Docker Buildkit SSH/Github woes

Question

I'm trying to write a Dockerfile that pulls a private repository from github. The problem is that I can't get Docker buildkit to use my SSH key properly. Even using the precise instructions and example code from their website does not work. Here is what I did:

1. Created a passphraseless SSH key using ssh-keygen -t ed25519 -C my_email@my_company.com
2. Copied the public key and added it as a Github deploy key to my repository
3. ssh-added the key
4. Ran the Dockerfile

# syntax=docker/dockerfile:1
FROM alpine

# Install ssh client and git
RUN apk add --no-cache openssh-client git

# Download public key for github.com
RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts

# Clone private repository
RUN --mount=type=ssh git clone git@github.com:myorg/myproject.git myproject

replacing myproject and myorg appropriately. Copy-pasting the git clone command from the Dockerfile to the terminal works. Running DOCKER_BUILDKIT=1 docker build --ssh default and DOCKER_BUILDKIT=1 docker build --ssh default=/path/to/key both fail with the error

 > [4/4] RUN --mount=type=ssh git clone git@github.com/myorg/myrepository.git myrepository
#9 0.262 fatal: repository 'git@github.com/myorg/myrepository.git' does not exist

What could be going on here? I'm using Docker 20.10.12 build e91ed57 on MacOS 10.14.6.

Answer 1

This is a workaround rather than a solution to the problem. Instead of the --ssh option, use secrets.

# syntax=docker/dockerfile:experimental
FROM alpine
RUN apk add openssh-client git
RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts
ENV GIT_SSH_COMMAND="ssh -i /run/secrets/deploy_key"
RUN --mount=type=secret,id=deploy_key git clone git@github.com:myorg/myrepository.git myrepository

building with the command

DOCKER_BUILDKIT=1 docker build --no-cache --secret id=deploy_key,src=/Users/Holmes5/.ssh/deploy_key .