Copying Local Git Config into Docker Container

Copying local git config into docker container

Is there any good way to have docker or docker-compose copy the results of git config --list to a file in the container, which I can then use with my entrypoint to setup the git config.

You really needn't do that to reach your aims, there is a outbox solution:

For your host machine which run git, all the contents of git config --list is stored in files:

• If use git config --system to configure them, they are stored in /etc/gitconfig
• If use git config --global to configure them, they are stored in ~/.gitconfig

So, you just need to mount the files to containers, then can reuse the git configure on host machine.

Something like follows, FYI.

• If host use --global to configure git:

  docker run --rm -it -v ~/.gitconfig:/etc/gitconfig your_image_with_git git config --list
  

  output: user.name=xxx

• If host use --system to configure git:

  docker run --rm -it -v /etc/gitconfig:/etc/gitconfig your_image_with_git git config --list
  

  output: user.name=yyy

For docker-compose, you can just configure volumes to define the mount.

Pull private git repo in Docker container

From your SSH output, it looks like you have protected your private key with a passphrase:

debug1: Trying private key: /root/.ssh/id_rsa
debug1: key_load_private_type: incorrect passphrase supplied to decrypt private key

And this password is not being supplied, so the private key cannot be used. You will need to run a ssh-add <key-file> within the container, and supply the password for authentication to succeed.

I would suggest the following improvements:

• Even though your docker image is only for internal use, it is a bad idea to store ssh-keys within images on any system which is shared by multiple users. See this and this.
  You can instead create an image with a Dockerfile which passes in sensitive arguments:

  FROM library/centos
  
  RUN yum install -y git
  
  ARG HOME_DIR
  ARG USER_ID
  
  RUN echo "Setting up user $USER_ID with home directory: $HOME_DIR" \
    && useradd \
      --home-dir $HOME_DIR \
      --uid 1000 \
      $USER_DIR $USER_ID \
    && touch ${HOME_DIR}/entrypoint.sh \
    && mkdir -p ${HOME_DIR}/.ssh/ \
    && chown -R ${USER_ID}:${USER_ID} ${HOME_DIR} \
    && chmod -R 700 ${HOME_DIR}/.ssh \
    && touch ${HOME_DIR}/.ssh/id_rsa \
    && chmod 400 ${HOME_DIR}/.ssh/id_rsa \
    && chmod 777 ${HOME_DIR}/entrypoint.sh
  
  ENTRYPOINT ${HOME_DIR}/entrypoint.sh
  

• Create an entrypoint.sh script that is passed in when running the image. This will handle all the git initialization:

  # Setup Git Config
  echo "Setting Git Config Values"
  git config --global user.email "developer@domain.com" && \
      git config --global user.name "Docker Image"
  
  # Setup Git Folders
  echo "Adding Host Key for Github"
  cd /home/my_user/ \
    && ssh-keyscan gitlabdomain.com > /home/my_user/.ssh/known_hosts
  
  # Add ssh-key to SSH Agent
  echo "Adding SSH Key to ssh-agent" \
    && eval `ssh-agent -s` && ssh-add /home/my_user/.ssh/id_rsa
  
  # Cloning from remote repository
  git clone git@gitlabdomain.com
  # Prevent container from exiting
  tail -f /dev/null
  

• Then, run the container in interactive detached mode - this will allow you to attach to the container and enter the passphrase for the ssh-key.

  Also mount all sensitive files as read-only volumes, and run the container as your user. This will ensure files are only able to be accessed by you:

  my_user$ docker run \
    -itd \
    -e "HOME_DIR=/home/my_user" \
    -e "USER_ID=my_user" \
    -v /home/my_user/.ssh/id_rsa:/home/my_user/.ssh/id_rsa:ro \
    -v /home/my_user/entrypoint.sh:/home/my_user/entrypoint.sh \
    --user my_user \
    myimage
  e4985a08a0d20f39414da801e9665abb364885052047f45e2f9943e7622c696b
  

• Finally, attach to your container to provide the ssh-key passphrase, and detach with Ctrl-P, Ctrl-Q:

  myuser$ docker attach e4985a08a0d20f39414da801e9665abb364885052047f45e2f9943e7622c696b
  <enter passphrase here>
  Identity added: /home/my_user/.ssh/id_rsa 
  (/home/my_user/.ssh/id_rsa)
  Cloning into 'my_repo'...
  Warning: Permanently added the RSA host key for IP address 'xx.xxx.xxx.xxx' to the list of known hosts.
  remote: Counting objects: 1014, done.
  remote: Total 1014 (delta 0), reused 0 (delta 0), pack-reused 1014
  Receiving objects: 100% (1014/1014), 3.48 MiB | 1.16 MiB/s, done.
  Resolving deltas: 100% (512/512), done.
  read escape sequence
  

Alternatively, if you don't want to attach/detach you can try and pass in the passphrase from a file. See this

Clone private git repo with dockerfile

My key was password protected which was causing the problem, a working file is now listed below (for help of future googlers)

FROM ubuntu

MAINTAINER Luke Crooks "luke@pumalo.org"

# Update aptitude with new repo
RUN apt-get update

# Install software 
RUN apt-get install -y git
# Make ssh dir
RUN mkdir /root/.ssh/

# Copy over private key, and set permissions
# Warning! Anyone who gets their hands on this image will be able
# to retrieve this private key file from the corresponding image layer
ADD id_rsa /root/.ssh/id_rsa

# Create known_hosts
RUN touch /root/.ssh/known_hosts
# Add bitbuckets key
RUN ssh-keyscan bitbucket.org >> /root/.ssh/known_hosts

# Clone the conf files into the docker container
RUN git clone git@bitbucket.org:User/repo.git

Fetching git behind proxy in docker container

Fetching git://github.com/seuros/state_machine.git: this is not https protocol.

It is the Git one (on port 9418 by default)

Add to your Dockerfile (before git clone):

RUN git config --global url."https://github.com/".insteadOf git@github.com:

That way, you know git will use an https url, and will benefit from the https proxy you have set up.

Git clone not coping in to WORKDIR [ Dockerfile ]

You'll want to RUN mv /docktest /usr/src/app. ADD is for files in the build context (your machine), not ones in the image itself

Using SSH keys inside docker container

Turns out when using Ubuntu, the ssh_config isn't correct. You need to add

RUN  echo "    IdentityFile ~/.ssh/id_rsa" >> /etc/ssh/ssh_config

to your Dockerfile in order to get it to recognize your ssh key.

How can I copy `.git` directory to the container with GitHub actions?

The issue is in the docker/build-push-action@v2 action, which by default ignores the checkout created using the actions/checkout@v2 action:

By default, this action uses the Git context so you don't need to use the actions/checkout action to check out the repository because this will be done directly by BuildKit.

The git reference will be based on the event that triggered your workflow and will result in the following context: https://github.com/<owner>/<repo>.git#<ref>.

When you pass a git build context to docker build, it won't
include the .git directory.

If you read through the documentation for the docker/build-push-action@v2 action, you'll see that you can override this behavior:

However, you can use the Path context using the context input alongside the actions/checkout action to remove this restriction.

You would need to modify your workflow so that it includes an explicit
context: ., like this:

        name: Build and push
        id: docker_build
        uses: docker/build-push-action@v2
        with:
          context: .
          file: ./Dockerfile
          tags: foo/bar:latest
          push: true

I've put together an example repository that demonstrates this here; you can see the verification in this build run.

---

Related Topics