1

I'm trying to Dockerize an old sbt build that needs access to a private nexus repo. I've previously been using a local credentials file referenced from the build.sbt, but that doesn't really fit my use currently since I want to bootstrap everything from a Dockerfile build. I rather not have to output stuff to a file and then copy it into my docker build container but rather just pass it as docker ARG's.

Under https://www.scala-sbt.org/1.0/docs/Publishing.html

I read I can pass it like so:

credentials += Credentials("Some Nexus Repository Manager", 
"my.artifact.repo.net", "admin", "admin123")

So therefore I figured I could do something like:

ARG REPO_USER
ARG REPO_PWD
RUN sbt ";credentials += Credentials(\"Some Nexus Repository Manager\", \"repo.host.com\", ${REPO_USER}, ${REPO_PWD}) ;package"

and then run 

docker build . --build-arg REPO_USER=foobar --build-arg REPO_PWD=*****

in my Dockerfile but that didn't work. I still get:

Unable to find credentials for [Sonatype Nexus Repository Manager @ repo.host.com]

Is there any nice way to pass repo credentials to sbt from cli?

Update:

I tried a a file approach but that didn't solve the problem so I guess I might be on the wrong track on what's actually wrong here.

RUN echo "realm=Sonatype Nexus Repository Manager" >> .credentials && \
echo "host=repo.host.se" >> .credentials && \
echo "user=$REPO_USER" >> .credentials && \
echo "password=$REPO_PWD" >> .credentials && \
export SBT_CREDENTIALS=.credentials && \
sbt package

Update 2

I think this is no longer a Docker question at all since I've debugged it in the docker container sbt simply wouldn't pick my creds up any way I passed it according to the sbt docs.

I'll answer my own question.

Viktor Hedefalk
  • 3,572
  • 3
  • 33
  • 48
  • Try `sbt ';set credentials ...'` – laughedelic Nov 02 '18 at 19:54
  • @laughedelic Still now luck. I also even tried using a cred file but it still didn't work so maybe I'm on the wrong track on what's actually wrong… – Viktor Hedefalk Nov 02 '18 at 20:19
  • why u are storing crendentails in docker image – Ijaz Ahmad Nov 02 '18 at 22:40
  • @IjazAhmadKhan Don't want to, but need the creds for building since the build need access to private repo. Doing it with multi-stage builds and I think I can fix that security issue as soon as I just get it working at all. Suggestion? – Viktor Hedefalk Nov 02 '18 at 22:58
  • do everything outside docker and then copy the results into docker image – Ijaz Ahmad Nov 02 '18 at 23:54
  • @IjazAhmadKhan Point here is reproducible builds with _within_ docker. Like gitlab.ci drone.io. – Viktor Hedefalk Nov 05 '18 at 09:55
  • yes , u can have reproducible builds , just do the builds in plain job and then trigger the docker build and use the artifact from previous job – Ijaz Ahmad Nov 05 '18 at 10:50
  • > just do the builds in plain job what is a plain job? All jobs are defined from docker images on the mentioned build servers. To be super concrete, my build is from hseeberger/scala-sbt:11.0.1_2.12.7_1.2.6. – Viktor Hedefalk Nov 05 '18 at 12:25

2 Answers2

1

The sbt docs are misleading at best or simply just wrong. After debugging this to bits in the docker container I found that there was no way I could pass the creds cli so they got picked up. The SBT_CREDENTIALS variable just doesn't work either.

This comment finally saved me: SBT is unable to find credentials when attempting to download from an Artifactory virtual repo

The least intrusive way I've got working is to add an sbt config file in the docker image's home dir:

RUN mkdir .sbt/0.13/plugins && \
echo "credentials += Credentials(\"Sonatype Nexus Repository Manager\", \"repo.host.se\", \"$REPO_USER\", \"$REPO_PWD\")" >> .sbt/0.13/plugins/creds.sbt
RUN sbt package
Viktor Hedefalk
  • 3,572
  • 3
  • 33
  • 48
1

You can use environment variables. You can set them in dockerfile either straight or from args. Something like this:

ARG REPO_USR
ARG REPO_PWD

ENV REPO_USR = ${REPO_USR}
ENV REPO_PWD = ${REPO_PWD}

Then you can use the environment variables in sbt:

val repoUser = sys.env.get("REPO_USR").getOrElse("")
val repoPass = sys.env.get("REPO_PWS").getOrElse("")

credentials += Credentials("Repo Realm", "repo.url.com", repoUser, repoPass)

Then you can basically pass args to docker build and they will be passed on to sbt.

Pietrotull
  • 477
  • 4
  • 9
  • The problem with this is the second part, I guess you mean this as an edit of build.sbt. What I wanted was a way to _not_ have to edit the sbt build, but _only_ add a Dockerfile to the repo and pass creds CLI. The least intrusive way I've found is to let the Dockerfile add a separate sbt file under the image's $HOME/.sbt because there seems to be no way of passing creds to sbt without going through a file. – Viktor Hedefalk Nov 05 '18 at 09:59