From 45a98b469375eaef10bbc450b7a3e08457c28c74 Mon Sep 17 00:00:00 2001 From: Jason Dictos Date: Mon, 8 Apr 2024 12:59:00 -0700 Subject: [PATCH] Add ssh identity support Signed-off-by: Jason Dictos --- Dockerfile | 1 + README.md | 4 ++++ assets/out | 11 +++++++++++ tests/fixtures/ssh_identity | 7 +++++++ tests/out_test.go | 18 ++++++++++++++++++ 5 files changed, 41 insertions(+) create mode 100644 tests/fixtures/ssh_identity diff --git a/Dockerfile b/Dockerfile index 328871d7..fed8e574 100644 --- a/Dockerfile +++ b/Dockerfile @@ -45,6 +45,7 @@ RUN apt update && apt install -y --no-install-recommends \ docker-ce \ docker-buildx-plugin \ jq \ + openssh-client \ ca-certificates \ xz-utils \ iproute2 \ diff --git a/README.md b/README.md index 2695443d..66e7ce23 100644 --- a/README.md +++ b/README.md @@ -277,6 +277,10 @@ version is the image's digest. * `pull_tag`: *Optional.* **DEPRECATED. Use `get` and `load` instead.** Default `latest`. The tag of the repository to pull down via `pull_repository`. +* `ssh_identity`: *Optional.* Set to an openssh private SSH key file + this identity will be passed to `docker build` via the `--ssh default` argument + through a temporary `ssh-agent` instance. + * `tag`: **DEPRECATED - Use `tag_file` instead** * `tag_file`: *Optional.* The value should be a path to a file containing the name of the tag. When not set, the Docker build will be pushed with tag value set by diff --git a/assets/out b/assets/out index e605e268..fc5f1117 100755 --- a/assets/out +++ b/assets/out @@ -126,6 +126,7 @@ import_file=$(jq -r '.params.import_file // ""' < $payload) pull_repository=$(jq -r '.params.pull_repository // ""' < $payload) pull_tag=$(jq -r '.params.pull_tag // "latest"' < $payload) +ssh_identity=$(jq -r '.params.ssh_identity // ""' < $payload) target_name=$(jq -r '.params.target_name // ""' < $payload) if [ -n "$load" ]; then @@ -237,6 +238,16 @@ elif [ -n "$build" ]; then fi fi + ssh_args=() + if [ -n "$ssh_identity" ]; then + export DOCKER_BUILDKIT=1 + eval "$(ssh-agent)" + trap "ssh-agent -k; $( trap -p EXIT | cut -f2 -d \' )" EXIT + ssh-add "$ssh_identity" + ssh_args+=("--ssh") + ssh_args+=("default") + fi + target=() if [ -n "${target_name}" ]; then target+=("--target") diff --git a/tests/fixtures/ssh_identity b/tests/fixtures/ssh_identity new file mode 100644 index 00000000..695743b0 --- /dev/null +++ b/tests/fixtures/ssh_identity @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACCTcY7/Q4JTr+zc5uuLSndCM8uiMBdf2H3JHTaCw1POrQAAAJiSPsoAkj7K +AAAAAAtzc2gtZWQyNTUxOQAAACCTcY7/Q4JTr+zc5uuLSndCM8uiMBdf2H3JHTaCw1POrQ +AAAEBhwFGOegUZ/wTf18i/9SNbDgZ0P/BJtPUoGHdvi2bNtJNxjv9DglOv7Nzm64tKd0Iz +y6IwF1/YfckdNoLDU86tAAAAE3NvbWVvbmVAZXhhbXBsZS5jb20BAg== +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/out_test.go b/tests/out_test.go index 802df105..a263a991 100644 --- a/tests/out_test.go +++ b/tests/out_test.go @@ -484,6 +484,24 @@ var _ = Describe("Out", func() { }) }) + Context("When specifying ssh_identity", func() { + It("should set ssh args", func() { + session := put(map[string]interface{}{ + "source": map[string]interface{}{ + "repository": "test", + }, + "params": map[string]interface{}{ + "build": "/docker-image-resource/tests/fixtures/build", + "additional_tags": "/docker-image-resource/tests/fixtures/tags", + "ssh_identity": "/docker-image-resource/tests/fixtures/ssh_identity", + }, + }, + ) + Expect(session.Err).To(gbytes.Say(dockerarg(`--ssh`))) + Expect(session.Err).To(gbytes.Say(dockerarg(`default`))) + }) + }) + Context("When passing additional_tags ", func() { It("should push add the additional_tags", func() { session := put(map[string]interface{}{