This isnt a Go question. It's a Docker and Security question.
First off, it isnt ideal to build Go apps as part of the build. Typically you would build the binary locallly on ur machine targeting the Dockerfile FROM you have set. There is zero reason not to, as there is a Go complier for every machine, and you can GOOS and GOARCH target any machine.
But for your usecase, using a private repo, it is even more critical not to build within your container because regardless of how you get the code into your container to build, you'll have a container with private files or worse your ssh key. A container that you have to upload and host and run somewhere.
That is not ideal, however you look at it.
However, if you are determined to leak your code and/or key, you only have two options:
git clonethe private repo on your local/build machine yhat is authorized to access the private repo and useCOPYwithin ur Dockerfile to copy it.Use Dockerfile
COPYto copy your local machine's SSH key that you have authorized for your remote repo, into the container so that you can RUN git commands (which you'll also need git and ssh installed).
Again, those are not ideal. Build the Go app locally, target the container's type, and copy the binary over. It really couldnt be easier.
As for dependency management, i've never used glide; but, i wrote a popular answer about versioning dependencies with /vendor.
