Docker：在构建时克隆私有 GitHub 存储库

Question

我正在尝试在 docker 映像中克隆一个私有 GitHub 存储库

# this is our first build stage
FROM ubuntu as intermediate

# install git
RUN apt-get update \
  && apt-get install -y --no-install-recommends openssh-client git

RUN mkdir -p -m 0600 /root/.ssh/ \
  && ln -s /run/secrets/id_rsa /root/.ssh/id_rsa

# make sure your domain is accepted
RUN touch /root/.ssh/known_hosts
RUN ssh-keyscan github.com >> /root/.ssh/known_hosts

RUN git clone git@github.com:username/repo_name.git

CMD /bin/bash

这就是我在撰写文件中配置 ssh 密码的方式：

version: "3.7"

secrets:
  id_rsa:
    file: ~/.ssh/id_rsa

services:
  maven:
    image: image_tag
    profiles: ["test"]
    build:
      context: ./maven
    secrets:
    - id_rsa

如果我使用docker-compose build maven 构建它，则在克隆具有此存在状态的存储库时会失败。

Cloning into 'repo_name'...
Warning: Permanently added the RSA host key for IP address '140.82.121.3' to the list of known hosts.
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
The command '/bin/sh -c git clone git@github.com:username/repo_name.git' returned a non-zero code: 128

但是，如果我从 docker 文件中删除 RUN git clone git@github.com:dxpr/dxpr_maven.git 并构建映像，然后使用此命令在容器内手动运行终端 git clone git@github.com:dxpr/dxpr_maven.git，则克隆成功。

我在这里做错了什么？

Answer 1

在发布这个问题时，我刚刚开始学习 Dockers。这非常简单明了，机密仅在容器运行时可用，而不是在构建时可用。

Answer 2

尝试添加：

ssh-agent -s
ssh-add ~/.ssh/id_rsa

确保您的密钥是“可见的”。

您也可以使用 http url 进行克隆