Cloning private git repo in the docker container -

i have project (written in ruby) want run in docker image. project source code stored in private git repo, image created usual dockerfile. project huge , git clone takes relatively long.

the problem that, i'm not sure how (when/where) clone git repo docker image properly. can clone git repository temp directory , copy source code copy command in dockerfile. don't since have maintain second clone in temp dir.

or, can clone repo within docker image. problem ssh-key can't reasonably keep in image. can add "my own" keys git server allow access everything.

so, created script this:

uuid=`uuid`     docker run \     -v $home/.ssh:/home/user/.ssh:ro\     --name=$uuid \     -it $1 /scripts/git-clone-update.sh docker commit $uuid $1 docker rm $uui 

git-clone-update.sh clones project if doesn't exist or updates if does. keys mounted .ssh that. works great. can update code in image calling script passing image name argument. problem config.cmd changes /scripts/git-clone-update.sh.

any idea how keep original config.cmd? best practice cloning private ropo in/to docker image?

thx

as you've discovered, keeping private ssh keys in docker image isn't great security. i've seen 2 approaches this:

1. create new, read-only account , keep keys in docker image. more limitations can put on account better security, you're still packaging secret on top of actual source code.

   also, doesn't solve scripts problem, i've admittedly no clue how solve.

2. host whole, packaged docker file code copied in. approach mark o'conner mentions in comment. workflow release be:

   • copy code docker container.
   • update docker image.
   • upload new image docker repository (e.g. hub.docker.com or amazon web services elastic beanstalk).
   • update or launch new instances of new container image.

for development i.e. every day use second approach, have launch script copies code docker container , runs or restarts container or server inside container needed. or have separate development docker image configure mount source control directory separate volume.