docker
Feature Request: support git+ssh:// protocol for build context urls
Description
Currently, the only way to use git over SSH to build from a private repository is to use an URL of the form git@server. git:// uses the raw git protocol, there is a shennigan checking for .git at the end of the path but only over http(s).
If your connecting user is not git, you cannot use the git over ssh protocol to build a private repository, resulting in all sorts of workaround like RUN --mount=type=ssh to clone during the build instead of just building a repository by url.
Same issue for buildah: https://github.com/containers/buildah/issues/4032
I think build already supports ssh:// as protocol; https://github.com/moby/buildkit/blob/874eef9b70dbaf4f074d2bc8f4dc64237f8e83a0/source/gitidentifier.go#L63
// isGitTransport returns true if the provided str is a git transport by inspecting
// the prefix of the string for known protocols used in git.
func isGitTransport(str string) bool {
return strings.HasPrefix(str, "http://") || strings.HasPrefix(str, "https://") || strings.HasPrefix(str, "git://") || strings.HasPrefix(str, "ssh://") || sshutil.IsImplicitSSHTransport(str)
}
As to git+ssh, I seem to recall some (or all) of the + schemes were either deprecated or at least discouraged to be used by the Git project (I recall there was a discussion about that at some point, but couldn't find it back; I did find https://github.com/moby/moby/pull/33696#issuecomment-308756746, but I don't think that's the thread I had in mind).
Let me move this to the buildx repository, as this is build related (although the request here is for the deprecated classic builder)
Right, ssh:// does seem better, but I have no idea where that code is used, building from an ssh url fails with
unable to prepare context: path "" not found
It looks like buildx uses a combination of the github.com/docker/docker/builder/remotecontext/urlutil (previously github.com/docker/docker/pkg/urlutil) package, and code in BuildKit; but we should probably unify those packages to make sure they have the same logic https://github.com/docker/buildx/pull/1224#discussion_r926908230
This is still relevant:
> docker build -t buildah '[email protected]:containers/buildah.git#main:/contrib/docker'
Sending build context to Docker daemon 2.56kB
Step 1/9 : FROM fedora
latest: Pulling from library/fedora
e1deda52ffad: Pull complete
Digest: sha256:2c5b21348e9b2a0b4c49bd5013be6d406be8594831aba21043393fcfba7252e0
Status: Downloaded newer image for fedora:latest
---> 98ffdbffd207
Step 2/9 : RUN dnf -y update && dnf -y clean all
---> Running in ffc88b7f7a3d
^C
> docker build -t buildah 'ssh://[email protected]:containers/buildah.git#main:/contrib/docker'
unable to prepare context: path "ssh://[email protected]:containers/buildah.git#main:/contrib/docker" not found
> docker version
Client:
Version: 20.10.17-rd
API version: 1.41
Go version: go1.17.11
Git commit: c2e4e01
Built: Fri Jul 22 18:34:29 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server:
Engine:
Version: 20.10.18
API version: 1.41 (minimum version 1.12)
Go version: go1.18.6
Git commit: e42327a6d3c55ceda3bd5475be7aae6036d02db3
Built: Sun Sep 11 07:10:00 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.6.8
GitCommit: 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6
runc:
Version: 1.1.4
GitCommit: 5fd4c4d144137e991c4acebb2146ab1483a97925
docker-init:
Version: 0.19.0
GitCommit: