Fix ssh key issues
This commit is contained in:
@@ -3,25 +3,14 @@ services:
|
||||
build:
|
||||
context: .
|
||||
dockerfile: Dockerfile
|
||||
# Forward the host's SSH agent into the build. Needed because
|
||||
# the `goods-editor` npm dependency uses a git+ssh: URL, so
|
||||
# `npm install` has to authenticate against git.kadil.dev
|
||||
# during the build. "default" means "use the SSH_AUTH_SOCK
|
||||
# environment variable on the host" — matches the build
|
||||
# command `docker build --ssh default`.
|
||||
#
|
||||
# The host running `docker compose build` must have:
|
||||
# • An ssh-agent running with the right key loaded
|
||||
# (verify with `ssh-add -l`).
|
||||
# • Docker 23+ (BuildKit is the default; older versions
|
||||
# need `DOCKER_BUILDKIT=1` exported).
|
||||
#
|
||||
# No SSH material is baked into the image — the agent is only
|
||||
# available during the single RUN step in the Dockerfile that
|
||||
# has `--mount=type=ssh`. See the Dockerfile docblock for the
|
||||
# full mechanism.
|
||||
ssh:
|
||||
- default
|
||||
# Pass an SSH private key in as a build secret so npm can
|
||||
# authenticate against git.kadil.dev for the `goods-editor`
|
||||
# git+ssh: dependency. The secret is only available during
|
||||
# the single RUN step that mounts it; nothing about the key
|
||||
# ends up in the built image. See Dockerfile docblock for
|
||||
# the full mechanism.
|
||||
secrets:
|
||||
- ssh_key
|
||||
container_name: apparel-designer
|
||||
ports: ["3001:3001"]
|
||||
volumes:
|
||||
@@ -32,6 +21,36 @@ services:
|
||||
- PORT=3001
|
||||
restart: unless-stopped
|
||||
|
||||
# Build-time secret declaration.
|
||||
#
|
||||
# Two ways to provide the key, pick whichever fits where you're
|
||||
# building from:
|
||||
#
|
||||
# ── A. File-based (typical local dev / deployment server) ───────
|
||||
# Set SSH_KEY_FILE in the environment before running compose:
|
||||
#
|
||||
# SSH_KEY_FILE=$HOME/.ssh/id_ed25519 docker compose build
|
||||
#
|
||||
# The `file:` source below reads from that path. The fallback
|
||||
# `/dev/null` exists so `docker compose config` (validation /
|
||||
# linting) doesn't error out when the env var isn't set — actual
|
||||
# builds against /dev/null will fail with a clear "permission
|
||||
# denied" rather than a cryptic compose error.
|
||||
#
|
||||
# ── B. Env-var-based (typical CI) ──────────────────────────────
|
||||
# Comment out the `file:` line and uncomment `environment:` below.
|
||||
# Provide the key contents in the SSH_PRIVATE_KEY env var:
|
||||
#
|
||||
# SSH_PRIVATE_KEY="$(cat ~/.ssh/id_ed25519)" docker compose build
|
||||
#
|
||||
# In GitHub Actions / GitLab CI / etc., set SSH_PRIVATE_KEY from
|
||||
# the platform's secret store. The `environment:` source for build
|
||||
# secrets requires Docker Compose v2.23+.
|
||||
secrets:
|
||||
ssh_key:
|
||||
file: ${SSH_KEY_FILE:-/dev/null}
|
||||
# environment: SSH_PRIVATE_KEY
|
||||
|
||||
volumes:
|
||||
uploads_data:
|
||||
exports_data:
|
||||
|
||||
Reference in New Issue
Block a user