication for private repositories to protect your sensitive data and code.

Question content

I have a git repository that is a private repository and I need to be able to authenticate to it and be able to run it on container build View it in perspective. For some background information, I have a github workflow that builds and publishes container images to the ghcr.io registry. However, because the repository my package depends on is private, it doesn't work. Now that it works locally, I've considered changing the way the github authentication is stored to allow me to access it, but I was wondering if anyone knew of a better way for me to access the private repository. p>

The following is the github operation published to the ghcr.io registry:

name: docker dataeng_github_metrics

# run workflow on tags starting with v (eg. v2, v1.2.0)
on:
  push:
    branches: [ "master" ]
    paths:
      - ./data_pipelines/dataeng_github_metrics/*
  pull_request:
    branches: [ "master" ]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: checkout code
        uses: actions/checkout@v1
        
      - name: login to github container registry
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.ghcr_registry_token }}

      - name: set up docker buildx
        uses: docker/setup-buildx-action@v2

      - name: build and push docker image
        uses: docker/build-push-action@v3
        with:
          context: ./data_pipelines/dataeng_github_metrics/
          file: ./data_pipelines/dataeng_github_metrics/dockerfile
          push: true # will only build if this is not here
          tags: |
            ghcr.io/mirantis/dataeng_github_metrics:latest
          # todo: i cannot use dataeng as public and need to change the way gitconfig is used in the dockerfile for authentication
          secrets: |
            token=${{ secrets.automation_pat}}

This is dockerfile:

###############
# cache image #
###############
arg go_image=golang:1.17.3-alpine3.14
arg base_image=alpine:3.14.2

from ${go_image} as cache
# add the keys
arg github_id
env github_id=$github_id
arg github_token
env github_token=$github_token

# install git
run apk add git

# todo: encrypt the github_id and github_token
# make git configuration
run git config \
    --global \
    url."https://${github_id}:${github_token}@github.com/".insteadof \
    "https://github.com/"

workdir /src
copy go.mod go.sum /src/
run go mod download

##############
# base image #
##############
from cache as dataeng_github_metrics
copy . /bin
workdir /bin

# setup git terminal prompt & go build
run go build .

###############
# final image #
###############
from ${base_image}
copy --from=dataeng_github_metrics /bin/dataeng_github_metrics bin/
entrypoint [ "bin/dataeng_github_metrics" ]

I think the important part that's confusing me is this, but wondering if there's a better way to implement it:

# make git configuration
run git config \
    --global \
    url."https://${github_id}:${github_token}@github.com/".insteadof \
    "https://github.com/"

How to access private repositories and avoid the following errors in your workflow:

#14 9.438   remote: Repository not found.
#14 9.438   fatal: Authentication failed for 'https://github.com/Mirantis/dataeng/'
------
Dockerfile:26
--------------------
  24 |     WORKDIR /src
  25 |     COPY go.mod go.sum /src/
  26 | >>> RUN go mod download
  27 |     
  28 |     ##############
--------------------
ERROR: failed to solve: process "/bin/sh -c go mod download" did not complete successfully: exit code: 1
Error: buildx failed with: ERROR: failed to solve: process "/bin/sh -c go mod download" did not complete successfully: exit code: 1

Workaround

In the dockerfile, in order to use the key passed by the action (called token), you should run as follows ：

RUN --mount=type=secret,id=TOKEN \
    echo "machine github.com login x password $(head -n 1 /run/secrets/TOKEN)" > ~/.netrc && \
git config \
    --global \
    url."https://${GITHUB_ID}:${TOKEN}@github.com/".insteadOf \
    "https://github.com/"

Remember to also pass github_id to dockerfile

The above is the detailed content of How to authenticate using a private repository in a Docker container. For more information, please follow other related articles on the PHP Chinese website!

Statement

This article is reproduced at:stackoverflow. If there is any infringement, please contact admin@php.cn delete

Understanding Goroutines: A Deep Dive into Go's ConcurrencyMay 01, 2025 am 12:18 AM

GoroutinesarefunctionsormethodsthatrunconcurrentlyinGo,enablingefficientandlightweightconcurrency.1)TheyaremanagedbyGo'sruntimeusingmultiplexing,allowingthousandstorunonfewerOSthreads.2)Goroutinesimproveperformancethrougheasytaskparallelizationandeff

Understanding the init Function in Go: Purpose and UsageMay 01, 2025 am 12:16 AM

ThepurposeoftheinitfunctioninGoistoinitializevariables,setupconfigurations,orperformnecessarysetupbeforethemainfunctionexecutes.Useinitby:1)Placingitinyourcodetorunautomaticallybeforemain,2)Keepingitshortandfocusedonsimpletasks,3)Consideringusingexpl

Understanding Go Interfaces: A Comprehensive GuideMay 01, 2025 am 12:13 AM

Gointerfacesaremethodsignaturesetsthattypesmustimplement,enablingpolymorphismwithoutinheritanceforcleaner,modularcode.Theyareimplicitlysatisfied,usefulforflexibleAPIsanddecoupling,butrequirecarefulusetoavoidruntimeerrorsandmaintaintypesafety.

Recovering from Panics in Go: When and How to Use recover()May 01, 2025 am 12:04 AM

Use the recover() function in Go to recover from panic. The specific methods are: 1) Use recover() to capture panic in the defer function to avoid program crashes; 2) Record detailed error information for debugging; 3) Decide whether to resume program execution based on the specific situation; 4) Use with caution to avoid affecting performance.

How do you use the "strings" package to manipulate strings in Go?Apr 30, 2025 pm 02:34 PM

The article discusses using Go's "strings" package for string manipulation, detailing common functions and best practices to enhance efficiency and handle Unicode effectively.

How do you use the "crypto" package to perform cryptographic operations in Go?Apr 30, 2025 pm 02:33 PM

The article details using Go's "crypto" package for cryptographic operations, discussing key generation, management, and best practices for secure implementation.Character count: 159

How do you use the "time" package to handle dates and times in Go?Apr 30, 2025 pm 02:32 PM

The article details the use of Go's "time" package for handling dates, times, and time zones, including getting current time, creating specific times, parsing strings, and measuring elapsed time.