#passing credentials to build private go modules in dagger

# put the contents of the private key argument into id_rsa inside our ssh folder and give permissions
# Then download our modules and private modules, finally delete the ssh key.
RUN echo "$SSH_PRIVATE_KEY" > /root/.ssh/id_rsa && \
chmod 600 /root/.ssh/id_rsa && \
go mod download && rm -rf /root/.ssh

Hi folks

I am currently doing the above to pass github credentials to my docker build file. i don't particularly like passing ssh credentials like this.i would prefer something like a github token of some sort. is there a better way to build private go modules in a container that i can use in a dagger module ? how do people do it ?

https://github.com/dagger/dagger/issues/5521
this is basically what i am trying to do. unfortunately it looks like that is is not in the cookbook anymore. would help for the next person 🙂

this basically. If you could port your Dockerfile to native Dagger code that'd be better as you can pass your ssh-auth socket instead of sending your private key in

you can also use access tokens and change the git config like:

git config --global url."https://${GITHUB_ACCESS_TOKEN}:@github.com/".insteadOf "https://github.com/"

to be frank i would prefer to use github_token since i want the same module to be used locally and fro mthe ci/cd/ as such i am trying to use github_token as you mentioned just now

i am going to to see if ican make that work first

👍 with or without a Dockerfile?

without a Dockerfile should be easier and simpler

no dockerfile at all .. using go sdk only

this works:

func (m *Lala) Test(src *dagger.Directory, token *dagger.Secret) *dagger.Container {
    return dag.
        Container().
        From("golang:1.23").
        WithDirectory("/app", src).
        WithWorkdir("/app").
        WithSecretVariable("GITHUB_TOKEN", token).
        WithExec([]string{"bash", "-c", `git config --global url."https://${GITHUB_TOKEN}:@github.com/marcosnils/containers".insteadOf https://github.com/marcosnils/containers`}).
        WithEnvVariable("GOPRIVATE", "github.com/marcosnils/containers").
        WithExec([]string{"go", "build", "."})
}

i am using the github fine grained tokens and would appreciate if you know what permissions does it take to clone a repo ..

Hmm not really sure. I can try a bit later

When using fine-grained tokens you have to prefix the token with oauth2: user.
like this:

https://oauth2:<your-fine-grained-token>@github.com/owner/repo.git

You need to grant Permissions Commit statuses, Contents, Pull requests and Metadata as Read to be able to Clone repositories.

That's according to SO

oh cooool lemme try that

would you please point me to where you got that doc .. something looks fishy

https://stackoverflow.com/questions/42148841/github-clone-with-oauth-access-token/66156992#66156992

oh you had an extra / in there thanks !!!

this might be relevant also: https://github.com/actions/checkout/issues/779#issuecomment-1291038305

@fossil rivet in the computer now

just verified and it works

these are the only permissions my fine-grained token needs:

and here's my example function:

func (m *Lala) Test(src *dagger.Directory, token *dagger.Secret) *dagger.Container {
    return dag.
        Container().
        From("golang:1.23").
        WithDirectory("/app", src).
        WithWorkdir("/app").
        WithSecretVariable("GITHUB_TOKEN", token).
        WithExec([]string{"bash", "-c", `git config --global url."https://oauth2:${GITHUB_TOKEN}@github.com/marcosnils/containers".insteadOf https://github.com/marcosnils/containers`}).
        WithEnvVariable("GOPRIVATE", "github.com/marcosnils/containers").
        WithExec([]string{"go", "build", "."})
}

finally got it to work !!! thank youuuuuu !!!!

hey everyone, I stumbeled upon this thread from GH trying to solve a similar issue. I pretty much copied the example you have here, but I am getting an error: invalid key: when trying to pass my token. Let me know if you want to continue here, or if we should start a new thread.