Docker + Nodejs + Private Repo + Private NPM Module - Access Problems

Question

I am in process of setting up the the deployment of a Node.js Service with Docker.

The Dockerfile I have is pieced together from various examples from around the net. The directory for the Dockerfile includes:

• Dockerfile
• id_rsa
• start.sh

This is the Dockerfile:

FROM ubuntu:13.10

# make sure apt is up to date
RUN apt-get update

# install npm, git, ssh, curl
RUN apt-get install -y npm git git-core ssh curl

RUN mkdir /nodejs && curl http://nodejs.org/dist/v0.10.31/node-v0.10.31-linux-x64.tar.gz | tar xvzf - -C /nodejs --strip-components=1

# Fixes empty home
ENV PATH $PATH:/nodejs/bin

ENV HOME /root

# SSH SETUP
RUN mkdir -p /root/.ssh
ADD id_rsa /root/.ssh/id_rsa
RUN chmod 700 /root/.ssh/id_rsa
RUN echo "IdentityFile /root/.ssh/id_rsa" >> /root/.ssh/ssh_config
RUN ssh-keyscan github.com >> /root/.ssh/known_hosts

ADD start.sh /tmp/

RUN chmod +x /tmp/start.sh

CMD ./tmp/start.sh

After the set-up is complete, start.sh runs and I experience problems with a private NPM dependency that the private Node.js service has. This is what start.sh is doing:

cd /tmp

# try to remove the repo if it already exists
rm -rf MediaFX; true

git clone https://<username>:<password>@github.com/company/ExampleRepo.git

cd RepoName

node --version

ls

npm install

NODE_ENV=test DEBUG=* PORT=3000 node server.js

In package.json for ExampleRepo, there is one private module that we import like this:

"dependencies": {
    "scribe": "git+ssh://git@github.com:Company/PrivateDep.git"
},

When npm install gets to this repo, it outputs these logs:

npm ERR! git clone git@github.com:InboxAppCo/scribe.git Cloning into bare repository '/root/.npm/_git-remotes/git-github-com-InboxAppCo-scribe-git-abae334a'...
npm ERR! git clone git@github.com:InboxAppCo/scribe.git
npm ERR! git clone git@github.com:InboxAppCo/scribe.git Warning: Permanently added the RSA host key for IP address '192.30.252.130' to the list of known hosts.
npm ERR! git clone git@github.com:InboxAppCo/scribe.git Permission denied (publickey).
npm ERR! git clone git@github.com:InboxAppCo/scribe.git fatal: Could not read from remote repository.
npm ERR! git clone git@github.com:InboxAppCo/scribe.git
npm ERR! git clone git@github.com:InboxAppCo/scribe.git Please make sure you have the correct access rights
npm ERR! git clone git@github.com:InboxAppCo/scribe.git and the repository exists.
npm ERR! Error: `git "clone" "--mirror" "git@github.com:InboxAppCo/scribe.git" "/root/.npm/_git-remotes/git-github-com-InboxAppCo-scribe-git-abae334a"` failed with 128
npm ERR!     at ChildProcess.cpclosed (/usr/share/npm/lib/utils/exec.js:59:20)
npm ERR!     at ChildProcess.EventEmitter.emit (events.js:98:17)
npm ERR!     at Process.ChildProcess._handle.onexit (child_process.js:789:12)
npm ERR! If you need help, you may report this log at:
npm ERR!     <http://bugs.debian.org/npm>
npm ERR! or use
npm ERR!     reportbug --attach /tmp/MediaFX/npm-debug.log npm

npm ERR! System Linux 3.16.4-tinycore64
npm ERR! command "/usr/bin/nodejs" "/usr/bin/npm" "install"
npm ERR! cwd /tmp/MediaFX
npm ERR! node -v v0.10.15
npm ERR! npm -v 1.2.18

I thought that since the git clone of the private Node service works fine, any of its private NPM dependencies would install smoothly.

I am fairly positive that my SSH set up is flawed (and that it didn't manifest its self while git cloning the private parents repo) because I added username and password to the link. However, I am unsure and would appreciate some guidance on how to do this correctly.

Answer 1

git clone https://<username>:<password>@github.com/company/ExampleRepo.git

Works, because you are passing the username and password and doing it over https

"dependencies": {
    "scribe": "git+ssh://git@github.com:Company/PrivateDep.git"
},

Fails, because you are connecting directly over ssh and Docker doesn't do any ssh agent forwarding from the host machine.

Unfortunatly it dosen't look like npm supports any url format to send username and password like your clone line: https://docs.npmjs.com/files/package.json#git-urls-as-dependencies

You'd have to add your ssh keys to the docker container ( Not Reccomended )

Or do something funky like share you SSH_SOCKET from the host like:

https://gist.github.com/d11wtq/8699521

Answer 2

Here's an approach I'm going to try implementing this evening:

docker create --build-arg TOKEN <my priv token> <dockerFile>

maybe declare the arg in the docker file?

ARG TOKEN  

then in the script have npm install use that TOKEN in dependencies

"privModule": "git+https://${TOKEN}:x-oauth-basic@github.com/<githubID>/<privateModule>.git"

and if that doesn't work, somehow replace that var in the package.json (with sed) or have npm use an environment var.