Add ssh identity support

Signed-off-by: Jason Dictos <[email protected]>
concourse · Apr 8, 2024 · 45a98b4 · 45a98b4
1 parent c87d1c0
commit 45a98b4
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -45,6 +45,7 @@ RUN apt update && apt install -y --no-install-recommends \
     docker-ce \
     docker-buildx-plugin \
     jq \
+    openssh-client \
     ca-certificates \
     xz-utils \
     iproute2 \

diff --git a/README.md b/README.md
@@ -277,6 +277,10 @@ version is the image's digest.
 * `pull_tag`: *Optional.*  **DEPRECATED. Use `get` and `load` instead.** Default
   `latest`. The tag of the repository to pull down via `pull_repository`.
 
+* `ssh_identity`: *Optional.* Set to an openssh private SSH key file
+  this identity will be passed to `docker build` via the `--ssh default` argument
+  through a temporary `ssh-agent` instance.
+
 * `tag`: **DEPRECATED - Use `tag_file` instead**
 * `tag_file`: *Optional.* The value should be a path to a file containing the name
   of the tag. When not set, the Docker build will be pushed with tag value set by

diff --git a/assets/out b/assets/out
@@ -126,6 +126,7 @@ import_file=$(jq -r '.params.import_file // ""' < $payload)
 
 pull_repository=$(jq -r '.params.pull_repository // ""' < $payload)
 pull_tag=$(jq -r '.params.pull_tag // "latest"' < $payload)
+ssh_identity=$(jq -r '.params.ssh_identity // ""' < $payload)
 target_name=$(jq -r '.params.target_name // ""' < $payload)
 
 if [ -n "$load" ]; then
@@ -237,6 +238,16 @@ elif [ -n "$build" ]; then
     fi
   fi
 
+  ssh_args=()
+  if [ -n "$ssh_identity" ]; then
+    export DOCKER_BUILDKIT=1
+    eval "$(ssh-agent)"
+    trap "ssh-agent -k; $( trap -p EXIT | cut -f2 -d \' )" EXIT
+    ssh-add "$ssh_identity"
+    ssh_args+=("--ssh")
+    ssh_args+=("default")
+  fi
+
   target=()
   if [ -n "${target_name}" ]; then
    target+=("--target")

diff --git a/tests/fixtures/ssh_identity b/tests/fixtures/ssh_identity
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACCTcY7/Q4JTr+zc5uuLSndCM8uiMBdf2H3JHTaCw1POrQAAAJiSPsoAkj7K
+AAAAAAtzc2gtZWQyNTUxOQAAACCTcY7/Q4JTr+zc5uuLSndCM8uiMBdf2H3JHTaCw1POrQ
+AAAEBhwFGOegUZ/wTf18i/9SNbDgZ0P/BJtPUoGHdvi2bNtJNxjv9DglOv7Nzm64tKd0Iz
+y6IwF1/YfckdNoLDU86tAAAAE3NvbWVvbmVAZXhhbXBsZS5jb20BAg==
+-----END OPENSSH PRIVATE KEY-----
diff --git a/tests/out_test.go b/tests/out_test.go
@@ -484,6 +484,24 @@ var _ = Describe("Out", func() {
 		})
 	})
 
+	Context("When specifying ssh_identity", func() {
+		It("should set ssh args", func() {
+			session := put(map[string]interface{}{
+				"source": map[string]interface{}{
+					"repository": "test",
+				},
+				"params": map[string]interface{}{
+					"build":           "/docker-image-resource/tests/fixtures/build",
+					"additional_tags": "/docker-image-resource/tests/fixtures/tags",
+				  "ssh_identity": "/docker-image-resource/tests/fixtures/ssh_identity",
+				},
+			},
+			)
+			Expect(session.Err).To(gbytes.Say(dockerarg(`--ssh`)))
+			Expect(session.Err).To(gbytes.Say(dockerarg(`default`)))
+		})
+	})
+
 	Context("When passing additional_tags ", func() {
 		It("should push add the additional_tags", func() {
 			session := put(map[string]interface{}{