9

I run on Windows and have used. Out of simplicity, I have been using HTTPS towards Github, which appears to be shared and setup on his own when spinning development containers in VS Code. The credentials are shared, as per https://code.visualstudio.com/docs/remote/containers#_sharing-git-credentials-with-your-container.

Lately I've started running projects using Terraform and for some reasons I'm only able to reference some of our internal modules hosted on Github with SSH-like URLs.

I've spent a long time trying to substitute the HTTPS setup for SSH on the dev container, without much success.

Initially

On my local:

$ cat .ssh/config

Host github.com
  AddKeysToAgent yes
  IdentityFile ~/.ssh/github
  ForwardAgent Yes

And I checked, the agent is running indeed. When checking the "$SSH_AUTH_SOCK" on my local and the dev container, they point to different agents.

How do I get that dev container to use the forwarded localhost agent that is running and has my github key ?

BuZz
  • 16,318
  • 31
  • 86
  • 141
  • 1
    Make sure your container is not running an ssh agent on its own. That could override SSH_AUTH_SOCK set by Remote-Containers. – Christof Marti Sep 15 '21 at 12:31
  • 1
    Thanks, I'm definitely not running one explicitly. VS Code doing its own thing likely. – BuZz Sep 15 '21 at 21:46
  • VsCode Devcontainer is running an ssh-agent and both the host and dev container agents are pointing to different sock when echoed the env var $SSH_AUTH_SOCK. But, still vscode dev container is able to pull keys from host and work. How does it work? – srk May 03 '23 at 07:13

3 Answers3

2

I assume you what you want to do is, clone private GitHub repositories from within a vscode devcontainer using HTTPS via terraform init WITHOUT the need of explicitly providing git credentials / being prompted for credentials for that --> since you have credentials cached in windows already.

As stated by the docs, in order to share credentials between containers / host-os, you need to either use

  • SSH (vscode forwards local ssh-agent to container)
  • a git credential-manager (for HTTPS)

A suitable credential manager is the (now) built-in Git-Credential-Manager-Core.
Make sure to have Git for Windows version >= v2.28.0 (July 28th 2020), see Release Notes.
To use it, run this in a shell on windows:

git config --global credential.helper manager-core

Then login to GitHub once by pulling/pushing/cloning a repository via HTTPS.
Git (gcm) will prompt you for credentials (Personal-Access-Token) which you can generate via GitHub Website > Settings > Developer Settings > Personal Access Token (make sure to enable repo permissions).

This was tested in a devcontainer with:
Dockerfile:

# [Choice] Ubuntu version (use hirsuite or bionic on local arm64/Apple Silicon): hirsute, focal, bionic
ARG VARIANT=focal
FROM mcr.microsoft.com/vscode/devcontainers/base:${VARIANT}

# [Optional] Uncomment this section to install additional OS packages.
RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
    && apt-get -y install --no-install-recommends \
    unzip

# Terraform
ENV VERSION 1.0.5
ENV SHA256SUM 7ce24478859ab7ca0ba4d8c9c12bb345f52e8efdc42fa3ef9dd30033dbf4b561

RUN wget "https://releases.hashicorp.com/terraform/$VERSION/terraform_${VERSION}_linux_amd64.zip" -O /tmp/bin.zip
RUN echo "$SHA256SUM  /tmp/bin.zip" | sha256sum -c && \
    mkdir /tools && \
    unzip /tmp/bin.zip -d /usr/local/bin

devcontainer.json

{
    "name": "Ubuntu",
    "runArgs": [
        "--init"
    ],
    "build": {
        "dockerfile": "Dockerfile",
        "args": {
            "VARIANT": "focal"
        }
    },
    "settings": {},
    "extensions": [],
    "remoteUser": "vscode"
}

And terraform project definitions:
main.tf

provider "azurerm" {
  features {}
}

module "aks" {
  source = "github.com/USER/REPO"
}

Make sure to use the correct url syntax for git HTTPS terraform modules

krsche_
  • 178
  • 1
  • 8
  • Now, when re-reading the title I think you're trying to get SSH working not HTTPS... lol – krsche_ Oct 14 '21 at 23:48
  • If that is the case, you can just volume-mount your private key into the devcontainer and add it to the containers ssh-agent – krsche_ Oct 14 '21 at 23:58
1

type 'Open SSH Configuration File' in the cmd pallet, it lets you select from a list of files.

Yisheng Jiang
  • 110
  • 1
  • 5
  • The container does not appear to be able to read this file, which I suppose makes sense as the local home directory is not necessarily mounted – Paidoo May 11 '23 at 09:12
0

For what it's worth I was able to get a devcontainer working with installed private repositories by using "initializeCommand" to first build my dev container like so:

DOCKER_BUILDKIT=1 docker build --ssh default -t my-image:latest <path to container>

The --ssh default wont work for windows out of the box but you could manually specify it. More info here.

In your Dockerfile, I also needed prepend your git clone with the --mount=type=ssh.

In the docker-compose that I route to from the devcontainer.json I swapped from a build to using a pre-built image:

services:
  app:
    image: my-image:latest
Jamie.Sgro
  • 821
  • 1
  • 5
  • 17