npm is an incredibly handy development tool. Allowing for breaking your projects up into separate modules keeps logic isolated, maintainable and composable – especially when working with a larger team. When working with proprietary software, we can supply specific URLs in the package to lock down permissions and keep the code out of the public npm registry. However, this can cause a problem when working with portable docker images as the git clone will fail due to a missing id_rsa.
The solution we’re using is quite simple. Provide an ssh id_rsa file to authorize the clone. Instead of using your personal id_rsa, it’s much more appropriate to create one specific for the application and then add the id_rsa.pub as an authorized deploy hook in your git provider. This way you don’t have someone’s actual id_rsa floating around in repositories. Here are the steps:
- In the project’s root directory create a .ssh folder.
- Run ssh-keygen -t rsa -C "firstname.lastname@example.org" and provide the absolute path to the new .ssh directory.
- Finally, add the public key as a deploy key for the module(s). This will authorize the read-only clone.
In the Dockerfile you’ll need to copy the .ssh directory in like so:
ADD .ssh/ /root/.ssh
RUN ssh-keyscan <your-git-provider> >> /root/.ssh/known_hosts && \
chmod 700 /root/.ssh && \
chmod 600 /root/.ssh/* && \
Note the ssh-keyscan <your-git-provider> bit. It’s important to add this so SSH doesn’t try to, as it will want to prompt for your permission first which will cause the build to fail. Obviously, the git provider will be the domain for your repositories. If you’re using GitHub, it would be github.com.
If you notice an error that looks like this:
npm ERR! fatal: could not read Username for ...
It’s probably because your syntax for the url in the package.json isn’t correct. Make sure the user is in the URL.
View the documentation here.
There you have it. Docker builds with private repositories.