Docker npm install fails with local dependencies, but works in command line

Question

I'm trying to dockerize a project which uses some private npm dependencies that are on our GitLab server (url is something like 10.1.1.150). When I run npm install in CMD it works perfectly, but in Docker I get the following error:

npm ERR! Error while executing:
npm ERR! /usr/bin/git ls-remote -h -t https://10.1.1.150/WebDev/firstdependency.git
npm ERR!
npm ERR! remote: HTTP Basic: Access denied
npm ERR! fatal: Authentication failed for 'https://10.1.1.150/WebDev/firstdependency.git/'
npm ERR!
npm ERR! exited with error code: 128

My Dockerfile:

FROM node
ENV NODE_ENV production
WORKDIR /usr/src/app
COPY ["package.json", "package-lock.json*", "npm-shrinkwrap.json*", "./"]
RUN npm set strict-ssl false --global
RUN git init
RUN git config --global http.sslVerify false
RUN git config http.emptyAuth true
RUN npm install --production
RUN mv node_modules ../
COPY . .
CMD npm start

Part of the package.json file that contains the failed parts:

"repository": {
    "type": "git",
    "url": "https://10.1.1.150/WebDev/thisproject.git"
  },
  "dependencies": {
    "@mycompany/firstdependency": "git+https://10.1.1.150/WebDevelopment/firstdependency.git",
    "@mycompany/seconddependency": "git+https://10.1.1.150/WebDevelopment/seconddependency.git",
    "@mycompany/thirddependency": "git+https://10.1.1.150/WebDevelopment/thirddependency.git"

I guess the core of the problem is that I can't pass my credentials in the Dockerfile, so it can't log in to our local repo. OS: WIN10 npm: 6.13.4 Docker: 19.03.2 How can I resolve this authentication error?

Answer 1

I assume that you are authenticating to your private npm registry via ssh private certification. In that case, you will need to make use of Docker Build Enhancements .

Here are a few things that you need to update:

• In your Dockerfile , add this line as the first line: # syntax=docker/dockerfile:experimental
• Change RUN npm install --production to RUN --mount=type=ssh npm install --production
• After that, you can build your image like docker build --ssh <image_name> .

New Dockerfile

# syntax=docker/dockerfile:experimental

FROM node
ENV NODE_ENV production
WORKDIR /usr/src/app
COPY ["package.json", "package-lock.json*", "npm-shrinkwrap.json*", "./"]
RUN npm set strict-ssl false --global
RUN git init
RUN git config --global http.sslVerify false
RUN git config http.emptyAuth true

RUN --mount=type=ssh npm install --production

RUN mv node_modules ../
COPY . .
CMD npm start

EDIT 1

Since you are setting the credentials as the environment variables (which you should consider changing it to using ssh certificate), here is the solution that I suggest.

1. Prepare a file that contains the environment names and values you use to login to git. Let's say the file is at /gitsecret.txt with the content like

GIT_USERNAME=<value>
GIT_PASSWORD=<value>

2. Update your Dockerfile as

# syntax=docker/dockerfile:experimental

# Builder layer
FROM node as builder

ENV NODE_ENV production
WORKDIR /usr/src/app
COPY ["package.json", "package-lock.json*", "npm-shrinkwrap.json*", "./"]
RUN npm set strict-ssl false --global
RUN git init
RUN git config --global http.sslVerify false
RUN git config http.emptyAuth true
RUN --mount=type=secret,id=gitsecret \
    set -a; \
    source /run/secrets/gitsecret; \
    set +a; \
    npm install --production

# Main layer
FROM node

WORKDIR /usr/src/app

RUN mv node_modules ../

COPY --from=builder /usr/src/app/node_modules /usr/src/node_modules
COPY . .

CMD npm start

3. Now you can run your docker build command like

docker build --secret id=gitsecret,src=/gitsecret.txt <image_name> .

This way is to ensure that:

• The secret can only be used during the build phase. The build layer will be removed from the final image so no secret stays in the final image.
• The secret content will not be printed out during the build.

NOTE I do not have your full source code so will not guarantee that the code will work for your case just by copy and paste. However, the idea is there so please update it accordingly!