Building Go apps with private gitlab modules in Docker

Issue

I am trying to build my go apps on a docker file. Inside my go.mod there is private package that needs authentication/ssh. This question is similar to Building Go apps with private modules in Docker, but in my case is i have to pull package from gitlab not from github. Here is my dockerfile:

# builder image
FROM golang:1.14.11-alpine AS builder

# specific directory for build process
WORKDIR /usr/src/build

# copying the source code 
# to the current working directory
COPY . .
RUN apk add --no-cache openssh-client
RUN apk add --no-cache git

# create ssh directory
RUN mkdir ~/.ssh
RUN touch ~/.ssh/known_hosts
RUN ssh-keyscan -t rsa gitlab.com >> ~/.ssh/known_hosts

# allow private repo pull
RUN git config --global url."https://my-personal-access-token:token@gitlab.com/".insteadOf "https://gitlab.com/"

ADD . /go/src/gitlab.com/my-repo/backends/backend-structs
CMD cd /go/src/gitlab.com/my-repo/backends/backend-structs; go get /go/src/gitlab.com/my-repo/backends/backend-structs && go build -o /go/bin/backend-structs


# executing build process
RUN GOOS=linux go build -ldflags="-s -w" -o app

# runtime image
FROM golang:1.14.11-alpine AS runtime

# create and use non-root user
# to increase container security 
# ref https://pythonspeed.com/articles/root-capabilities-docker-security/
RUN adduser myuser --disabled-password

USER myuser

WORKDIR /home/myuser

# copy the executable binary file from builder directory
# to the current working directory
COPY --from=builder /usr/src/build/app .

# exposing port
EXPOSE 8080

# run the application
CMD ["./app"]

i have tried to follow this tutorial https://divan.dev/posts/go_get_private/ , by changing github.com to gitlab.com still failed.

Here is the error details:

#17 5.830       remote: HTTP Basic: Access denied
#17 5.830       fatal: Authentication failed for 'https://gitlab.com/my-repo/backends.git/'
------
executor failed running [/bin/sh -c GOOS=linux go build -ldflags="-s -w" -o app]: exit code: 1

anyone here knows how to create dockerfile with golang private package(repo is hosted in gitlab.com) ?

Solution

In my experience, do NOT use git configs to solve this. Only use ~/.netrc. Here is a guide a made specifically for this: https://gist.github.com/MicahParks/1ba2b19c39d1e5fccc3e892837b10e21

I’ll paste its contents below as well.

Problem

The go command line tool needs to be able to fetch dependencies from your private GitLab, but authenticaiton is required.

This assumes your private GitLab is hosted at privategitlab.company.com.

Environment variables

The following environment variables are recommended:

export GO111MODULE=on
export GOPRIVATE=privategitlab.company.com

The above lines might fit best in your shell startup, like a ~/.bashrc.

Explanation

GO111MODULE=on tells Golang command line tools you are using modules. I have not tested this with projects not using
Golang modules on a private GitLab.

GOPRIVATE=privategitlab.company.com tells Golang command line tools to not use public internet resources for the hostnames
listed (like the public module proxy).

Get a personal access token from your private GitLab

To future proof these instructions, please follow this guide from the GitLab docs.
I know that the read_api scope is required for Golang command line tools to work, and I may suspect read_repository as
well, but have not confirmed this.

Set up the ~/.netrc

In order for the Golang command line tools to authenticate to GitLab, a ~/.netrc file is best to use.

To create the file if it does not exist, run the following commands:

touch ~/.netrc
chmod 600 ~/.netrc

Now edit the contents of the file to match the following:

machine privategitlab.company.com login USERNAME_HERE password TOKEN_HERE

Where USERNAME_HERE is replaced with your GitLab username and TOKEN_HERE is replaced with the access token aquired in the
previous section.

Common mistakes

Do not set up a global git configuration with something along the lines of this:

git config --global url."git@privategitlab.company.com:".insteadOf "https://privategitlab.company.com"

I beleive at the time of writing this, the SSH git is not fully supported by Golang command line tools and this may cause
conflicts with the ~/.netrc.

Bonus: SSH config file

For regular use of the git tool, not the Golang command line tools, it’s convient to have a ~/.ssh/config file set up.
In order to do this, run the following commands:

mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/config
chmod 600 ~/.ssh/config

Please note the permissions on the files and directory above are essentail for SSH to work in it’s default configuration on
most Linux systems.

Then, edit the ~/.ssh/config file to match the following:

Host privategitlab.company.com
  Hostname privategitlab.company.com
  User USERNAME_HERE
  IdentityFile ~/.ssh/id_rsa

Please note the spacing in the above file matters and will invalidate the file if it is incorrect.

Where USERNAME_HERE is your GitLab username and ~/.ssh/id_rsa is the path to your SSH private key in your file system.
You’ve already uploaded its public key to GitLab. Here are some instructions.

Answered By – Micah Parks

Answer Checked By – Dawn Plyler (GoLangFix Volunteer)

Leave a Reply

Your email address will not be published.