dockerfiler icon indicating copy to clipboard operation
dockerfiler copied to clipboard

Published 20 hours ago verified publisher icon ThinkR-open

Add support for GITHUB_PAT handling with private repo dependencies

Open yogat3ch opened this issue 2 years ago • 6 comments

Hi @VincentGuyader & @ColinFay, This PR will eventually fix #18. It currently only modifies dock_from_desc to add handling of the GITHUB_PAT as a build-arg to enable fetching of private Github repos during docker build. A comment is included in the Dockerfile reminding the user to use the --build-arg GITHUB_PAT=[github PAT] flag when running docker build. There is an info message also indicating this fact which also informs the user that using this method causes the GITHUB_PAT to be exposed in the image metadata and thus the image must be kept private if uploaded to Docker Hub.

I would appreciate feedback on this approach thus far before I implement a similar method for handling private repos on the dock_from_renv function.

Can y'all let me know if this is satisfactory?

yogat3ch avatar Jul 13 '22 01:07 yogat3ch

Just added a couple more features:

  • Added support for specifying a sha256 hash of the rocker version to control the architecture of the image. Related to golem#885
  • Added support for excluding the dependencies specified in Suggests in docker_from_desc for smaller docker images.
  • Alphabetizes the dependencies so it's easier to locate dependencies in the Dockerfile

yogat3ch avatar Jul 19 '22 21:07 yogat3ch

Hello there, I'm just curious if this is going to be merged? I'm thinking about working on #43 and I could use this code :)

michkam89 avatar Oct 14 '22 13:10 michkam89

@michkam89 , tagging @VincentGuyader here to get some eyes on this

yogat3ch avatar Oct 17 '22 23:10 yogat3ch

Hey @statnmap, thanks for the review here! I haven't had a chance to implement the changes yet but I'll have some time off over the holidays where I can hopefully get to it!

yogat3ch avatar Dec 19 '22 22:12 yogat3ch

Hey @statnmap , I had an opportunity to document the sha256 parameter in the preceding commits. Is there anything else?

yogat3ch avatar Jan 26 '23 11:01 yogat3ch

Hey @statnmap, I think a safer way to do this is to copy an .Renviron file to the Docker image temporarily with the GITHUB_PAT set therein, and then delete it after renv::restore is run in the build process with RUN rm .Renviron cmd in the Dockerfile. This avoids exposing the GITHUB_PAT` in the run log when the image is uploaded to Docker Hub. Should I implement this instead?

yogat3ch avatar Mar 01 '23 23:03 yogat3ch