Clone a private repo from git after wordpress setup dockerfile - docker

I want to create an image from WordPress and clone a private plugin after the build. This is my dockerfile:
FROM wordpress
RUN apt-get update
RUN apt-get install -y git
RUN mkdir /root/.ssh/
ADD id_rsa /root/.ssh/id_rsa
RUN touch /root/.ssh/known_hosts
RUN chmod -R 600 /root/.ssh
RUN ssh-keyscan -T 60 mygitdomain.com >> /root/.ssh/known_hosts
ENTRYPOINT git clone git#mygitdomain.com:myuser/my-plugin.git /var/www/html/wp-content/plugins/my-plugin
the problem is WordPress is not complete, and I can not clone in a directory that does not exist (I guess)
Anyway, I want to create a dockerfile to install WordPress and, after building, clone a repo in the plugins directory. Any help?

Related

Pass ssh-agent to dockerfile to install private repository modules

I am trying to automate a docker build in Jenkins pipeline. In my dockerfile, I basically build a node application. In my npm install, I have some private git repositories which need os bindings and so have to be installed in the container. When I run this manually, I transfer my ssh keys (id_rsa) to dockerfile which is used for doing npm install. Now, my problem is when running this task in jenkins pipeline, I will be configuring a ssh-agent(Jenkins plugin). It will not be possible to extract private key from ssh-agent. How should I pass my ssh-agent to my dockerfile.
EDIT 1:
I got it partially working by this:
Docker Build Command:
DOCKER_BUILDKIT=1 docker build --no-cache -t $DOCKER_REGISTRY_URL/$IMAGE_NAME:v$BUILD_NUMBER --ssh default . &&
Then in Docker file:
This works fine:
RUN --mount=type=ssh GIT_SSH_COMMAND="ssh -vvvT -o StrictHostKeyChecking=no"
git clone git#github.com:****
Weird thing is this doesn't work:
RUN --mount=type=ssh GIT_SSH_COMMAND="ssh -vvvT -o StrictHostKeyChecking=no" npm install git+ssh//git#github.com:****
I feel this is something to do with StrictHostKeyChecking=no
I finally got it working by using ROOT user in Dockerfile and setting the npm cache to root.
The problem was that git was using the /root/.ssh folder while npm was using a different path - /home/.ssh as it's npm cache was set on /home/.ssh
For anyone still struggling, this is the config I used
Docker Build Command:
DOCKER_BUILDKIT=1 docker build --no-cache -t test --ssh default .
Dockerfile:
USER root
RUN apt-get update && \
apt-get install -y \
git \
openssh-server \
openssh-client
RUN mkdir -p -m 600 /root/.ssh && ssh-keyscan github.com >> /root/.ssh/known_hosts && echo "Host *\n StrictHostKeyChecking no" > /root/.ssh/config
RUN echo "Check ssh_config" && cat /root/.ssh/config
RUN rm -rf node_modules
RUN npm config set cache /root
RUN --mount=type=ssh GIT_SSH_COMMAND="ssh -vvvT" npm install

I have added git clone in my docker file. Image is built successfully

but unable to find my cloned source code in image .on local machine clone is workking but not for docker conatiner.
RUN git clone https://h..../public.git
Successfully built image id
FROM ubuntu
MAINTAINER Luke Crooks "luke#pumalo.org"
RUN apt-get update
RUN apt-get install -y apache2 && apt-get clean
RUN apt-get install -y git
RUN mkdir /root/.ssh/
RUN touch /root/.ssh/id_rsa
EXPOSE 8080/tcp
RUN touch /root/.ssh/known_hosts
RUN ssh-keyscan -T 60 bitbucket.org >> /root/.ssh/known_hosts
RUN git clone -b newbr https://haseeb#bitbucket.org/haseeb/public.git
WORKDIR /var/lib/docker/overlay2/work
try to update the docker file like the below snippet and build again
FROM ubuntu
MAINTAINER Luke Crooks "luke#pumalo.org"
RUN apt-get update
RUN apt-get install -y apache2 && apt-get clean
RUN apt-get install -y git
RUN mkdir /root/.ssh/
RUN touch /root/.ssh/id_rsa
EXPOSE 8080/tcp
RUN touch /root/.ssh/known_hosts
RUN ssh-keyscan -T 60 bitbucket.org >> /root/.ssh/known_hosts
RUN makdir -p /var/lib/docker/overlay2/work
WORKDIR /var/lib/docker/overlay2/work
RUN git clone -b newbr https://haseeb#bitbucket.org/haseeb/public.git
The cloned repo should be in /var/lib/docker/overlay2/work

Why can't I get ocaml/opam:ubuntu-16.04_ocaml-4.03.0 docker Image?

I was trying to run:
docker build -f hol-light/Dockerfile_check_proofs --ulimit stack=1000000000 --tag check_proofs hol-light/
but I get the error:
Sending build context to Docker daemon 48.9MB
Step 1/16 : FROM ocaml/opam:ubuntu-16.04_ocaml-4.03.0
pull access denied for ocaml/opam, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
Why?
The docker file is: https://github.com/brain-research/hol-light/blob/master/Dockerfile_check_proofs
FROM ocaml/opam:ubuntu-16.04_ocaml-4.03.0
WORKDIR /home/opam/
SHELL ["/bin/bash", "-c"]
ENV PATH="/home/opam/.opam/4.03.0/bin:${PATH}"
### Install num
RUN opam install num
### Install campl5
RUN git clone --depth 1 -b rel617 https://github.com/camlp5/camlp5
RUN cd camlp5 &&\
./configure &&\
make world.opt &&\
make install &&\
# meta/Makefile in camlp5 skips these files which we need, so copy them
# manually.
cp {main/pcaml,main/quotation,etc/pa_reloc,meta/q_MLast}.{cmi,cmx,o} `camlp5 -where`
### Install grpc
RUN sudo apt-get update &&\
sudo apt-get install -y build-essential autoconf libtool pkg-config clang libc++-dev
RUN git clone -b 'v1.17.1' --recurse-submodule --depth 1 https://github.com/grpc/grpc
RUN sudo make -C grpc install-headers_c install-static_c install-pkg-config_c\
install-headers_cxx install-static_cxx install-pkg-config_cxx\
install-plugins
RUN sudo make -C grpc/third_party/protobuf install
### Install farmhash
RUN git clone --depth 1 https://github.com/google/farmhash &&\
cd farmhash &&\
./configure CXXFLAGS="-DNAMESPACE_FOR_HASH_FUNCTIONS=farmhash"
RUN sudo make -C farmhash install
### Build binaries
COPY --chown=opam:0 . src/
RUN make -C src check_proofs
CMD ["./src/check_proofs"]
crossposted:
https://forums.docker.com/t/why-cant-i-get-ocaml-opam-ubuntu-16-04-ocaml-4-03-0-docker-image/84351
https://hub.docker.com/r/ocaml/opam/ hasn't been updated for 2 years and says:
At some point in the future, the tags in this repository will be deleted
This deletion is currently in progress (in fact, it has been deleting for more than a week now).
The ocaml/opam (opam 1) images generally aren't useful now because they don't work with the current opam-repository.
There are two alternatives you can use:
ocaml/opam2 contains opam 2 images. e.g. ocaml/opam2:ubuntu-16.04-ocaml-4.03
ocurrent/opam is also opam 2, but contains much smaller images (with only one version of the compiler per image). e.g. ocurrent/opam:ubuntu-16.04-ocaml-4.03
However, this repository is only temporary. It will replace ocaml/opam once Hub finishes deleting that...

Running dep ensure -vendor-only inside Docker Hangs not able to pull private Repos

My Dockerfile:
FROM golang:1.11.4
RUN apt-get update && apt-get install git bash curl -yqq
ENV ENV test
ENV GIT_TERMINAL_PROMPT=1
ENV GITHUB_TOKEN XXXXXXXXXXXXXXXXXX 
 RUN curl -Ls https://github.com/Masterminds/glide/releases/download/v0.12.3/glide-v0.12.3-linux-amd64.tar.gz | tar xz -C /tmp \
&& mv /tmp/linux-amd64/glide /usr/bin/
RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
RUN mkdir -p $GOPATH/src/github.com/<Myrepo>/
COPY . $GOPATH/src/github.com/<Myrepo>/
WORKDIR $GOPATH/src/github.com/<Myrepo>/
RUN dep ensure -vendor-only
When i am building this docker file it hangs at RUN dep ensure -vendor-only
It fails to pull the dependencies which are private repos
Is there any possiblities to store git credentials inside Docker or any way to build Docker with one or more private repos of GOlang
Use some thing like this
# ensure that the private Github repo is
# accessed using SSH instead of HTTPS
RUN ssh-keyscan github.com > /root/.ssh/known_hosts
RUN echo "$SSH_KEY" > /root/.ssh/id_rsa && chmod 0600 /root/.ssh/id_rsa
RUN echo '[url "ssh://git#github.com/*your_repo*/"]' >> /root/.gitconfig && echo 'insteadOf = https://github.com/*your_repo*/' >> /root/.gitconfig
Refer this to add ssh key to your git repo
Adding .netrc file will pass credentials inside the docker containers and helps to pull more than one private repositories to build dependencies
#vim .netrc
machine github.com
login < your github token >
add those 2 lines and pass your github token
FROM golang:1.11.4
RUN apt-get update && apt-get install git bash curl -yqq
ENV ENV test
ENV GIT_TERMINAL_PROMPT=1
ENV GITHUB_TOKEN XXXXXXXXXXXXXXXXXX 
RUN curl -Ls https://github.com/Masterminds/glide/releases/download/v0.12.3/glide-v0.12.3-linux-amd64.tar.gz | tar xz -C /tmp \
&& mv /tmp/linux-amd64/glide /usr/bin/
RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
RUN mkdir -p $GOPATH/src/github.com/<Myrepo>/
COPY . $GOPATH/src/github.com/<Myrepo>/
COPY .netrc /root/
WORKDIR $GOPATH/src/github.com/<Myrepo>/
RUN dep ensure -vendor-only

Dockerfile: Permission denied during build when running ssh-agent on /tmp

So I'm trying to create an image, which adds a SSH private key to /tmp, runs ssh-agent on it, does a git clone and then deletes the key again.
This is the idea I'm trying to accomplish
Dockerfile:
FROM node:4.2.4
MAINTAINER Me
CMD ["/bin/bash"]
ENV GIT_SSL_NO_VERIFY=1
ENV https_proxy="httpsproxy"
ENV http_proxy="httpproxy"
ENV no_proxy="exceptions"
ADD projectfolder/key /tmp/
RUN ssh-agent /tmp
WORKDIR /usr/src/app
RUN git clone git#gitlab.private.address:something/target.git
RUN rm /tmp/key
WORKDIR /usr/src/app/target
RUN npm install
EXPOSE 3001
Now the problem lies within the build-process. I use the following command to build:
docker build -t samprog/targetimage:4.2.4 -f projectfolder/dockerfile .
The layers up to "ADD projectfolder/key /tmp/" work just fine, though the "RUN ssh-agent /tmp" layer doesn't want to cooperate.
Error code:
Step 9 : RUN ssh-agent /tmp/temp
---> Running in d2ed7c8870ae
/tmp: Permission denied
The command '/bin/sh -c ssh-agent /tmp' returned a non-zero code: 1
Any ideas? Since I thought it was a permission issue, where the directory was already created by the parent image, I created a /tmp/temp and put the key in there. Doesn't work either, same error.
I'm using Docker version 1.10.3 on SLES12 SP1
I did it. What I did is, I got rid of ssh-agent. I simply copied the ~/.ssh- directory of my docker-host into the /root/.ssh of the image and it worked.
Do not use the ~ though, copy the ~/.ssh-directory inside the projectfolder first and then with the dockerfile inside the container.
Final dockerfile looked as follows:
FROM node:4.2.4
MAINTAINER me
CMD["/bin/bash"]
ENV GIT_SSL_NO_VERIFY=1
ENV https_proxy="httpsproxy"
ENV http_proxy="httpproxy"
ENV no_proxy="exceptions"
ADD projectfolder/.ssh /root/.ssh
WORKDIR /usr/src/app
RUN git clone git#gitlab.private.address:something/target.git
RUN rm -r /root/.ssh
WORKDIR /urs/src/app/target
RUN npm set registry http://local-npm-registry
RUN npm install
EXPOSE 3001
The dockerfile still has to be improved on efficiency and stuff, but it works! Eureka!
The image now has to be squashed and it should be safe to use, though we only use it in our local registry.
I have faced with the same problem with maven:3-alpine. It was solved when I properly installed openssh-client:
RUN apk --update add openssh-client
Then copied keys with known hosts to the image:
ADD id_rsa /root/.ssh/
ADD id_rsa.pub /root/.ssh/
ADD known_hosts /root/.ssh/
And ran git clone command inline (with ssh-agent and ssh-add):
RUN eval $(ssh-agent -s) \
&& ssh-add \
&& git clone ssh://git#private.address:port/project/project.git
Complete docker file:
FROM maven:3-alpine
RUN apk update
RUN apk add python
RUN apk add ansible
RUN apk add git
RUN apk --update add openssh-client
ADD id_rsa /root/.ssh/
ADD id_rsa.pub /root/.ssh/
ADD known_hosts /root/.ssh/
RUN eval $(ssh-agent -s) \
&& ssh-add \
&& git clone ssh://git#private.address:port/project/project.git
ADD hosts /etc/ansible/hosts
RUN ansible all -m ping --ask-pass
I had the same issue while executing any bash command when building my Dockerfile.
I solved by adding RUN chmod -R 777 ./ like suggested in the answer of this question. I think this is a workaround, I'm not sure why docker in ubuntu has permission issues when building a container.

Resources