Containerize a golang app using private GitHub repos as import packages
What’s the problem?
We do containerize a lot of applications and services every day using docker so what’s the point of this article? The problem starts when you realise how go advises you to import and use GitHub packages. The correct way of importing GitHub or any external package is by using the URL concerning the package except of course those handled by the default go SDK. Now, what if its a private repository that you are importing? Golang as of now doesn’t support a way to handle that. Its a much bigger issue if you have to containerize an app which uses private repo imports.
The workaround I found to the above is basically by changing the default git config to use
ssh instead of
https and hence
go get uses
ssh.You can do it as follows:
Add to $HOME/.gitconfig:
insteadOf = https://github.com/MYORGANIZATION/
NOTE: Make sure you can the correct SSH_KEY(generally named as
id_rsa) associated with the GitHub account which has the access to the private repo to you are importing.
Steps to follow while containerizing the same application:
- Supply the correct SSH_KEY inside the docker build to make sure it can make authenticated requests to fetch your private GitHub imports.
- Add the above-shown changes to the
.gitconfigfile inside your docker env.
All of these above two steps turn into the following chunk of the script that can be added to your Dockerfile directly. Just make sure to supply the
SSH_KEY during the build
RUN mkdir -p /root/.ssh && \
echo "$SSH_KEY" > /root/.ssh/id_rsa && \
chmod 0600 /root/.ssh/id_rsa && \
eval `ssh-agent` && \
ssh-add /root/.ssh/id_rsa && \
ssh-keyscan github.com >> /root/.ssh/known_hosts && \
echo "[url \"ssh://firstname.lastname@example.org/\"]\n\tinsteadOf = https://github.com/" >> /root/.gitconfig && \
echo "Host github.com\n\tStrictHostKeyChecking no\n" >> /root/.ssh/config
- The entire above concept is implemented here -
Implementation of contanerizing a golang app using private repositories as imports - anuragdhingra/pdocker-go
Just added an additional makefile which takes an optional
ssh_key_path in case the user has a custom key path and supplies it during the build.
Using the wait-for-it.sh script to coordinate the containers.
- The best improvement would surely be if golang gives out some kind of default support for
go getover private packages. Is should be possible to add a flag that causes go to clone over ssh (or any other potential future protocol). A flag would be easy to use in CI where necessary and is more easily explained than editing a