search

GoogleChrome / lighthouse-ci

Automate running Lighthouse for every commit, viewing the changes, and preventing regressions
Apache License 2.0
6.41k stars 643 forks source link

Update Dockerfile - enable SSH #999

Open jlanssie opened 9 months ago

jlanssie commented 9 months ago

Enable SSH for docker-server image-based containers.

google-cla[bot] commented 9 months ago

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

connorjclark commented 4 months ago

I'm not familiar with this pattern of exposing SSH from a docker image. Can you point me to something like a best practices document / blog post that explains this? Can this instead be done as dependent image that extends ours?

If anyone expert in Docker is viewing this issue, please feel free to chime in. Thanks!

jlanssie commented 4 months ago

I'm not familiar with this pattern of exposing SSH from a docker image. Can you point me to something like a best practices document / blog post that explains this? Can this instead be done as dependent image that extends ours?

If anyone expert in Docker is viewing this issue, please feel free to chime in. Thanks!

Researching it I found a few examples at (amongst others) ...

https://www.howtogeek.com/devops/how-to-ssh-into-a-docker-container/

https://dev.to/s1ntaxe770r/how-to-setup-ssh-within-a-docker-container-i5i

https://forums.docker.com/t/docker-networking-and-ports/93855/5

... that all mention starting openssh-server. We will need to expose a port and I stuck to the port 22 standard. You can probaly extend your docker image based on a docker image that already provides an SSH feature, but I do not know of any well-known Docker images providing this feature. I will not really advertise my PR, but adding SSH is generally not something you want because it opens an attack vector. In this case, I wanted to add SSH support because accessing the running container instance is the only way to recover lost admin keys... If there was an alternative to recover lost admin keys via the application or an email address then this SSH access would not really be necessary. And that would probably be preferred.