What is the preferred way to build golang Dockerimage with dependencies in private registry?

This is using selfhosted gitlab, community edition.

I have tried the following:

  • Make the project public: Works but is not preferable

  • Create netrc file, problem is that it needs to be mounted at ~/.netrc, which means I need to copy it to build directory first, then include it inside the builder image: This is a two step process and leads to a bunch of boilerplate

  • Mount a .netrc file in the runner, works great with golang image, but when building Dockerfile it is not mounted (feature of docker build ofc)

  • Use vendoring. This needs a whole new build job (that uses golang image instead of docker-in-docker) and caching. Also still needs .netrc stuff

  • Use NETRC variable, but its not respected by go/git

  • Mount .netrc in the runner, run go mod vendor and put in cache, and include this in subsequent build jobs. This looks cleanest but I would rather do away with vendoring completely.

  • Read about gitlab golang proxy but this does still seem to need a .netrc file in the right place?

How do you do this? I know most/all of this is due to go mod restrictions and not because of gitlab, but it would be interesting to know if there is a pattern for this “out there”.