在 Docker 中使用私有 gitlab 模块构建 Go 应用程序 [英] Building Go apps with private gitlab modules in Docker

问题描述

我正在尝试在 docker 文件上构建我的 go 应用程序.在我的 go.mod 中有需要身份验证/ssh 的私有包.这个问题类似于在Docker中使用私有模块构建Go应用，但就我而言，我必须从 gitlab 中提取包，而不是从 github 中提取.这是我的 dockerfile:

I am trying to build my go apps on a docker file. Inside my go.mod there is private package that needs authentication/ssh. This question is similar to Building Go apps with private modules in Docker, but in my case is i have to pull package from gitlab not from github. Here is my dockerfile:

# builder image
FROM golang:1.14.11-alpine AS builder

# specific directory for build process
WORKDIR /usr/src/build

# copying the source code 
# to the current working directory
COPY . .
RUN apk add --no-cache openssh-client
RUN apk add --no-cache git

# create ssh directory
RUN mkdir ~/.ssh
RUN touch ~/.ssh/known_hosts
RUN ssh-keyscan -t rsa gitlab.com >> ~/.ssh/known_hosts

# allow private repo pull
RUN git config --global url."https://my-personal-access-token:token@gitlab.com/".insteadOf "https://gitlab.com/"

ADD . /go/src/gitlab.com/my-repo/backends/backend-structs
CMD cd /go/src/gitlab.com/my-repo/backends/backend-structs; go get /go/src/gitlab.com/my-repo/backends/backend-structs && go build -o /go/bin/backend-structs


# executing build process
RUN GOOS=linux go build -ldflags="-s -w" -o app

# runtime image
FROM golang:1.14.11-alpine AS runtime

# create and use non-root user
# to increase container security 
# ref https://pythonspeed.com/articles/root-capabilities-docker-security/
RUN adduser myuser --disabled-password

USER myuser

WORKDIR /home/myuser

# copy the executable binary file from builder directory
# to the current working directory
COPY --from=builder /usr/src/build/app .

# exposing port
EXPOSE 8080

# run the application
CMD ["./app"]

我尝试按照本教程https://divan.dev/posts/go_get_private/ ，通过将 github.com 更改为 gitlab.com 仍然失败.

i have tried to follow this tutorial https://divan.dev/posts/go_get_private/ , by changing github.com to gitlab.com still failed.

这是错误的详细信息:

#17 5.830       remote: HTTP Basic: Access denied
#17 5.830       fatal: Authentication failed for 'https://gitlab.com/my-repo/backends.git/'
------
executor failed running [/bin/sh -c GOOS=linux go build -ldflags="-s -w" -o app]: exit code: 1

这里有谁知道如何使用 golang 私有包创建 dockerfile(repo 托管在 gitlab.com 中)?

anyone here knows how to create dockerfile with golang private package(repo is hosted in gitlab.com) ?

推荐答案

根据我的经验，不要使用 git configs 来解决这个问题.只使用 ~/.netrc.这是专门为此制作的指南:https://gist.github.com/MicahParks/1ba2b19d1e5fccc3e892837e/a>

In my experience, do NOT use git configs to solve this. Only use ~/.netrc. Here is a guide a made specifically for this: https://gist.github.com/MicahParks/1ba2b19c39d1e5fccc3e892837b10e21

我也将其内容粘贴在下面.

I'll paste its contents below as well.

go 命令行工具需要能够从您的私有 GitLab 获取依赖项，但需要身份验证.

The go command line tool needs to be able to fetch dependencies from your private GitLab, but authenticaiton is required.

这假设您的私人 GitLab 托管在 privategitlab.company.com.

This assumes your private GitLab is hosted at privategitlab.company.com.

推荐使用以下环境变量:

The following environment variables are recommended:

export GO111MODULE=on
export GOPRIVATE=privategitlab.company.com

以上几行可能最适合您的 shell 启动，例如 ~/.bashrc.

The above lines might fit best in your shell startup, like a ~/.bashrc.

GO111MODULE=on 告诉 Golang 命令行工具您正在使用模块.我没有用不使用的项目对此进行测试私有 GitLab 上的 Golang 模块.

GO111MODULE=on tells Golang command line tools you are using modules. I have not tested this with projects not using Golang modules on a private GitLab.

GOPRIVATE=privategitlab.company.com 告诉 Golang 命令行工具不要使用公共互联网资源作为主机名列出(如公共模块代理).

GOPRIVATE=privategitlab.company.com tells Golang command line tools to not use public internet resources for the hostnames listed (like the public module proxy).

为了将来证明这些说明，请遵循 来自 GitLab 文档的本指南.我知道 Golang 命令行工具需要 read_api 范围，我可能怀疑 read_repository 为好吧，但尚未证实这一点.

To future proof these instructions, please follow this guide from the GitLab docs. I know that the read_api scope is required for Golang command line tools to work, and I may suspect read_repository as well, but have not confirmed this.

为了让 Golang 命令行工具向 GitLab 进行身份验证，最好使用 ~/.netrc 文件.

In order for the Golang command line tools to authenticate to GitLab, a ~/.netrc file is best to use.

要创建不存在的文件，请运行以下命令:

To create the file if it does not exist, run the following commands:

touch ~/.netrc
chmod 600 ~/.netrc

现在编辑文件的内容以匹配以下内容:

Now edit the contents of the file to match the following:

machine privategitlab.company.com login USERNAME_HERE password TOKEN_HERE

其中 USERNAME_HERE 替换为您的 GitLab 用户名，TOKEN_HERE 替换为在上一节.

Where USERNAME_HERE is replaced with your GitLab username and TOKEN_HERE is replaced with the access token aquired in the previous section.

不要不要使用类似以下内容的内容设置全局 git 配置:

Do not set up a global git configuration with something along the lines of this:

git config --global url."git@privategitlab.company.com:".insteadOf "https://privategitlab.company.com"

我相信在撰写本文时，Golang 命令行工具不完全支持 SSH git，这可能会导致与 ~/.netrc 冲突.

I beleive at the time of writing this, the SSH git is not fully supported by Golang command line tools and this may cause conflicts with the ~/.netrc.

对于git 工具的常规使用，而不是Golang 命令行工具，设置一个~/.ssh/config 文件很方便.为此，请运行以下命令:

For regular use of the git tool, not the Golang command line tools, it's convient to have a ~/.ssh/config file set up. In order to do this, run the following commands:

mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/config
chmod 600 ~/.ssh/config

请注意上面的文件和目录的权限对于 SSH 在它的默认配置中工作是必不可少的大多数 Linux 系统.

Please note the permissions on the files and directory above are essentail for SSH to work in it's default configuration on most Linux systems.

然后，编辑 ~/.ssh/config 文件以匹配以下内容:

Then, edit the ~/.ssh/config file to match the following:

Host privategitlab.company.com
  Hostname privategitlab.company.com
  User USERNAME_HERE
  IdentityFile ~/.ssh/id_rsa

请注意上述文件中的空格很重要，如果不正确将使文件无效.

Please note the spacing in the above file matters and will invalidate the file if it is incorrect.

其中 USERNAME_HERE 是您的 GitLab 用户名，~/.ssh/id_rsa 是文件系统中 SSH private 密钥的路径.您已经将其public 密钥上传到 GitLab.这里是 一些说明.

Where USERNAME_HERE is your GitLab username and ~/.ssh/id_rsa is the path to your SSH private key in your file system. You've already uploaded its public key to GitLab. Here are some instructions.

这篇关于在 Docker 中使用私有 gitlab 模块构建 Go 应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！