Translate docker run into subcomponents

Question

I have this docker run command:

docker run --rm --name=gitleaks \
   -v "/keys/ssh/values:/root/.ssh"  \
   zricethezav/gitleaks  \
   --ssh-key='bucket' \
   --repo "$line"

I tranlated it to this:

  docker create zricethezav/gitleaks --name=gitleaks
  docker cp /keys/ssh/values gitleaks:/root/.ssh
  docker start gitleaks  --ssh-key='bucket' --repo "$line"

but it gives me this error:

Error: No such container:path: gitleaks:/root
unknown flag: --ssh-key

Does anybody know where I went wrong? Ultimately I am calling docker run from within a running container and am having trouble sharing files, so trying to get docker cp to work.

Answer 1

You need to use the docker container ID not its name for the copy.

The ID is returned when creating the container,so:

ID=$(docker create zricethezav/gitleaks --name=gitleaks)
docker cp /keys/ssh/values ${ID}:/root/.ssh

If you've already created the container, you can:

ID=$(docker inspect gitleaks --format="{{.ID}}")

But, @mihai is correct and I'm unsure how you'd be able to then configure the container for the start.

I think the correct approach to this is to FROM:gitleaks and build your own image (Dockerfile) that adds your keys.

The documentation provides an explanation for using a GitHub token to access private repos:

https://github.com/zricethezav/gitleaks#docker-usage-examples

Answer 2

Issue is with your first and second command syntax.

docker create zricethezav/gitleaks --name=gitleaks 

--name should be before image name, otherwise docker create will interpret it as COMMAND argument instead of OPTIONS flag.

 docker start gitleaks --ssh-key='bucket' --repo "$line"

I understand you want to run the image with parameters --ssh-key and --repo, however it's not possible with docker start command. If you want to have these parameters passed to the process run by the image, you should pas these parameters to docker create or docker run command after the image name.

So you should do:

# Mind the --name before the image name
docker create --name=gitleaks zricethezav/gitleaks --ssh-key='bucket' --repo "$line"
docker cp /keys/ssh/values gitleaks:/root/.ssh
docker start gitleaks

Explanations for docker create:

docker create usage is:

docker create [OPTIONS] IMAGE [COMMAND] [ARG...]

Where OPTIONS flags should be specified before IMAGE, and everything after IMAGE will be interpreted as COMMAND and ARG....

When you are running

docker create zricethezav/gitleaks --name=gitleaks

You are in fact passing --name=gitleaks as COMMAND which will override default image command (the one tipycally provided by CMD in Dockerfile), where you probably want to pass it as OPTIONS. For example, if you run:

docker create alpine --name=foobar
docker create --name=foobar alpine

docker ps -a output will look like:

IMAGE        COMMAND              NAMES
alpine       "/bin/sh"            foobar
alpine       "--name=foobar"      quirky_varahamihira

If you want to pass both OPTIONS and COMMAND, you must specify OPTIONS before the image name and COMMAND after the image name.

Answer 3

tl;dr The ideal translation would be

docker create --rm --name=gitleaks zricethezav/gitleaks --ssh-key='bucket' --repo "$line"
docker cp /keys/ssh/values gitleaks:/root/.ssh
docker start gitleaks

---

(X) 1. docker create zricethezav/gitleaks --name=gitleaks

Your translation does not match the usage description of docker create.

docker create [OPTIONS] IMAGE [COMMAND] [ARG...]

So, you need to swap your option --name=gitleaks with the image name:

docker create --name=gitleaks zricethezav/gitleaks

(✓) 2. docker cp /keys/ssh/values gitleaks:/root/.ssh

This will be executed successfully.

(X) 3. docker start gitleaks --ssh-key='bucket' --repo "$line"

This will throw an error saying:

unknown flag: --ssh-key

According to usage description of docker start, it is not possible to pass command nor argument to an already existing container.

You have two alternatives though to overcome this problem:

1. Append --ssh-key='bucket' --repo "$line" to docker create --name=gitleaks zricethezav/gitleaks

2. Or if you are bored, you can try this instead.

as you can see I also failed to translate the --rm flag from docker run to the 3 subcommands, not sure where to put that

The --rm option is available for docker create, so you should put it there. And also, as Mihai mentioned, you should pass your arguments (--ssh-key etc.) while running docker create:

docker create --rm --name=gitleaks zricethezav/gitleaks --ssh-key='bucket' --repo "$line"