I am looking for some insight in the best practices of this.
I have a pull-only ssh-key with access to a github repository of notebooks that I would like to have users access.
As I see it, there are currently two ways of doing this:
SSH-access from the
RUN-command in the Dockerfile:
RUN --mount=type=ssh git clone firstname.lastname@example.org:myorg/myproject.git myproject
and when building doing
docker build --ssh ssh_key. I have the
ssh-key exposed as a GitHub secret.
However, where should these files be moved in order for the users to have access to them?
Also, this has the drawback of the examples being cached with the image, so any modifications in the example-github repository will not be reflected in the deployment until the image is re-pulled.
Do all of this in a postStart hook. This to me seems the easiest, but I do not know how to get the ssh-token in a secure manner. This has the benefit of repulling the examples on every user.
I am aware of
nbgitpuller, however, this does not support private repositories as far as I am aware.
If someone could shed some light on this issue, I’d be very happy.
Thanks in advance!