Closed lephyrius closed 3 years ago
Honestly, I have no idea what's going on here.
You almost certainly don't want to be hard-coding GH_TOKEN
in your Dockerfile
using ENV
. In a perfect world, you'd be passing in a termporary Vault token (or something similar) using ARG
, and then using that Vault token to look up your GitHub token, and finally revoking the temporary Vault token the moment the docker build
command is done. Any other approach will inevitably wind up leaking a GitHub token somewhere, either into the resulting Docker image or into your source control. That might be tolerable if the GitHub token is read-only, and you don't care too much about keeping your source code 100% secret.
git-credential-ghtoken
is not a documented or officially supported feature of rust-musl-builder
, because there's no easy to use it correctly without some system of temporary, revokable tokens. Unfortunately, the easiest workaround for this problem is to combine all your internal-only Rust projects into a single workspace.
I wish I had a better answer for you. Accessing private packages from within a docker build
step is surprisingly hard.
What did you try to do? I added this to the Dockerfile
Further down I used git:
What happened?
I got this error message:
What did you hope to happen? I wanted to fetch my private repo which.
Additional information
I reduced the example. So I didn't use cargo but I want to use cargo.