I am trying to build my go apps on a docker file. Inside my go.mod there is private package that needs authentication/ssh. This question is similar to Building Go apps with private modules in Docker, but in my case is i have to pull package from
gitlab not from
github. Here is my dockerfile:
# builder image FROM golang:1.14.11-alpine AS builder # specific directory for build process WORKDIR /usr/src/build # copying the source code # to the current working directory COPY . . RUN apk add --no-cache openssh-client RUN apk add --no-cache git # create ssh directory RUN mkdir ~/.ssh RUN touch ~/.ssh/known_hosts RUN ssh-keyscan -t rsa gitlab.com >> ~/.ssh/known_hosts # allow private repo pull RUN git config --global url."https://my-personal-access-token:email@example.com/".insteadOf "https://gitlab.com/" ADD . /go/src/gitlab.com/my-repo/backends/backend-structs CMD cd /go/src/gitlab.com/my-repo/backends/backend-structs; go get /go/src/gitlab.com/my-repo/backends/backend-structs && go build -o /go/bin/backend-structs # executing build process RUN GOOS=linux go build -ldflags="-s -w" -o app # runtime image FROM golang:1.14.11-alpine AS runtime # create and use non-root user # to increase container security # ref https://pythonspeed.com/articles/root-capabilities-docker-security/ RUN adduser myuser --disabled-password USER myuser WORKDIR /home/myuser # copy the executable binary file from builder directory # to the current working directory COPY --from=builder /usr/src/build/app . # exposing port EXPOSE 8080 # run the application CMD ["./app"]
i have tried to follow this tutorial https://divan.dev/posts/go_get_private/ , by changing
gitlab.com still failed.
Here is the error details:
#17 5.830 remote: HTTP Basic: Access denied #17 5.830 fatal: Authentication failed for 'https://gitlab.com/my-repo/backends.git/' ------ executor failed running [/bin/sh -c GOOS=linux go build -ldflags="-s -w" -o app]: exit code: 1
anyone here knows how to create dockerfile with golang private package(repo is hosted in gitlab.com) ?
In my experience, do NOT use git configs to solve this. Only use
~/.netrc. Here is a guide a made specifically for this: https://gist.github.com/MicahParks/1ba2b19c39d1e5fccc3e892837b10e21
I’ll paste its contents below as well.
go command line tool needs to be able to fetch dependencies from your private GitLab, but authenticaiton is required.
This assumes your private GitLab is hosted at
The following environment variables are recommended:
export GO111MODULE=on export GOPRIVATE=privategitlab.company.com
The above lines might fit best in your shell startup, like a
GO111MODULE=on tells Golang command line tools you are using modules. I have not tested this with projects not using
Golang modules on a private GitLab.
GOPRIVATE=privategitlab.company.com tells Golang command line tools to not use public internet resources for the hostnames
listed (like the public module proxy).
Get a personal access token from your private GitLab
To future proof these instructions, please follow this guide from the GitLab docs.
I know that the
read_api scope is required for Golang command line tools to work, and I may suspect
well, but have not confirmed this.
Set up the
In order for the Golang command line tools to authenticate to GitLab, a
~/.netrc file is best to use.
To create the file if it does not exist, run the following commands:
touch ~/.netrc chmod 600 ~/.netrc
Now edit the contents of the file to match the following:
machine privategitlab.company.com login USERNAME_HERE password TOKEN_HERE
USERNAME_HERE is replaced with your GitLab username and
TOKEN_HERE is replaced with the access token aquired in the
Do not set up a global git configuration with something along the lines of this:
git config --global url."firstname.lastname@example.org:".insteadOf "https://privategitlab.company.com"
I beleive at the time of writing this, the SSH git is not fully supported by Golang command line tools and this may cause
conflicts with the
Bonus: SSH config file
For regular use of the
git tool, not the Golang command line tools, it’s convient to have a
~/.ssh/config file set up.
In order to do this, run the following commands:
mkdir ~/.ssh chmod 700 ~/.ssh touch ~/.ssh/config chmod 600 ~/.ssh/config
Please note the permissions on the files and directory above are essentail for SSH to work in it’s default configuration on
most Linux systems.
Then, edit the
~/.ssh/config file to match the following:
Host privategitlab.company.com Hostname privategitlab.company.com User USERNAME_HERE IdentityFile ~/.ssh/id_rsa
Please note the spacing in the above file matters and will invalidate the file if it is incorrect.
USERNAME_HERE is your GitLab username and
~/.ssh/id_rsa is the path to your SSH private key in your file system.
You’ve already uploaded its public key to GitLab. Here are some instructions.
Answered By – Micah Parks
Answer Checked By – Dawn Plyler (GoLangFix Volunteer)