在Docker中使用私有gitlab模块构建Go应用 [英] Building Go apps with private gitlab modules in Docker
问题描述
我正在尝试在docker文件上构建go应用.在我的go.mod内部,有一个需要身份验证/ssh的私有软件包.这个问题类似于在Docker中使用私有模块构建Go应用,但就我而言,我必须从 gitlab
中提取软件包,而不是从 github
中提取软件包.这是我的dockerfile:
I am trying to build my go apps on a docker file. Inside my go.mod there is private package that needs authentication/ssh. This question is similar to Building Go apps with private modules in Docker, but in my case is i have to pull package from gitlab
not from github
. Here is my dockerfile:
# builder image
FROM golang:1.14.11-alpine AS builder
# specific directory for build process
WORKDIR /usr/src/build
# copying the source code
# to the current working directory
COPY . .
RUN apk add --no-cache openssh-client
RUN apk add --no-cache git
# create ssh directory
RUN mkdir ~/.ssh
RUN touch ~/.ssh/known_hosts
RUN ssh-keyscan -t rsa gitlab.com >> ~/.ssh/known_hosts
# allow private repo pull
RUN git config --global url."https://my-personal-access-token:token@gitlab.com/".insteadOf "https://gitlab.com/"
ADD . /go/src/gitlab.com/my-repo/backends/backend-structs
CMD cd /go/src/gitlab.com/my-repo/backends/backend-structs; go get /go/src/gitlab.com/my-repo/backends/backend-structs && go build -o /go/bin/backend-structs
# executing build process
RUN GOOS=linux go build -ldflags="-s -w" -o app
# runtime image
FROM golang:1.14.11-alpine AS runtime
# create and use non-root user
# to increase container security
# ref https://pythonspeed.com/articles/root-capabilities-docker-security/
RUN adduser myuser --disabled-password
USER myuser
WORKDIR /home/myuser
# copy the executable binary file from builder directory
# to the current working directory
COPY --from=builder /usr/src/build/app .
# exposing port
EXPOSE 8080
# run the application
CMD ["./app"]
我尝试遵循本教程 https://divan.dev/posts/go_get_private/,将 github.com
更改为 gitlab.com
仍然失败.
i have tried to follow this tutorial https://divan.dev/posts/go_get_private/ , by changing github.com
to gitlab.com
still failed.
这是错误详细信息:
#17 5.830 remote: HTTP Basic: Access denied
#17 5.830 fatal: Authentication failed for 'https://gitlab.com/my-repo/backends.git/'
------
executor failed running [/bin/sh -c GOOS=linux go build -ldflags="-s -w" -o app]: exit code: 1
这里的任何人都知道如何使用golang私有软件包(repo托管在gitlab.com中)创建dockerfile吗?
anyone here knows how to create dockerfile with golang private package(repo is hosted in gitlab.com) ?
推荐答案
以我的经验,请勿使用git configs解决此问题.仅使用〜/.netrc
.这是专门为此制作的指南: https://gist.github.com/MicahParks/1ba2b19c39d1e5fccc3e892837/a>
In my experience, do NOT use git configs to solve this. Only use ~/.netrc
. Here is a guide a made specifically for this: https://gist.github.com/MicahParks/1ba2b19c39d1e5fccc3e892837b10e21
我也会在下面粘贴其内容.
I'll paste its contents below as well.
go
命令行工具需要能够从您的私有GitLab中获取依赖项,但需要验证.
The go
command line tool needs to be able to fetch dependencies from your private GitLab, but authenticaiton is required.
这假设您的私人GitLab托管在 privategitlab.company.com
.
This assumes your private GitLab is hosted at privategitlab.company.com
.
建议使用以下环境变量:
The following environment variables are recommended:
export GO111MODULE=on
export GOPRIVATE=privategitlab.company.com
以上几行可能最适合您的Shell启动,例如〜/.bashrc
.
The above lines might fit best in your shell startup, like a ~/.bashrc
.
GO111MODULE = on
告诉Golang命令行工具您正在使用模块.我没有用不使用的项目测试过私有GitLab上的Golang模块.
GO111MODULE=on
tells Golang command line tools you are using modules. I have not tested this with projects not using
Golang modules on a private GitLab.
GOPRIVATE = privategitlab.company.com
告诉Golang命令行工具不要将公共Internet资源用作主机名列出(例如公共模块代理).
GOPRIVATE=privategitlab.company.com
tells Golang command line tools to not use public internet resources for the hostnames
listed (like the public module proxy).
To future proof these instructions, please follow this guide from the GitLab docs.
I know that the read_api
scope is required for Golang command line tools to work, and I may suspect read_repository
as
well, but have not confirmed this.
为了使Golang命令行工具能够通过GitLab进行身份验证,最好使用〜/.netrc
文件.
In order for the Golang command line tools to authenticate to GitLab, a ~/.netrc
file is best to use.
要创建文件(如果文件不存在),请运行以下命令:
To create the file if it does not exist, run the following commands:
touch ~/.netrc
chmod 600 ~/.netrc
现在编辑文件内容以匹配以下内容:
Now edit the contents of the file to match the following:
machine privategitlab.company.com login USERNAME_HERE password TOKEN_HERE
其中 USERNAME_HERE
替换为您的GitLab用户名,而 TOKEN_HERE
替换为您在GitLab中获得的访问令牌上一节.
Where USERNAME_HERE
is replaced with your GitLab username and TOKEN_HERE
is replaced with the access token aquired in the
previous section.
不要不使用以下内容来设置全局git配置:
Do not set up a global git configuration with something along the lines of this:
git config --global url."git@privategitlab.company.com:".insteadOf "https://privategitlab.company.com"
我相信在撰写本文时,Golang命令行工具未完全支持SSH git,这可能会导致与〜/.netrc
冲突.
I beleive at the time of writing this, the SSH git is not fully supported by Golang command line tools and this may cause
conflicts with the ~/.netrc
.
对于常规使用 git
工具而不是Golang命令行工具,设置〜/.ssh/config
文件是很方便的.为此,请运行以下命令:
For regular use of the git
tool, not the Golang command line tools, it's convient to have a ~/.ssh/config
file set up.
In order to do this, run the following commands:
mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/config
chmod 600 ~/.ssh/config
请注意,上面文件和目录的权限是SSH的基本要求,SSH可以在以下默认配置下使用大多数Linux系统.
Please note the permissions on the files and directory above are essentail for SSH to work in it's default configuration on most Linux systems.
然后,编辑〜/.ssh/config
文件以匹配以下内容:
Then, edit the ~/.ssh/config
file to match the following:
Host privategitlab.company.com
Hostname privategitlab.company.com
User USERNAME_HERE
IdentityFile ~/.ssh/id_rsa
请注意上述文件中的间距很重要,如果文件不正确,则会使文件无效.
Please note the spacing in the above file matters and will invalidate the file if it is incorrect.
其中 USERNAME_HERE
是您的GitLab用户名,〜/.ssh/id_rsa
是文件系统中SSH private 密钥的路径.您已经将其 public 密钥上传到了GitLab.这是一些说明.
Where USERNAME_HERE
is your GitLab username and ~/.ssh/id_rsa
is the path to your SSH private key in your file system.
You've already uploaded its public key to GitLab. Here are some instructions.
这篇关于在Docker中使用私有gitlab模块构建Go应用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!