How do I git pull a private repository of example notebooks (Z2JH)


I am looking for some insight in the best practices of this.
I have a pull-only ssh-key with access to a github repository of notebooks that I would like to have users access.

As I see it, there are currently two ways of doing this:

  1. Accessing SSH-access from the RUN-command in the Dockerfile:
    RUN --mount=type=ssh git clone myproject
    and when building doing docker build --ssh ssh_key. I have the ssh-key exposed as a GitHub secret.
    However, where should these files be moved in order for the users to have access to them?
    Also, this has the drawback of the examples being cached with the image, so any modifications in the example-github repository will not be reflected in the deployment until the image is re-pulled.

  2. Do all of this in a postStart hook. This to me seems the easiest, but I do not know how to get the ssh-token in a secure manner. This has the benefit of repulling the examples on every user.

I am aware of nbgitpuller, however, this does not support private repositories as far as I am aware.

If someone could shed some light on this issue, I’d be very happy.

Thanks in advance! :slight_smile:

Just brief input from my mobile:

  • you can configure git with environment variables to a large degree
  • you could mount a git configuration file in some /etc folder
  • you could also mount the actual SSH key, and point to it with an env var

Thanks for the suggestions!

I must admit I have no previous experience with these options. Are there any security considerations to take into account here? I find mounting ssh-keys scary, with fear of traces being left.