Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ssh identity support #364

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ RUN apt update && apt install -y --no-install-recommends \
docker-ce \
docker-buildx-plugin \
jq \
openssh-client \
ca-certificates \
xz-utils \
iproute2 \
Expand Down
21 changes: 21 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,27 @@ version is the image's digest.
* `pull_tag`: *Optional.* **DEPRECATED. Use `get` and `load` instead.** Default
`latest`. The tag of the repository to pull down via `pull_repository`.

* `ssh_identity`: *Optional.* Set to an openssh private SSH key (it can be a file
or an inline key). This identity will be passed to `docker build` via the
`--ssh default` argument through a temporary `ssh-agent` instance.

Examples:

```yaml
ssh_identity: |
-----BEGIN OPENSSH PRIVATE KEY-----
0000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000==
-----END OPENSSH PRIVATE KEY-----
```

```yaml
ssh_identity: /path/to/key
```

* `tag`: **DEPRECATED - Use `tag_file` instead**
* `tag_file`: *Optional.* The value should be a path to a file containing the name
of the tag. When not set, the Docker build will be pushed with tag value set by
Expand Down
15 changes: 15 additions & 0 deletions assets/out
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,7 @@ import_file=$(jq -r '.params.import_file // ""' < $payload)

pull_repository=$(jq -r '.params.pull_repository // ""' < $payload)
pull_tag=$(jq -r '.params.pull_tag // "latest"' < $payload)
ssh_identity=$(jq -r '.params.ssh_identity // ""' < $payload)
target_name=$(jq -r '.params.target_name // ""' < $payload)

if [ -n "$load" ]; then
Expand Down Expand Up @@ -237,6 +238,20 @@ elif [ -n "$build" ]; then
fi
fi

ssh_args=()
if [ -n "$ssh_identity" ]; then
export DOCKER_BUILDKIT=1
eval "$(ssh-agent)"
trap "ssh-agent -k; $( trap -p EXIT | cut -f2 -d \' )" EXIT
if [ -f "$ssh_identity" ]; then
ssh-add "$ssh_identity"
else
ssh-add <(echo "$ssh_identity")
fi
ssh_args+=("--ssh")
ssh_args+=("default")
fi

target=()
if [ -n "${target_name}" ]; then
target+=("--target")
Expand Down
7 changes: 7 additions & 0 deletions tests/fixtures/ssh_identity
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCTcY7/Q4JTr+zc5uuLSndCM8uiMBdf2H3JHTaCw1POrQAAAJiSPsoAkj7K
AAAAAAtzc2gtZWQyNTUxOQAAACCTcY7/Q4JTr+zc5uuLSndCM8uiMBdf2H3JHTaCw1POrQ
AAAEBhwFGOegUZ/wTf18i/9SNbDgZ0P/BJtPUoGHdvi2bNtJNxjv9DglOv7Nzm64tKd0Iz
y6IwF1/YfckdNoLDU86tAAAAE3NvbWVvbmVAZXhhbXBsZS5jb20BAg==
-----END OPENSSH PRIVATE KEY-----
43 changes: 43 additions & 0 deletions tests/out_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -484,6 +484,49 @@ var _ = Describe("Out", func() {
})
})

Context("When specifying ssh_identity file", func() {
It("should set ssh args", func() {
session := put(map[string]interface{}{
"source": map[string]interface{}{
"repository": "test",
},
"params": map[string]interface{}{
"build": "/docker-image-resource/tests/fixtures/build",
"additional_tags": "/docker-image-resource/tests/fixtures/tags",
"ssh_identity": "/docker-image-resource/tests/fixtures/ssh_identity",
},
},
)
Expect(session.Err).To(gbytes.Say(dockerarg(`--ssh`)))
Expect(session.Err).To(gbytes.Say(dockerarg(`default`)))
})
})


Context("When specifying ssh_identity key", func() {
It("should set ssh args", func() {
session := put(map[string]interface{}{
"source": map[string]interface{}{
"repository": "test",
},
"params": map[string]interface{}{
"build": "/docker-image-resource/tests/fixtures/build",
"additional_tags": "/docker-image-resource/tests/fixtures/tags",
"ssh_identity": "-----BEGIN OPENSSH PRIVATE KEY-----\n" +
"b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\n" +
"QyNTUxOQAAACCTcY7/Q4JTr+zc5uuLSndCM8uiMBdf2H3JHTaCw1POrQAAAJiSPsoAkj7K\n" +
"AAAAAAtzc2gtZWQyNTUxOQAAACCTcY7/Q4JTr+zc5uuLSndCM8uiMBdf2H3JHTaCw1POrQ\n" +
"AAAEBhwFGOegUZ/wTf18i/9SNbDgZ0P/BJtPUoGHdvi2bNtJNxjv9DglOv7Nzm64tKd0Iz\n" +
"y6IwF1/YfckdNoLDU86tAAAAE3NvbWVvbmVAZXhhbXBsZS5jb20BAg==\n" +
"-----END OPENSSH PRIVATE KEY-----",
},
},
)
Expect(session.Err).To(gbytes.Say(dockerarg(`--ssh`)))
Expect(session.Err).To(gbytes.Say(dockerarg(`default`)))
})
})

Context("When passing additional_tags ", func() {
It("should push add the additional_tags", func() {
session := put(map[string]interface{}{
Expand Down