DEV Community

Samuele Mattiuzzo
Samuele Mattiuzzo

Posted on

[question/help] How can one use docker-compose to install packages from a requirements file when one is behind a private repo?

Hi all, I have never asked a question before on DEV.to, but it's about time. I just joined a new project and while trying to get set up, docker-compose up hangs.

Upon inspection of the code, I realised the problem is simply that the package repo we're trying to clone inside the image is a private one.

Without using personal access tokens or whatnot, how would one go about it? The things I'd love to avoid, if possible, are:

  • user input neede (eg: "export your ssh key before setting all of this up")
  • intermediate throwaway image with the ssh details in it

The private repo is on bitbucket, that allows to have a Server SSH key in read-only mode to authorise other apps, but that still means (I think?) I'd have to use and share that key somehow.

The app that is trying to pull that package is private as well, so I suspect that shouldn't be an issue, but does not seem solid enough to me.
Thoughts?

Top comments (2)

Collapse
 
jefftriplett profile image
Jeff Triplett (he/him)

For Bitbucket you do need an access token. I recommend that you create a bot user and generate an access token for it using one of the following formats:

  • Tarball URL will be https://<botusername>:<access_token>@bitbucket.org/<myorg>/<myproject>/get/<ref>.zip
  • VCS Tarball will be git+https://<botusername>:<access_token>@bitbucket.org/<myorg>/<myproject>.git@<ref>

One of my colleagues wrote a pretty thorough article about various options: revsys.com/tidbits/using-private-p...

Collapse
 
sylvainmetayer profile image
Sylvain METAYER

Why not a mounted volume? Each developer use its own SSH key, clone repo on host and then run docker compose up with mounted volume?