Hey everyone, does anyone have experience deploying with a private git submodule?
The RUN git submodule update
command fails because aptible can’t access the github repo
Hey everyone, does anyone have experience deploying with a private git submodule?
The RUN git submodule update
command fails because aptible can’t access the github repo
My recommendation: personal access tokens, and HTTPS URLs for the submodules:
https://support.aptible.com/topics/paas/how-to-install-private-dependencies/
(the guide is for Gemfile/package.json but the same approach applies for submodules)
If you don’t want to include the PAT in your codebase, you can load an SSH private key into your app via ENV
I know some customers do this, and it’d be something like this in your Dockerfile:
RUN set -a && . .aptible.env && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
RUN chmod 600 /root/.ssh/id_rsa
Thanks, I’ll give the id_rsa
solution a shot
For anyone who searches this in the future: I had to add a few Dockerfile lines to get private submodules working:
RUN mkdir -p /root/.ssh
RUN set -a && . /opt/MYAPP/.aptible.env && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
RUN chmod 600 /root/.ssh/id_rsa
RUN ssh-keyscan github.com >> /root/.ssh/known_hosts
RUN git submodule init && git submodule update
Is there a good strategy to set a private key in the environment using `config:set? In my attempts the value appears to be being escaped which breaks the key.
@rvause Enclave does not perform any escaping of the key you provide when served to your application (but it is escaped when it’s displayed back to you if you use aptible config --app ...
). However, it’s fairly common to get this wrong either when setting the variable or writing it to a file in your app.
I recommend the following approach to avoid both issues:
config:set
:aptible config:set --app "$APP_HANDLE" SSH_PRIVATE_KEY=$(cat ~/.ssh/id_rsa)"
(adjust ~/.ssh/id_rsa
with the path to your key if it’s somewhere else!)
printf
to write the key to a file properly (using echo
might work but it often does not). The easiest way to do so is to add this in a script and call it.mkdir "${HOME}/.ssh"
SSH_KEY_FILE="${HOME}/.ssh/id_rsa"
touch "$SSH_KEY_FILE"
chmod 600 "$SSH_KEY_FILE"
printf "%s" "$SSH_PRIVATE_KEY" > "$SSH_KEY_FILE"
Thanks for the detailed answer.
It looks like the problem I was having was specifically to do with running the config:set
command with fish. Switching to bash and running aptible config:set --app handle SSH_KEY="``cat path/to/key``"
(one backtick, having some formatting funkiness whilst posting) solved my immediate issue. At that point using echo
appears to do the job.
Happy to hear this solved it!