在dockerfile中添加私有GitHub存储库“正确的方式”(w composer.json)
在dockerfile中添加私有GitHub存储库“正确的方式”(w composer.json)
提问于 2021-11-15 22:19:42
我正在尝试通过comer.json文件添加我的私有GitHub存储库,同时构建一个坞映像。但不管我做什么我都不能让它起作用。
我想要尽可能简单的方法,它不必是最安全的,但至少是可以接受的。我希望这是可能的“个人访问令牌”。
这是我的尝试;
FROM php:8-fpm
# Set working directory
WORKDIR /var/www
# Set args
ARG GIT_ACCESS_TOKEN
ARG GIT_PRIVATE_KEY
ARG GIT_HASH
ENV GIT_HASH=$GIT_HASH
# add credentials on build
#RUN touch ~/.composer/auth.json
RUN mkdir ~/.composer
RUN echo '{"github-oauth":{"github.com": "${GIT_ACCESS_TOKEN}"}}' > ~/.composer/auth.json
# Install dependencies
RUN apt-get update && apt-get install -y \
nano \
build-essential \
default-mysql-client \
locales \
zip \
libzip-dev \
unzip \
git \
curl \
libssl-dev \
libonig-dev
# Install extensions
RUN docker-php-ext-install opcache pdo_mysql mbstring zip ftp mysqli bcmath
# GitHub access to LCMS
RUN git config --global url."https://${GIT_ACCESS_TOKEN}@github.com".insteadOf "ssh://git@github.com"
RUN mkdir -p ~/.ssh/ && \
echo ${GIT_ACCESS_TOKEN} > ~/.ssh/id_rsa && \
chmod -R 600 ~/.ssh/ && \
ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts
# Install composer
# Copy composer.lock and composer.json
COPY ./web/composer.json /var/www/
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
# Install vendor dependencies through composer
RUN composer install
# Install opache settings for php
COPY ./web/nginx/php.ini $PHP_INI_DIR/conf.d/opcache.ini
# Copy existing application directory contents
COPY ./web /var/www
# Clean up
RUN apt-get remove -y git && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Expose port 9000 and start php-fpm server
EXPOSE 9000我总是受到来自GitHub的错误的欢迎。如果我运行上面的代码,我会得到这个错误;
> [11/14] RUN composer install:
#15 0.196 Do not run Composer as root/super user! See https://getcomposer.org/root for details
#15 0.226 No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
#15 0.226 Loading composer repositories with package information
#15 0.877
#15 0.883
#15 0.883 [RuntimeException]
#15 0.883 Failed to execute git clone --mirror -- 'git@github.xxxxx/xxxxx' '/root/.composer/cache/vcs/git-github.com-xxxxxxx/'
#15 0.883
#15 0.883 Cloning into bare repository '/root/.composer/cache/vcs/git-github.com-xxxxxxx'...
#15 0.883 Warning: Permanently added the RSA host key for IP address '140.82.121.3' to the list of known hosts.
#15 0.883 Load key "/root/.ssh/id_rsa": invalid format
#15 0.883 git@github.com: Permission denied (publickey).
#15 0.883 fatal: Could not read from remote repository.
#15 0.883
#15 0.883 Please make sure you have the correct access rights
#15 0.883 and the repository exists.有人有建议吗?
回答 1
Server Fault用户
发布于 2021-11-28 09:08:26
您的个人访问令牌不打算用作SSH密钥,它是个人GitHub密码的替代,只能用于HTTPS连接。
一个工作的最低限度的Dockerfile是:
FROM php:8-fpm
ARG GIT_ACCESS_TOKEN
RUN apt-get update && apt-get install -y git
RUN git clone https://yourusername:${GIT_ACCESS_TOKEN}@github.com/yourusername/yourrepo.git然后,可以在build命令行上使用ARG:
docker build --build-arg GIT_ACCESS_TOKEN="YOURLONGACCESSTOKEN" .但是:
您的访问令牌将是可见的,谁有权访问您的形象。
在Dockerfile文档中指出了这一点:
警告:不建议使用构建时变量来传递秘密,如github键、用户凭据等。使用
docker history命令,图像的任何用户都可以看到构建时变量值。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/1083649
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号