Hi there!
I’m having a bit of trouble getting my head around some of the moving parts with GitLab CI - I’m using a docker executor and wondering if the intention is that within my Dockerfile I should be able to access private repositories via e.g. npm after following the process from here? https://docs.gitlab.com/ce/ci/ssh_keys/README.html#ssh-keys-when-using-the-docker-executor and quoting this line:-
That’s it! You can now have access to private servers or repositories in your build environment.
The goal is to have my npm based project building docker images / pushing to the registry on every commit, but there are private repositories within the package.json file I’m needing to clone and currently getting “permission denied” errors.
I’ve my deploy keys working when I do it from outside the docker container, but within I’m still just getting a “No identities found” error from ssh-add -l within the Dockerfile. Should the identity created in the before_script block somehow be getting passed to within the Dockerfile?
.gitlab-ci.yml:-
variables:
REGISTRY: git.local:4567
http_proxy: http://corpproxy:8888
https_proxy: http://corpproxy:8888
GIT_SSL_NO_VERIFY: "true"
stages:
- build
build:
image: docker:1.10.3
stage: build
before_script:
- 'which ssh-agent || ( apk update && apk add openssh )'
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" > /tmp/key && chmod 600 /tmp/key
- cat /tmp/key
- ssh-add /tmp/key
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
script:
- docker login -e test@test.com -u gitlab-ci-token -p $CI_BUILD_TOKEN $REGISTRY
- docker build -t $REGISTRY/nyx/nyx --build-arg http_proxy=$http_proxy --build-arg https_proxy=$https_proxy .
- docker push $REGISTRY/nyx/nyx
tags:
- docker
My Dockerfile:-
FROM node:boron
RUN mkdir /root/.ssh/
RUN ssh-keyscan -H git.local >> /root/.ssh/known_hosts
RUN npm config set strict-ssl false
RUN npm config set registry http://registry.npmjs.org/
RUN npm config set proxy ${http_proxy}
RUN npm config set https-proxy ${http_proxy}
# Create app directory
RUN mkdir -p /var/www/nyx
WORKDIR /var/www/nyx
# Install app dependencies
COPY package.json /var/www/nyx
RUN eval $(ssh-agent -s) && ssh-add -l
RUN npm install git+ssh://git@git.local:project/dependency.git (would normally just be npm install with this dependency listed)
# Bundle app source
COPY . /var/www/nyx
EXPOSE 3000
CMD [ "npm", "run", "dev" ]
Relevant output before the npm install fails:-
Step 6 : RUN npm config set registry http://registry.npmjs.org/
---> Using cache
---> 614c1cdf8c94
Step 7 : RUN npm config set proxy ${http_proxy}
---> Using cache
---> db8e3cff0d9d
Step 8 : RUN npm config set https-proxy ${http_proxy}
---> Using cache
---> 802ce0a77639
Step 9 : RUN mkdir -p /var/www/nyx
---> Using cache
---> 7012886fe112
Step 10 : WORKDIR /var/www/nyx
---> Using cache
---> 662fdc169c69
Step 11 : COPY package.json /var/www/nyx
---> Using cache
---> 96fb443a0262
Step 12 : RUN eval $(ssh-agent -s) && ssh-add -l
---> Running in 5bc7a5a28814
Agent pid 8
The agent has no identities.
The command '/bin/sh -c eval $(ssh-agent -s) && ssh-add -l' returned a non-zero code: 1
I’d appreciate any suggestions or an alternative workflow on how I should be doing this, at my wits end!