1

I'm trying to build a Python docker image which pip installs from a private repository using ssh. The details of which are in a requirements.txt file.

I've spent a long time reading guides from StackOverflow as well as the official Docker documentation on the subject ...

https://docs.docker.com/develop/develop-images/build_enhancements/#using-ssh-to-access-private-data-in-builds https://docs.docker.com/compose/compose-file/build/#ssh

... and have come up with a Dockerfile which builds and runs fine when using:

$ docker build --ssh default -t build_tester .

However, when I try to do the same in a docker-compose.yml file, I get the following error:

$ docker-compose up

services.build-tester.build Additional property ssh is not allowed

This is the same even when enabling buildkit:

$ COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 docker-compose up

services.build-tester.build Additional property ssh is not allowed

Project structure

- docker-compose.yml
- build_files
  - Dockerfile
  - requirements.txt
  - app
    - app.py

Dockerfile

# syntax=docker/dockerfile:1.2

FROM python:bullseye as builder

RUN mkdir -p /build/
WORKDIR /build/

RUN apt-get update; \
    apt-get install -y git; \
    rm -rf /var/lib/apt/lists/*

RUN mkdir -p -m 0600 ~/.ssh; \
    ssh-keyscan -H github.com >> ~/.ssh/known_hosts

RUN python3 -m venv env; \
    env/bin/pip install --upgrade pip

COPY requirements.txt .
RUN --mount=type=ssh \
    env/bin/pip install -r requirements.txt; \
    rm requirements.txt

FROM python:slim as runner

RUN mkdir -p /app/
WORKDIR /app/

COPY --from=builder /build/ .
COPY app/ .

CMD ["env/bin/python", "app.py"]

docker-compose.yml

services:
  build-tester:
    container_name: build-tester
    image: build-tester
    build: 
      context: build_files
      dockerfile: Dockerfile
      ssh:
        - default

If I remove ...

ssh:
  - default

... the docker-compose up command builds the image OK but obviously doesn't run as app.py doesn't have the required packages installed from pip.

I'd really like to be able to get this working in this way if possible so any advice would be much appreciated.

Improve this question
2
  • 1
    It looks like --ssh is a valid option on the docker compose build command, but not on docker-compose build (with a dash). The joy of forked projects :) docs.docker.com/engine/reference/commandline/compose_build Commented Jun 20, 2022 at 16:13
  • Yes. It ended up being a simple fix of installing the latest version of docker-compose! Commented Jun 20, 2022 at 16:35

1 Answer 1

Reset to default
4

OK - so ended up being a very simple fix... Just needed to ensure docker-compose was updated to version 2.6 on my Mac.

For some reason brew wasn't updating my docker cask properly so was still running a package from early Jan 2022. Seems --ssh compatibility was added sometime between then and now.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.