1

I want to build Docker image that runs a PHP app. The source code is stored in a private GitHub repository.

Should I either:

  1. Copy some (my own or dedicated or my CI/CD's tool) SSH key inside the container (in the Dockerfile) and later remove it to authorize and clone the repository from GitHub, like here: Clone private git repo with dockerfile

or

  1. Use my own (or my CI/CD's tools) environment to clone the repository to the ./app directory and only COPY ./app /app it inside the Dockerfile.

If this changes anything, all my GitHub repositories are private, and I store my images in a private Docker Hub repositories.

Marian Kostko
  • 115
  • 1
  • 6

1 Answers1

2

It's generally not a good idea to load SSH keys into docker and pull source from git. You should use option 2. Use CI/CD pipeline to pull source code from repo and then copy it into your docker image.

We do this for all our production pipelines. We create deploy keys on github and then use Circle CI to pull source and build docker images.

Kon
  • 4,023
  • 4
  • 24
  • 38
  • Thanks. Does that mean that I as a developer **need** the tools (composer, npm, gulp, etc.) locally on my machine to be able to clone, build, test the code that I later put in the image to run it? What if different projects use different gulp versions, different composer, npm, etc. versions? And I just don't like installing those tools on my machine locally. – Marian Kostko Oct 30 '18 at 14:45
  • You can put them all into docker for development but to be clear this would be your development docker. For production, you would have a separate pipeline to create production docker instances. – Kon Oct 30 '18 at 14:48