docker build -t remote-settings-git-reader .See the Container Entry Points documentation for details on settings.
We have included a docker-compose file to make running locally easy.
The application needs access to a Git repository containing Remote Settings data (read-only):
docker compose run git-reader
# OR
docker run --rm -p 8000:8000 \
-e GIT_REPO_PATH=/mnt/data/latest \
-e SELF_CONTAINED=true \
-v /mnt/git/remote-settings-data:/mnt/data:ro \
remote-settings-git-readerBut first, we will initialize the folder structure required to execute Git updates atomically.
Use the gitupdate command and the GIT_REPO_URL environment variable to specify the repository to clone:
docker compose run \
-e GIT_REPO_URL=git@github.com:mozilla/remote-settings-data.git \
git-reader gitupdate
# OR
docker run --rm \
-e GIT_REPO_URL=git@github.com:mozilla/remote-settings-data.git \
-e GIT_REPO_PATH=/mnt/data/latest \
-e SELF_CONTAINED=true \
-v /mnt/git/remote-settings-data:/mnt/data \
remote-settings-git-reader gitupdateUnless you used an anonymous clone, this is likely to fail, as the container needs access to the Git repository via SSH.
When cloning the repository anonymously (from https://...) the Git LFS is rate-limited and it is very likely that you will hit the limit when pulling the LFS files.
To avoid this, we clone the repository via SSH for authentication.
Since the container is going to regularly run Git fetch commands to keep the repository up to date, you need to let the container use your SSH keys. There are two approaches.
- Forward the host SSH agent into the container.
This requires to have a SSH agent working on the host. It has the advantage of not requiring the container to have access to the actual key and passphrase (if any).
docker compose run \
-e GIT_REPO_URL=git@github.com:mozilla/remote-settings-data.git \
-e SSH_AUTH_SOCK=/app/ssh-agent \
-v $SSH_AUTH_SOCK:/app/ssh-agent \
git-reader gitupdate
# OR
docker run --rm \
-e GIT_REPO_PATH=/mnt/data/latest \
-e SELF_CONTAINED=true \
-v /mnt/git/remote-settings-data:/mnt/data \
-e SSH_AUTH_SOCK=/app/ssh-agent \
-v $SSH_AUTH_SOCK:/app/ssh-agent \
remote-settings-git-reader gitupdate- Or mount the private key file into the container.
This requires to have the private key file accessible on the host. You can mount the directory containing the key file into the container. The SSH key should not require any passphrase.
mkdir ssh-material/
cp ~/.ssh/id_ed25519* ssh-material/
ssh-keyscan github.com >> ssh-material/known_hosts
cat > ssh-material/config <<EOF
Host github.com
HostName github.com
User git
IdentityFile /app/.ssh/id_ed25519
EOFAnd then mount the SSH material directory into the container:
docker compose run \
-e GIT_REPO_URL=git@github.com:mozilla/remote-settings-data.git \
-v `pwd`/ssh-material:/app/.ssh \
git-reader gitupdate
# OR
docker run --rm \
-e GIT_REPO_PATH=/mnt/data/latest \
-e SELF_CONTAINED=true \
-v /mnt/git/remote-settings-data:/mnt/data \
-v `pwd`/ssh-material:/app/.ssh \
remote-settings-git-reader gitupdateYou can test your SSH setup:
docker run \
<...chosen approach...>
remote-settings-git-reader \
ssh -T git@github.com
Hi <username>! You've successfully authenticated, but GitHub does not provide shell access.Once the repository is initialized, you can run the gitupdate command to fetch updates from the remote repository:
For example, every 5 minutes in a cronjob:
*/5 * * * * docker run ...