Fix ssh key issues

This commit is contained in:
khalid@traclabs.com
2026-05-24 09:07:09 -05:00
parent 6d63775800
commit 9fe0828986
3 changed files with 169 additions and 55 deletions

View File

@@ -3,25 +3,14 @@ services:
build:
context: .
dockerfile: Dockerfile
# Forward the host's SSH agent into the build. Needed because
# the `goods-editor` npm dependency uses a git+ssh: URL, so
# `npm install` has to authenticate against git.kadil.dev
# during the build. "default" means "use the SSH_AUTH_SOCK
# environment variable on the host" — matches the build
# command `docker build --ssh default`.
#
# The host running `docker compose build` must have:
# • An ssh-agent running with the right key loaded
# (verify with `ssh-add -l`).
# • Docker 23+ (BuildKit is the default; older versions
# need `DOCKER_BUILDKIT=1` exported).
#
# No SSH material is baked into the image — the agent is only
# available during the single RUN step in the Dockerfile that
# has `--mount=type=ssh`. See the Dockerfile docblock for the
# full mechanism.
ssh:
- default
# Pass an SSH private key in as a build secret so npm can
# authenticate against git.kadil.dev for the `goods-editor`
# git+ssh: dependency. The secret is only available during
# the single RUN step that mounts it; nothing about the key
# ends up in the built image. See Dockerfile docblock for
# the full mechanism.
secrets:
- ssh_key
container_name: apparel-designer
ports: ["3001:3001"]
volumes:
@@ -32,6 +21,36 @@ services:
- PORT=3001
restart: unless-stopped
# Build-time secret declaration.
#
# Two ways to provide the key, pick whichever fits where you're
# building from:
#
# ── A. File-based (typical local dev / deployment server) ───────
# Set SSH_KEY_FILE in the environment before running compose:
#
# SSH_KEY_FILE=$HOME/.ssh/id_ed25519 docker compose build
#
# The `file:` source below reads from that path. The fallback
# `/dev/null` exists so `docker compose config` (validation /
# linting) doesn't error out when the env var isn't set — actual
# builds against /dev/null will fail with a clear "permission
# denied" rather than a cryptic compose error.
#
# ── B. Env-var-based (typical CI) ──────────────────────────────
# Comment out the `file:` line and uncomment `environment:` below.
# Provide the key contents in the SSH_PRIVATE_KEY env var:
#
# SSH_PRIVATE_KEY="$(cat ~/.ssh/id_ed25519)" docker compose build
#
# In GitHub Actions / GitLab CI / etc., set SSH_PRIVATE_KEY from
# the platform's secret store. The `environment:` source for build
# secrets requires Docker Compose v2.23+.
secrets:
ssh_key:
file: ${SSH_KEY_FILE:-/dev/null}
# environment: SSH_PRIVATE_KEY
volumes:
uploads_data:
exports_data: