Skip to content

Commit

Permalink
Add ssh identity support
Browse files Browse the repository at this point in the history
Signed-off-by: Jason Dictos <[email protected]>
  • Loading branch information
JasonDictos committed Apr 8, 2024
1 parent c87d1c0 commit e8c703e
Show file tree
Hide file tree
Showing 5 changed files with 87 additions and 0 deletions.
1 change: 1 addition & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ RUN apt update && apt install -y --no-install-recommends \
docker-ce \
docker-buildx-plugin \
jq \
openssh-client \
ca-certificates \
xz-utils \
iproute2 \
Expand Down
21 changes: 21 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,27 @@ version is the image's digest.
* `pull_tag`: *Optional.* **DEPRECATED. Use `get` and `load` instead.** Default
`latest`. The tag of the repository to pull down via `pull_repository`.

* `ssh_identity`: *Optional.* Set to an openssh private SSH key (it can be a file
or an inline key). This identity will be passed to `docker build` via the
`--ssh default` argument through a temporary `ssh-agent` instance.

Examples:

```yaml
ssh_identity: |
-----BEGIN OPENSSH PRIVATE KEY-----
0000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000==
-----END OPENSSH PRIVATE KEY-----
```

```yaml
ssh_identity: /path/to/key
```

* `tag`: **DEPRECATED - Use `tag_file` instead**
* `tag_file`: *Optional.* The value should be a path to a file containing the name
of the tag. When not set, the Docker build will be pushed with tag value set by
Expand Down
15 changes: 15 additions & 0 deletions assets/out
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,7 @@ import_file=$(jq -r '.params.import_file // ""' < $payload)

pull_repository=$(jq -r '.params.pull_repository // ""' < $payload)
pull_tag=$(jq -r '.params.pull_tag // "latest"' < $payload)
ssh_identity=$(jq -r '.params.ssh_identity // ""' < $payload)
target_name=$(jq -r '.params.target_name // ""' < $payload)

if [ -n "$load" ]; then
Expand Down Expand Up @@ -237,6 +238,20 @@ elif [ -n "$build" ]; then
fi
fi

ssh_args=()
if [ -n "$ssh_identity" ]; then
export DOCKER_BUILDKIT=1
eval "$(ssh-agent)"
trap "ssh-agent -k; $( trap -p EXIT | cut -f2 -d \' )" EXIT
if [ -f "$ssh_identity" ]; then
ssh-add "$ssh_identity"
else
ssh-add <(echo "$ssh_identity")
fi
ssh_args+=("--ssh")
ssh_args+=("default")
fi

target=()
if [ -n "${target_name}" ]; then
target+=("--target")
Expand Down
7 changes: 7 additions & 0 deletions tests/fixtures/ssh_identity
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCTcY7/Q4JTr+zc5uuLSndCM8uiMBdf2H3JHTaCw1POrQAAAJiSPsoAkj7K
AAAAAAtzc2gtZWQyNTUxOQAAACCTcY7/Q4JTr+zc5uuLSndCM8uiMBdf2H3JHTaCw1POrQ
AAAEBhwFGOegUZ/wTf18i/9SNbDgZ0P/BJtPUoGHdvi2bNtJNxjv9DglOv7Nzm64tKd0Iz
y6IwF1/YfckdNoLDU86tAAAAE3NvbWVvbmVAZXhhbXBsZS5jb20BAg==
-----END OPENSSH PRIVATE KEY-----
43 changes: 43 additions & 0 deletions tests/out_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -484,6 +484,49 @@ var _ = Describe("Out", func() {
})
})

Context("When specifying ssh_identity file", func() {
It("should set ssh args", func() {
session := put(map[string]interface{}{
"source": map[string]interface{}{
"repository": "test",
},
"params": map[string]interface{}{
"build": "/docker-image-resource/tests/fixtures/build",
"additional_tags": "/docker-image-resource/tests/fixtures/tags",
"ssh_identity": "/docker-image-resource/tests/fixtures/ssh_identity",
},
},
)
Expect(session.Err).To(gbytes.Say(dockerarg(`--ssh`)))
Expect(session.Err).To(gbytes.Say(dockerarg(`default`)))
})
})


Context("When specifying ssh_identity key", func() {
It("should set ssh args", func() {
session := put(map[string]interface{}{
"source": map[string]interface{}{
"repository": "test",
},
"params": map[string]interface{}{
"build": "/docker-image-resource/tests/fixtures/build",
"additional_tags": "/docker-image-resource/tests/fixtures/tags",
"ssh_identity": "-----BEGIN OPENSSH PRIVATE KEY-----\n" +
"b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\n" +
"QyNTUxOQAAACCTcY7/Q4JTr+zc5uuLSndCM8uiMBdf2H3JHTaCw1POrQAAAJiSPsoAkj7K\n" +
"AAAAAAtzc2gtZWQyNTUxOQAAACCTcY7/Q4JTr+zc5uuLSndCM8uiMBdf2H3JHTaCw1POrQ\n" +
"AAAEBhwFGOegUZ/wTf18i/9SNbDgZ0P/BJtPUoGHdvi2bNtJNxjv9DglOv7Nzm64tKd0Iz\n" +
"y6IwF1/YfckdNoLDU86tAAAAE3NvbWVvbmVAZXhhbXBsZS5jb20BAg==\n" +
"-----END OPENSSH PRIVATE KEY-----",
},
},
)
Expect(session.Err).To(gbytes.Say(dockerarg(`--ssh`)))
Expect(session.Err).To(gbytes.Say(dockerarg(`default`)))
})
})

Context("When passing additional_tags ", func() {
It("should push add the additional_tags", func() {
session := put(map[string]interface{}{
Expand Down

0 comments on commit e8c703e

Please sign in to comment.