Authenticate to git inside Docker build

We have specific issue. Because of legacy things we have decided to run all build tasks inside container build with ECR plugin. The problem we have is that we don’t know how to grant access to our private repositories on build. We know that we can do the same thing with just moving building parts into steps, but It would require changing not only code, but also developers local workflow which we would like to avoid for now.

We know that Drone is using .netrc file to authenticate to repositories, but this obviously doesn’t work by default with Dockerfiles. Our goal is to not store git credentials inside docker container, so adding command like COPY .netrc inside Dockerfile is not an option.

Does anybody have problem like this? Maybe somebody have any suggestion to this issue?

@wszychta,

If possible could you please share your drone yaml file for our review, as I am not clear with use case here so after looking into yaml we can suggest acordingly.

As I can think of one way is to pass below as env variable:

DRONE_GIT_USERNAME=x-oauth-token
DRONE_GIT_PASSWORD=<password>

https://docs.drone.io/server/reference/drone-git-username/

@csgit I will provide my PoC code.

.drone.yml:

- name: test ECR
  image: plugins/ecr
  settings:
    access_key:
      from_secret: XXXXXXXXXX
    secret_key:
      from_secret: XXXXXXXXXX
    region: eu-west-1
    repo: ci-production-drone-ecr/testing-image
    registry: XXXXXXXX.dkr.ecr.eu-west-1.amazonaws.com
    dockerfile: Dockerfile

Dockerfile:

FROM docker:git
RUN git clone https://github.com/path/to/private/repo.git

Do you know how to use described variables inside Dockerfile to authenticate?

By default this is everything what we have when we are using amazonlinux image to build:

Step 3/8 : RUN env
 ---> Running in 5792c735e97a
HOSTNAME=5792c735e97a
SHLVL=1
HOME=/root
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
DOCKER_VERSION=20.10.7
DOCKER_TLS_CERTDIR=/certs
PWD=/
Removing intermediate container 5792c735e97a
---> 61864738e9a5
Step 4/8 : RUN find / -type f -name ".netrc"
Running in fa4c230b43b0

We would like to have .netrc file mounted in tmpfs or git token inside build container as environment variable.

just asking a clarifying question here.
You want your dockerfile that is being built to do the checkout of the private git repository.

If that is the case you could use build_args as mentioned here Docker | Drone to pass through information to the docker plugin, then into your dockerfile