-1

I want to build my Go application during the Docker image build and set image entrypoint to built Go application. Problem is that my Go application is subpackage of the main package and uses some other submodules from the main package. This main package is on Github as private repository so I cannot just go get inside the container.

I've tried to setup Glide dependency manager and get all dependencies outside of the container into the vendor/ directory but there is another problem - glide.lock would have to be updated after each commit in main private repository. This is not solution for me because I want to have other dependencies locked.

Is there any way to build application with latest version of main package dependency and locked versions of other dependencies?

kubaj
  • 63
  • 1
  • 7
  • https://blog.golang.org/docker here is good article for packing the docker container. you can define all of your required sub package and entry point of your application in DockerFile – ahankendi Dec 04 '16 at 13:15
  • This doesn't work due to private repositories that need to be cloned manually into GOPATH or using glide that supports ssh. Also I need dependencies version locked. – kubaj Dec 04 '16 at 14:49

2 Answers2

1

This isnt a Go question. It's a Docker and Security question.

First off, it isnt ideal to build Go apps as part of the build. Typically you would build the binary locallly on ur machine targeting the Dockerfile FROM you have set. There is zero reason not to, as there is a Go complier for every machine, and you can GOOS and GOARCH target any machine.

But for your usecase, using a private repo, it is even more critical not to build within your container because regardless of how you get the code into your container to build, you'll have a container with private files or worse your ssh key. A container that you have to upload and host and run somewhere.

That is not ideal, however you look at it.

However, if you are determined to leak your code and/or key, you only have two options:

  • git clone the private repo on your local/build machine yhat is authorized to access the private repo and use COPY within ur Dockerfile to copy it.

  • Use Dockerfile COPY to copy your local machine's SSH key that you have authorized for your remote repo, into the container so that you can RUN git commands (which you'll also need git and ssh installed).

Again, those are not ideal. Build the Go app locally, target the container's type, and copy the binary over. It really couldnt be easier.

As for dependency management, i've never used glide; but, i wrote a popular answer about versioning dependencies with /vendor.

How should I use vendor in Go 1.6?

Community
  • 1
  • 1
eduncan911
  • 17,165
  • 13
  • 68
  • 104
-1

If you only care about being able to go get your private repos from the docker container and do not mind to copy your id_rsa when building it, you can just add this to the beginning of your Dockerfile:

RUN echo "[url \"git@github.com:\"]\n\tinsteadOf = https://github.com/" >> /root/.gitconfig
RUN mkdir /root/.ssh && echo "StrictHostKeyChecking no " > /root/.ssh/config
COPY id_rsa /root/.ssh/id_rsa
Marc Guasch
  • 19
  • 3