Dockerfile for cloning private git repo

RUN ssh-keyscan github.com >> ~/.ssh/known_hosts

The keyscan works great since it accepts the host. The following complete answer worked:

RUN mkdir -p /root/.ssh
RUN cp /var/my-app/id_rsa /root/.ssh/id_rsa
RUN chmod 600 /root/.ssh/id_rsa
RUN ssh-keyscan github.com >> /root/.ssh/known_hosts

Also as mentioned:

RUN ssh -v [email protected]

^ Great way to debug the flow. That's how I realized I needed the keyscan >> known_hosts


What's the output of the build process?

Random guess: try to chmod 600 the private key.

If it still doesn't work, try to RUN ssh -v [email protected] (after adding the key); the output should explain what's happening.


(Will probably not fit your needs)

There is another approach: https://stackoverflow.com/a/29464430/990356

Go to Settings > Personal access tokens and generate a personal access token with repo scope enabled. Now you can do git clone https://[email protected]/user-or-org/repo

Pros:

  • very simple approach
  • token can be easily revoked

Cons:

  • if someone has access to the Dockerfile he has access to the token

To fix this, you can use an environment variable to store the token

Tags:

Docker

Ssh