https://pantsbuild.org/ logo
#general
Title
# general
e

echoing-farmer-15630

12/17/2021, 8:25 PM
OK, excited about the docker functionality in 2.8 and got it to do... most of my containers. But I'm having a little pickle with a few which rely on private repos. I was able to get docker-buildkit functionality working with
pants.toml
and
Copy code
[docker]
env_vars=["DOCKER_BUILDKIT=1", "SSH_AUTH_SOCK"]
...so that I could get
mount=type=ssh
working for ssh authentication, and that's where we go a bit wrong. Running under pants, dockerfiles with
RUN --mount=type=ssh
don't seem to work, even though in the generated
__run.sh
includes the required
Copy code
#!/bin/bash
# This command line should execute the same process as pants did internally.
export DOCKER_BUILDKIT=1 SSH_AUTH_SOCK=/tmp/path/to/ssh/agent/sock
cd /tmp/process-directory-tmp
/usr/bin/docker build -t $'my-tag' -f my-dockerfile .
if I
cd
to that directory and run
__run.sh
, everything builds. If I
pants package my-docker-target
, which is what generated that file, it doesn't build and gives an ssh key error when downloading custom requirements from a private github repo. Anything we can do about that? Am I missing a flag or is this a problem with the docker backend?
c

curved-television-6568

12/17/2021, 8:41 PM
Cool. Sounds like an issue with the docker backend. But I’m puzzled as to why the
__run.sh
script works, when it doesn’t when running with
./pants
.. I’ll dig into this a bit, but I’ll certainly need some assistance, as I’ve no experience with using ssh auth sock et al.
Could it be that when you run
__run.sh
as yourself, there’s some USER or HOME env vars set that presents some ssh keys that’s perhaps not present when running through pants.. ?
It’s Friday night here, so will not be able to make any progress on this until Monday/Tuesday..
e

echoing-farmer-15630

12/17/2021, 8:53 PM
No real problem, and thanks for looking into it; glad to provide as much as possible (it's friday night here as well, so I totally get it). No rush on this. Our existing non-pants build scripts keep building just fine, but I was really excited that with pants we can at least attempt building docker containers in parallel (which is something I've desired for a while).
I'm wondering if there's some shelling to the docker process that doesn't somehow pass ... okay, I admit I'm not clear how SSH_AUTH_SOCK works or if there's more ssh-agent magic that needs to be done in the subshell.
But I do know that the existing pants targets that use those requirements DO run, so there's that!
Addendum to the docker functionality: hmm, we also rely on multistage builds so some containers have a "dev" target (ie
docker build ... --target dev
) and it doesn't look like the existing pants docker functionality allows that, so there's even less urgency, but I'm very excited to see this and begin using it. It is after all during Christmas week so no rush although if you want I can add tickets for these if they need them.
👍 1
c

curved-television-6568

12/20/2021, 3:03 PM
Please write tickets, that would be great.
I’ve been thinking about the
--target
option, and if it would be a requested feature. Happy to add it if it is something you need.
6 Views