Using SSH agent with Docker Compose and Dockerfile

Question

I am having issues using a private github repo in one of my NestJS apps. When I create the docker image using the docker build command, the image is successfully created and everything works fine. However I can't use the Dockerfile with docker-compose.

Here's the part of Dockerfile where I use the BuildKit mount feature:

RUN mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts

RUN --mount=type=ssh npm install

When building the image with Dockerfile alone I pass the --ssh default argument, like this and it successfully installs the private repo:

docker build --ssh default -t CONTAINER_NAME .

Following this article, inside the docker-compose.yml file I have included the $SSH_AUTH_SOCK like this:

environment:
      - NODE_ENV:${NODE_ENV}
      - SSH_AUTH_SOCK:${SSH_AUTH_SOCK}
volumes:
      - $SSH_AUTH_SOCK:${SSH_AUTH_SOCK}

However I get this error whenever I try to run docker-compose up

#11 44.97 npm ERR! code 128
#11 44.97 npm ERR! An unknown git error occurred
#11 44.97 npm ERR! command git --no-replace-objects ls-remote ssh://[email protected]/organization/repo.git
#11 44.97 npm ERR! [email protected]: Permission denied (publickey).
#11 44.97 npm ERR! fatal: Could not read from remote repository.
#11 44.97 npm ERR! 
#11 44.97 npm ERR! Please make sure you have the correct access rights
#11 44.97 npm ERR! and the repository exists.

Any idea what I am doing wrong?

Answer 1

They have added the ssh flag as option to the build key in compose: https://github.com/compose-spec/compose-spec/pull/234

services:
  sample:
    build:
      context: .
      ssh:
        - default

Answer 2

Your environment syntax is incorrect. The environment block can either be a list of NAME=VALUE pairs:

environment:
  - SSH_AUTH_SOCK=${SSH_AUTH_SOCK}

Or it can be a dictionary:

environment:
  SSH_AUTH_SOCK: ${SSH_AUTH_SOCK}

Yours is neither of those things, so your container has no SSH_AUTH_SOCK environment variable.

If I use this docker-compose.yaml file:

version: "3"

services:
  ssh:
    image: fedora:35
    environment:
      - SSH_AUTH_SOCK=${SSH_AUTH_SOCK}
    volumes:
      - ${SSH_AUTH_SOCK}:${SSH_AUTH_SOCK}
    command:
      - sh
      - -c
      - |
        yum -y install openssh-clients
        sleep inf

I can exec into the container (after waiting for the package installation to complete) and verify that it is able to talk to my agent:

$ docker-compose exec ssh ssh-add -l
2048 SHA256:... (RSA)
4096 SHA256:... (RSA)

---

Also, one unrelated comment about your volumes: block: you're being inconsistent in how you refer to variables. This isn't a problem, but it hurts my brain (and inconsistencies like this can sometimes lead to weird problems in other contexts). You might as well just always use the ${varname} syntax when referring to environment variables:

volumes:
  - ${SSH_AUTH_SOCK}:${SSH_AUTH_SOCK}