I'm trying to create a build setup using docker-compose which requires pulling npm packages from a private repository.
My setup looks like this:
// docker-compose.yml
version: "3.9"
services:
node:
build:
context: .
volumes:
- ./:/home/node/app
- /etc/passwd:/etc/passwd:ro
- /etc/group:/etc/group:ro
- /etc/hosts:/etc/hosts:ro
ports:
- 3000:3000
environment:
//- USER_UID=${USER_UID:-1000}
//- USER_GID=${USER_GID:-1000}
secrets:
- user_private_ssh_key
- user_public_ssh_key
- ssh_config
secrets:
user_private_ssh_key:
file: ~/.ssh/id_rsa
user_public_ssh_key:
file: ~/.ssh/id_rsa.pub
ssh_config:
file: ~/.ssh/config
# DOCKERFILE
FROM node:14
RUN apt-get update && apt-get install -y openssh-client
RUN mkdir -p /home/node/.ssh
RUN ln -s /run/secrets/user_private_ssh_key /home/node/.ssh/id_rsa
RUN ln -s /run/secrets/user_public_ssh_key /home/node/.ssh/id_rsa.pub
RUN ln -s /run/secrets/ssh_config /home/node/.ssh/config
RUN chown -R node:node /home/node/.ssh
# RUN chmod 600 /home/node/.ssh/*
# RUN chmod 644 /home/node/.ssh/config
RUN ls -la /home/node/.ssh
USER node:node
WORKDIR /home/node/app
COPY . /home/node/app
# if the next line works, the following will as well
RUN ssh -v git@git.example.com
# RUN yarn install --verbose
CMD ["yarn", "dev"]
I can see that my secrets are being added to the container. Their content is correct as well.
What doesn't work is, that the ssh_config is not being read by openssh-client. So it connects to the wrong port (22) for the packages on git.example.com. The correct port in this case would be e.g. 3333.
// error message
OpenSSH_7.4p1 Debian-10+deb9u7, OpenSSL 1.0.2u 20 Dec 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug1: Connecting to git.example.com [IP_ADDRESS] port 22.
What configuration am I missing for this to work?
