This question betrays a lot of ignorance, so please be nice.
Problem: building Node or Python applications in a container where the code depends on modules in private git repositories (on BitBucket, Github, etc) accessed via ssh without adding the ssh keys to the container.
Proposed Solution: using the ssh credentials already on my host, check out the code to the local build context before the build begins and modify package.json/requirements.txt to install from local sources instead of git.
Is there a tool that already does this? I couldn’t figure out a way to get npm
to pull modules locally for me without running the module’s build scripts. I just want the code, no build actions. I haven’t tried with pip
yet, but I suspect I’ll hit the same kind of problems.
So I’m thinking of writing something that just parses packages.json
and requirements.txt
and pulls out the git locations, then git pull
s them to a subdirectory, then updates the dependency file to show the new location. If I need it to get fancy, I can do that recursively, but my current private dependencies are only one layer deep.
What do you think? is there a better way to do this?