I am trying to clone a private Git repo hosted on Bitbucket Cloud from inside a docker image. I build the image using docker-compose (ver 3.9).
I have added the public key as an Access Key in the Repo settings in Bitbucket.
Here is the error I get:
=> ERROR [16/19] RUN git clone [email protected]:some_repo/imp_hmi.git 0.7s
------
> [16/19] RUN git clone [email protected]:some_repo/imp_hmi.git:
#0 0.331 Cloning into 'imp_hmi'...
#0 0.636 Host key verification failed.
#0 0.636 fatal: Could not read from remote repository.
#0 0.636
#0 0.636 Please make sure you have the correct access rights
#0 0.636 and the repository exists.
I can clone the repo using the same SSH keys on the host machine.
Now, for the Dockerfile:
# Update this value when the version changes.
ARG UNITY_VERSION=2020.3.13f1
#ARG HMI_CONFIG=niro_av71oxu.yaml
FROM unityci/editor:ubuntu-${UNITY_VERSION}-linux-il2cpp-1.0.1 AS base
USER root
ENV HOME /home/root
# # don't ask interactive questions
ENV DEBIAN_FRONTEND noninteractive
# Create user bobsaccamano
RUN useradd -m -r bobsaccamano
RUN usermod -aG adm,cdrom,sudo,audio,dip,video,plugdev bobsaccamano
# Setup SSH keys
RUN mkdir -p -m 0700 /home/bobsaccamano/.ssh
COPY id-docker-unity /home/bobsaccamano/.ssh/
RUN chown bobsaccamano:bobsaccamano /home/bobsaccamano/.ssh/id-docker-unity
RUN chmod 600 /home/bobsaccamano/.ssh/id-docker-unity
COPY id-docker-unity.pub /home/bobsaccamano/.ssh/
RUN chown bobsaccamano:bobsaccamano /home/bobsaccamano/.ssh/id-docker-unity.pub
RUN touch /home/bobsaccamano/.ssh/known_hosts && chown bobsaccamano:bobsaccamano /home/bobsaccamano/.ssh/known_hosts
RUN ssh-keyscan bitbucket.org >> /home/bobsaccamano/.ssh/known_hosts
RUN cat /home/bobsaccamano/.ssh/id-docker-unity
# Change to bobsaccamano user
USER bobsaccamano
ENV HOME /home/bobsaccamano
ENV HMI_BUILT ${HOME}/HMI_built
# Create folders
RUN mkdir -p -m 0700 /home/bobsaccamano/proj/
RUN mkdir -p -m 0700 ${HMI_BUILT}
# Pull Repositories
WORKDIR /home/bobsaccamano/proj/
RUN git clone [email protected]:some_repo/imp_hmi.git
# Build HMI
RUN cd imp_hmi && chmod +x build_hmi.sh
RUN . build_hmi.sh DEV
WORKDIR ${HOME}
#RUN apt-get -y update
# WORKDIR /home/unity_volume
The docker-compose.yml file:
version: "3.9"
services:
unity_base:
build:
context: .
dockerfile: Dockerfile.unity
# args:
# progress: plain
volumes:
- hmi_built:/home/bobsaccamano/HMI_built
container_name: unity-base
hmi_app:
build:
context: .
dockerfile: Dockerfile.hmi
depends_on:
- unity_base
volumes:
- hmi_built:/home/bobsaccamano/HMI_built
container_name: hmi-app
volumes:
hmi_built:
Any help is much appreciated!
2
Answers
You should use Personal Access Token instead. Check the PAT docs. They also allow more control over what a user that has the PAT can do.
Don’t put your ssh keys inside the docker image. If you start distributing the image you will also distribute your ssh keys.
On a more general note, the workflow that you are trying to apply is wrong in my opinion. Doesn’t really make sense to make those operations in a Dockerfile. What I would do instead is fork the git repo (if it is not already yours of course) and add a
Dockerfileanddocker-compose.ymlto it. Then whoever has access to the project can also build an image out of it directly.you need to add add this lines in dockerfile
RUN eval "$(ssh-agent -s)" && chmod 600 /root/bobsaccamano/.ssh/id_rsa && ssh-add /home/bobsaccamano/.ssh/id_rsaRUN ssh -o UserKnownHostsFile=//home/bobsaccamano/.ssh/known_hosts -o StrictHostKeyChecking=no [email protected]