node.jsdockerpackage-lock.jsondocker-buildkitdocker-secrets

Dockerfile `RUN --mount=type=ssh` does'nt work with ssh repository dependancies inside package.json / package-lock.json


I tried to build a nodejs application with ssh external dependancies with and without package-lock.json in a Dockerfile.

It seems that --mount=type=ssh doesn't works recursively when cloning external ssh dependancies with npm

package-lock.json contains : "version": "git+ssh://git@gitlab.xxxx.xxx:common/dependance.git#4db813c75b98977b10886ceeb761f5f0fcf92f40", "from": "git+ssh://git@gitlab.xxxx.xxx:common/dependance.git#v4.0.0-pre.7",

It seems that if I remove the package-lock.json it will work but it doesn't work if it is present, I don't know why.

I don't understand why the secret or mount option is not recursively used within the npm "subprocess" retrieve command.

Though Fixing the versions with the package-lock.json should be built-in.

This is a snake that bites its own tail case.

Docker version 24.0.2, build cb74dfcd85

In the Dockerfile :

RUN --mount=type=ssh /usr/local/bin/npm install --loglevel silly

Run with option :

--ssh default=$HOME/.ssh/id_ed25519

In the package.json :

"dependance": "git+ssh://git@gitlab.xxxx.xxx:common/dependance.git#v4.0.0-pre.7"

In the package-lock.json :

"version": "git+ssh://git@gitlab.xxxx.xxx:common/dependance.git#4db813c75b98977b10886ceeb761f5f0fcf92f40", "from": "git+ssh://git@gitlab.xxxx.xxx:common/dependance.git#v4.0.0-pre.7",

--mount=type=ssh doesn't clone the dependance because it can't see the private key authorization


Solution

  • I figured out that the url syntax is wrong:

    Wrong:

    git+ssh://git@gitlab.xxxx.xxx:common/dependance.git#v4.0.0-pre.7
    

    Correct:

    git+ssh://git@gitlab.xxxx.xxx/common/dependance.git#v4.0.0-pre.7