Skip to content

Instantly share code, notes, and snippets.

Last active December 9, 2018 15:13
Show Gist options
  • Save innovia/550afe53c0f1098f2b363e522ea72507 to your computer and use it in GitHub Desktop.
Save innovia/550afe53c0f1098f2b363e522ea72507 to your computer and use it in GitHub Desktop.
Dockerfile MultiStage SSH Mount
# syntax=docker/dockerfile:1.0.0-experimental
## For this to work you must run `export DOCKER_BUILDKIT=1`
## then build using the command
## docker build --ssh github_ssh_key=/Users/<your_username>/.ssh/id_rsa .
## Stage 1
FROM python:2.7.15-alpine3.7 AS base
RUN apk update && apk add --no-cache \
git \
ca-certificates \
openssh-client \
postgresql-dev \
gcc \
python2-dev \
RUN pip install wheel
# download public key for
RUN mkdir -p -m 0600 ~/.ssh && ssh-keyscan >> ~/.ssh/known_hosts
RUN mkdir /wheels
# Set git links to be ssh instead of https, we will pass the SSH key in a SSH forward agent style
RUN git config --global url.ssh://
# On the docker client side, you need to define that SSH forwarding is allowed for this build by
# using the --ssh flag.
# docker build --ssh github_ssh_key=path/to_github_ssh_key .
# RUN --mount=type=ssh,id=github_ssh_key git clone /app
ADD . /app
RUN --mount=type=ssh,id=github_ssh_key pip wheel \
--no-cache \
--requirement requirements.txt \
# This small script is creating a local version of requirements.txt
# When we create wheels, we ususally install them with pip by instructing pip not to look for the requirements
# on Pypi using the `--no-=index` flag, if we have a requirement that is not hosted on Pypi (for example
# pip will still try to get it directly from the given link
# this script renames the packages with git or egg in them into the package name that will be found in the /wheel folder
RUN printf 'local_dependencies = [] \n\
with open("requirements.txt", "r") as dependencies_file: \n\
for dependency in dependencies_file: \n\
if dependency: \n\
pkg_name = dependency \n\
if "egg=" in dependency:\n\
# git://\n\
pkg_name = dependency.split("egg=")[-1]\n\
if "git+" in dependency:\n\
# git+\n\
pkg_name = dependency.split("/")[-1].split(".")[0]\n\
with open("wheel-requirements.txt", "w") as requirements_file:\n\
# filter is used to remove empty list members (None).\n\
requirements_file.write("\\n".join(filter(None, local_dependencies)))'\
>> /app/
RUN python /app/
# Stage 2
FROM python:2.7.15-alpine3.7
RUN apk update && apk add --no-cache \
ca-certificates \
COPY --from=base /app /app
RUN pip install -r wheel-requirements.txt --no-cache --no-index --find-links=/app/wheels
# Cleanup
RUN find / -type f \( -name "*.pyx" -o -name "*.pyd" -o -name "*.whl" \) -delete && \
find /usr/local/lib/python2.7 -type f \( -name "*.c" -o -name "*.pxd" -o -name "*.pyd" -o -name "__pycache__" \) -delete && \
rm wheel-requirements.txt && \
rm -rf /app/wheels
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment