Last active
April 7, 2022 12:17
-
-
Save aramalipoor/1cbcc0888a2960ec540c59e8cbc40c90 to your computer and use it in GitHub Desktop.
How to use Input Secrets to clone multiple repositories in OpenShift's BuildConfig?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM debian | |
| RUN apt-get update -y && \ | |
| # SSH and git binaries are required | |
| apt-get install -y curl ssh git && \ | |
| # Prepare required configurations and directories | |
| mkdir -p /root/.ssh && \ | |
| git config --global user.name "example" && \ | |
| git config --global user.email "[email protected]" && \ | |
| touch /root/.ssh/known_hosts && \ | |
| # We must add our git host to known_hosts file | |
| ssh-keyscan github.com >> ~/.ssh/known_hosts | |
| # Here is the most important yet tricky part. | |
| # When you add secrets to a BuildConfig with Docker strategy, | |
| # the secrets are being copied over relative to the actual Dockerfile, | |
| # so you would need to ADD/COPY the secrets to docker context (i.e. inside the container) | |
| ADD secrets /etc/secrets | |
| # Since git will use ssh-agent binary we must identify our SSH private key | |
| RUN eval "$(ssh-agent)" && ssh-agent -s && \ | |
| chmod -R 0600 /etc/secrets && \ | |
| ssh-add /etc/secrets/**/* && \ | |
| # Use ssh remote to clone as usual | |
| git clone [email protected]:my-org/my-library.git && \ | |
| ls -lash my-library/ && \ | |
| # Do not keep SSH keys inside the image and remove them for better security | |
| rm -rf /etc/secrets |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment