knowsuchagency/Dockerfile

## Dockerfile
FROM python:3 as build-system

RUN pip install -U pip

COPY requirements.txt requirements.txt

### create temporary image used to download and vendor packages using private key ###
FROM build-system as intermediate

# add credentials on build
ARG SSH_PRIVATE_KEY
RUN mkdir /root/.ssh/
RUN echo "${SSH_PRIVATE_KEY}" > /root/.ssh/id_rsa
RUN chmod 600 /root/.ssh/*
RUN ssh-keyscan github.com >> /root/.ssh/known_hosts

# vendor python dependencies
RUN pip download -r requirements.txt -d /vendor/python

### create the runtime image ###
FROM build-system as runtime

# install vendored python dependencies
COPY --from=intermediate /vendor/python /vendor/python
RUN pip install /vendor/python/*

## Makefile
SSH_PRIVATE_KEY=`cat ~/.ssh/id_rsa`

build-image:
	docker build . --build-arg SSH_PRIVATE_KEY="${SSH_PRIVATE_KEY}"

## requirements.txt
git+ssh://git@github.com/{user-or-group}/{repo}.git@{optional-tag-or-commit_hash}#egg={package_name}
	FROM python:3 as build-system

	RUN pip install -U pip

	COPY requirements.txt requirements.txt

	### create temporary image used to download and vendor packages using private key ###
	FROM build-system as intermediate

	# add credentials on build
	ARG SSH_PRIVATE_KEY
	RUN mkdir /root/.ssh/
	RUN echo "${SSH_PRIVATE_KEY}" > /root/.ssh/id_rsa
	RUN chmod 600 /root/.ssh/*
	RUN ssh-keyscan github.com >> /root/.ssh/known_hosts

	# vendor python dependencies
	RUN pip download -r requirements.txt -d /vendor/python

	### create the runtime image ###
	FROM build-system as runtime

	# install vendored python dependencies
	COPY --from=intermediate /vendor/python /vendor/python
	RUN pip install /vendor/python/*
	SSH_PRIVATE_KEY=`cat ~/.ssh/id_rsa`

	build-image:
	docker build . --build-arg SSH_PRIVATE_KEY="${SSH_PRIVATE_KEY}"