I am trying to build a docker image on an Ubuntu machine, where one of the dependencies is
an internally hosted Gitlab project (IT IS NOT HOSTED ON GITLAB.COM).
The docker file is:
FROM rayproject/ray:1.12.0-py39-cpu
RUN git config --global user.name <MY USER NAME>
RUN git config --global http.sslVerify false
COPY .ssh/id_rsa /home/ray/.ssh/id_rsa
RUN sudo chmod -R 777 ~/.ssh/*
RUN eval "$(ssh-agent -s)"
RUN eval `ssh-agent -s` && ssh-add $HOME/.ssh/id_rsa
RUN pip install git+https://gitlab.<EMPLOYERS DOMAIN>.com/xyz/my_project.git
I am attempting to build the docker file with:
docker build .
I receive this error message when building the docker image:
Step 8/29 : RUN pip install git+https://gitlab.<EMPLOYERS DOMAIN>.com/xyz/my_project.git
---> Running in b9e11319c84d
Collecting git+https://gitlab.<EMPLOYERS DOMAIN>.com/xyz/my_project.git
Cloning https://gitlab.<EMPLOYERS DOMAIN>.com/xyz/my_project.git to /tmp/pip-req-build-l1qklujg
Running command git clone -q https://gitlab.<EMPLOYERS DOMAIN>.com/xyz/my_project.git /tmp/pip-req-build-l1qklujg
fatal: could not read Username for 'https://gitlab.<EMPLOYERS DOMAIN>.com': No such device or address
WARNING: Discarding git+https://gitlab.<EMPLOYERS DOMAIN>.com/xyz/my_project.git. Command errored out with exit status 128: git clone -q https://gitlab.<EMPLOYERS DOMAIN>.com/xyz/my_project.git /tmp/pip-req-build-l1qklujg Check the logs for full command output.
ERROR: Command errored out with exit status 128: git clone -q https://gitlab.<EMPLOYERS DOMAIN>.com/xyz/my_project.git /tmp/pip-req-build-l1qklujg Check the logs for full command output.
However, from my machine, I can run
pip install https://gitlab.<EMPLOYERS DOMAIN>.com/xyz/my_project.git
without being asked to enter my username/password.
I’m unsure whether or not my machine was configured to use the RSA key to login into the internal Gitlab.
How can I install the package when building the docker image?
2
Answers
Use
ssh
instead ofhttps
. i.e.Just to recall a security issue that wouldn’t fit in a mere comment:
Every datum that we
COPY
within the Dockerfile is kept forever(even if we do
RUN rm -fr something
afterwards!),so this means here that anyone that can pull the Docker image can retrieve the contents of the
/home/ray/.ssh/id_rsa
fileā¦ to avoid this, two ways:COPY my_project my_project
thenRUN pip install ./my_project
)docker build --ssh
feature.