Suppose you have a private Git Repository in your project, how do you solve it? Right now go mod defaults to proxy.golang.org
to grab the latest data, but if you want to grab the private one, you need to do it some other way:
|
|
The above represents the go command that tells you to read github.com/appleboy
as soon as you encounter it, no need to go through the Proxy process. Using GitHub as an example, how do you use it for local development? First, you have to apply for a Personal Access Token, and then set up the Git
|
|
The Username is the GitHub account, and the Access token is the Personal Access Token above.
With Drone CI/CD
The first step in the CI/CD process is to download the Go package, so we need to do the above steps again. First, write main.go.
In this case, golang-private
is a private repository. Then copy the YAML file to Drone as in the native version.
|
|
Compiling with Dockerfile
Now that Docker supports Multiple Stage, basically many deployment methods are moving towards a Dockerfile solution, and of course the Go language is no exception, so let’s look at the traditional way of writing:
|
|
From the above, you can see that the same way to read Private Repository in Docker using git, but you will find two problems with the above compiled image, the first is the file size is particularly large, of course you will say that then use alpine can also ah, yes, but still very large. The other most important problem is that ACCESS_TOKEN
is exposed, so you can run docker build directly on the local side first.
Then you can use the following command to find out directly what commands are given and what parameters are brought in for each layer?
You will find a line where you can see the ACCESS_TOKEN
of your application.
|
|
If your docker image is on docker hub and is public, it will be taken away directly. It’s the same as having your GitHub account stolen. What is the best way to solve this problem? It’s simple: you can solve it with multiple stages.
|
|
Using multiple stages not only minimizes image size, but also prevents specific ARGS from being seen to be broken. In this way, you can successfully read private git repositories with optimal security.
Integrate Drone to automate Docker Image uploads
The above simply passes ACCESS_TOKEN to ARGS settings via environment
. With Drone, it is easy to automatically compile and upload to Docker Hub or your own Private Registry.