16

I'm trying to set up a multi-stage docker build and needing to cloning my sources for the initial first stage build step.

However, git clone requires a username/password as the path to the repository is on a private github enterpr server. Under normal circumstances git will prompt you for the username/password. However, with git clone started from a RUN step in the Dockerfile there is no such prompt and the output is simply:

fatal: could not read Username for 'https://yourserver.com': No such device or address The command '/bin/sh -c git clone https://yourserver.com/name/yourpath' returned a non-zero code: 128

Even with the -ti flag specified in the docker build step. How do I pass the username/password or at least prompt for it? I don't want this embedded in the Dockerfile.

Kevin Kopf
  • 13,327
  • 14
  • 49
  • 66
hookenz
  • 36,432
  • 45
  • 177
  • 286
  • Is there a provision to use github access tokens or the prompt is a requirement ? – vishnu narayanan Mar 27 '18 at 01:43
  • @vishnunarayanan - not sure. Possibly. It does appear I could set up ssh access token too. But I kind of want to keep things standard if possible. It just makes it easier for others to set things up if they don't have to do anything but checkout the project and run docker build. Hate the thought of lots of steps for others. I want to stick to the KISS principle. – hookenz Mar 27 '18 at 01:46
  • 1
    Ok, looks like it's not possible and I can see why. It's by design. I need to get the username/password from the environment. https://stackoverflow.com/questions/29432712/is-there-a-way-to-add-a-prompt-during-the-docker-build-process – hookenz Mar 27 '18 at 01:52
  • I updated my answer with an idea – Kevin Kopf Mar 29 '18 at 08:34

1 Answers1

18

If you want to git clone with user/password, all you need to do is

git clone https://username:password@github.com/username/repository.git

In your case it would be

RUN git clone https://username:password@github.com/username/repository.git

A better solution would be to create a set of private/public keys without a password and ADD or COPY the private key into your Dockerfile. In that case you will need to register the public key with github. Then the simple command will suffice:

RUN git clone ssh://git@github.com/username/repository.git

UPDATE

I also had an idea based on my answer here. If you need different usernames/passwords to use, you could set an ARG in your Dockerfile: ARG USERNAME=user ARG PASSWORD=1234 And then build your image with docker build --build-arg USERNAME=user --build-arg PASSWORD=1234 .` And you will get at least some simulation of user input :)

The solution I posted above (in "spoiler" now) is not safe. As per actual docs:

Warning: It is not recommended to use build-time variables for passing secrets like github keys, user credentials etc. Build-time variable values are visible to any user of the image with the docker history command.

Kevin Kopf
  • 13,327
  • 14
  • 49
  • 66
  • Thanks, yes that would work. But I have a problem. My password has an embedded '@'. How do you get around that? – hookenz Mar 27 '18 at 01:56
  • 5
    Matt, simplest solution - change the password? – Kevin Kopf Mar 27 '18 at 01:58
  • Actually %40 works :) might try the public/private key option – hookenz Mar 27 '18 at 01:59
  • 2
    The solution labeled *UPDATE* is not safe. As documented [here](https://docs.docker.com/engine/reference/builder/#arg): "Warning: It is not recommended to use build-time variables for passing secrets like github keys, user credentials etc. Build-time variable values are visible to any user of the image with the docker history command." – Kevin Sep 18 '19 at 15:59