#🐳 SSH support for dockerfiles

Hey dagger team. Our team is about to do a big migration for all our repos at Nine to get onto dagger. We are going to need to touch 300+ repos which all have dockerfiles right now, many of them go repos.

For this we were planning on using the .dockerBuild() api. It seems that we use the SSH socket feature of Dockerfile to resolve private dependencies when building our go apps.

It seems this is not supported yet by dagger

Is there any possibility of supporting this in the near future?

Thanks guys

Relevant discord chat: https://discord.com/channels/707636530424053791/1387349992469172324

Yeah lemme look at what it would take and get back

No problem thanks Erik!

I got something working, just adding a few more tests to double check, but seems like it should be doable in next release.

The way it would work right now is you have to pass a ⁨Socket⁩ argument explicitly into the ⁨.DockerBuild⁩ call, e.g. in a go module would look like:
⁨```go
func (m *MyModule) DoDockerbuild(ctx context.Context, dir *dagger.Directory, sshSock *dagger.Socket) *dagger.Container {
return dir.DockerBuild(dagger.DirectoryDockerBuildOpts{SSH: sshSock})
}

Which could then be invoked e.g. by the CLI with ⁨`dagger call do-dockerbuild --dir . --ssh-sock $SSH_AUTH_SOCK`⁩

Would that work for you @rare sundial? It would be a little less magical then just automatically getting the client's SSH_AUTH_SOCK, but doing that automagically gets a lot more involved and may take longer to implement.

Yeah that is what I imagined the interface would look like. This will be really handy.

@nimble cove isn't upcoming theseus-ification going to cause issues for dockerfile compat?

There's plans there, don't worry about it 😄

Another thing... he he. We identified yesterday that our dockerfiles depend on images in our private ecr... any chance we could have the ability to pass the registry auth to the dockerfile build as well?

I.e. the equivalent of dag.Container().WithRegistryAuth()

Do you store the registry auth on your dagger client's host? I.e. run ⁨docker login⁩ or otherwise create auth entries in ⁨~/.docker/config.json⁩?

If so, you shouldn't need to explicitly pass them, should be used transparently even by Dockerfile

We do when running locally. We dont in CI however are you saying if we did then this would just work?

Yeah if you did that in CI on the machine your dagger client runs, it should just work. That'd probably be easiest

@carmine sundial we could possibly do it this way and then get rid of the whole registryauth pattern we implemented everywhere

Currently many modules accept an optional interface to provide registry auth... maybe we should be just authing at the host that the client is running on

Would certainly make things cleaner.

Only thing to consider is that we do sometimes need some cross account access, but I think recently we have been getting this done by granting our main account access to all the other ecrs in other accounts.

@nimble cove just to confirm does the dagger CLI just scan the ~/.docker/config.json on the host its running? And this would work without actually requiring the docker engine to be running? We are running github actions self hosted runners which have the dagger cli installed. We dont have any docker components running.

Yes correct

Ahah!

Will discuss with Luke and get back to yoh

(for the sockets https://github.com/dagger/dagger/pull/11793)

Amazing 🙂 Sorry to pester haha but wondering when the next release will be ? We are just trying to plan ahead, wondering what we should do in the mean time

Btw thanks so much for this Erik, honestly a life saver for us 🙂

Current plan is by end of the week!

no problem, glad to help!

Really! Oh so good 🙂

Thank you 🙂