This is repository for accompanying Medium article.
Installing private python packages into Docker container can be tricky because container does not have access to private repositories and you do not want to leave trace of private ssh key in docker images.
Here are two methods that can be used.
This method passes private ssh key to intermediate docker image that would be deleted after creating image.
docker build --force-rm -t test-multi-stage-builds --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_rsa)" .
Description of Dockerfile
:
- create intermediate image
- download python packages to intermediate image
- create new image
- copy python packages from intermediate image
- install downloaded packages
Command arguments:
--force-rm
- forces deleting intermediate images, even if build fails
-t test-multi-stage-builds
- image name
--build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_rsa)"
- set build-time variable
so private repository can be accessed from intermediate image
This method depends on adding deploy/access key to every private repository. It would be possible to access repository from container until key is revoked.
docker build -t test-with-deploy-keys --build-arg SSH_PRIVATE_KEY="$(cat ./deploy_key)" -f Dockerfile-deploykeys .
Here is an example of passing private key to docker-compose build
.
docker-compose build --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_rsa)"