Use Dagger with Private Git Repositories
Dagger recommends you to rely on your host's SSH authentication agent to securely authenticate against private remote Git repositories.
To clone private repositories, the only requirements are to run ssh-add
on the Dagger host (to add your SSH key to the authentication agent), and mount its socket using the SSHAuthSocket
parameter of the (Dagger.GitRef).Tree
API.
Assume that you have a Dagger CI tool containing the following code, which references a private repository:
package main
import (
"context"
"fmt"
"os"
"dagger.io/dagger"
)
func main() {
ctx := context.Background()
client, err := dagger.Connect(ctx)
if err != nil {
panic(err)
}
defer client.Close()
// Retrieve path of authentication agent socket from host
sshAgentPath := os.Getenv("SSH_AUTH_SOCK")
// Private repository with a README.md file at the root.
readme, err := client.
Git("git@private-repository.git").
Branch("main").
Tree(
dagger.GitRefTreeOpts{
SSHAuthSocket: client.Host().UnixSocket(sshAgentPath),
},
).
File("README.md").
Contents(ctx)
if err != nil {
panic(err)
}
fmt.Println("readme", readme)
}
Now, first remove all the SSH keys from the authentication agent on the Dagger host:
➜ ssh-add -D
All identities removed.
Attempt to run the Go CI tool:
➜ go run .
panic: input:1: git.branch.tree.file.contents failed to load cache key: failed to fetch remote
exit status 128
The CI tool fails, as it is unable to find the necessary authentication credentials to read the private repository in the SSH authentication agent.
Now, add the SSH key to the authentication agent on the host and try again:
➜ ssh-add
Identity added: xxxxx
go run .
readme #
Finally, the CI tool succeeds in reading the private Git repository.