Secret
I added a secret to drone.io using:
drone org secret add --image=* --conceal --skip-verify=true octocat SSH_KEY @/home/me/.ssh/id_rsa
Dockerfile
Because npm install needs to access private repositories, I specify an ARG in my Dockerfile, to get my private ssh_key:
FROM node:latest
ARG SSH_KEY
ENV SSH_KEY=$SSH_KEY
RUN mkdir /root/.ssh && \
echo $SSH_KEY | cut -d "\"" -f 2 > /root/.ssh/id_rsa && \
chmod 0600 /root/.ssh/id_rsa && \
eval `ssh-agent -s` && \
ssh-add /root/.ssh/id_rsa && \
echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config
RUN mkdir /app
WORKDIR /app
COPY . /app
EXPOSE 3001
CMD ["npm", "start"]
.drone.yml
And finally, in my .drone.yml pipeline, on the plugin/docker step, I use build-arg to inject the ssk_key:
pipeline:
test:
image: node:latest
commands:
- mkdir /root/.ssh && echo "$SSH_KEY" > /root/.ssh/id_rsa && chmod 0600 /root/.ssh/id_rsa
- eval `ssh-agent -s` && ssh-add /root/.ssh/id_rsa
- echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config
- npm install
- npm test
docker:
image: plugins/docker
repo: octocat/bar
tags: latest
build_args:
- SSH_KEY=${SSH_KEY}
My questions:
- Is that the correct way to inject my ssh key to the Dockerfile, from drone pipeline?
- the build_args are printed in the frontend logs, so is the SSK_KEY...how to avoid this?
- the build args is passing my SSK_KEY + quotes around it -> "SSH_KEY", so I have to remove the quotes in my Dockerfile (by piping the string) before echoing it to
/root/.ssh/id_rsa:, any way to not have these"?
Many Thanks!!
[EDIT] thanks to Adrian for suggesting a better way, remove the npm install from Dockerfile, as the node_modules can be shared through a volume between the pipeline steps.
