Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enable ssh agent #369

Closed
wants to merge 17 commits into from
Closed

enable ssh agent #369

wants to merge 17 commits into from

Conversation

bkk-bcd
Copy link

@bkk-bcd bkk-bcd commented Jun 26, 2022
edited
Loading

Fixes merge conflicts and defects in #336

Will enable https://docs.docker.com/develop/develop-images/build_enhancements/#using-ssh-to-access-private-data-in-builds

For example with the following starlark snippet:

"settings": {
    "registry": "xxx.dkr.ecr.us-east-1.amazonaws.com",
    "repo": "drone-test-build-docker",
    "dockerfile": "Dockerfile.python",
    "custom_dns": "169.254.169.253",
    "ssh_agent": "default",
},
"environment": {
    "SSH_KEY": {
        "from_secret": "SSH_KEY",
    },
}

And using the following Dockerfile:

FROM python:3.9.0-slim

RUN apt-get update && apt-get install -y  \
    git \
    openssh-client \
    && rm -rf /var/lib/apt/lists/*

RUN mkdir -p -m 0600 ~/.ssh && \
    ssh-keyscan github.com >> ~/.ssh/known_hosts

WORKDIR /workspace

RUN --mount=type=ssh git clone [email protected]:someorg/somerepo.git

Please note as in this example its expected that a private, base64 encoded, ssh key is provided in the SSH_KEY environment variable. You should use drone secret mechanisms accordingly.

@bkk-bcd bkk-bcd mentioned this pull request Jun 26, 2022
Open
@bkk-bcd bkk-bcd marked this pull request as draft July 1, 2022 14:07
@bkk-bcd bkk-bcd marked this pull request as ready for review July 9, 2022 19:14
@bkk-bcd
Copy link
Author

bkk-bcd commented Jul 9, 2022

@tphoney can you take a look?

bkk-bcd
bkk-bcd commented Jul 9, 2022
View reviewed changes
docker.go
if p.Build.SSHAgent != "" {
// TODO check in with one of the drone devs...this should not be necessary. I'm probably doing something
// wrong with the cli framework
p.Build.SSHAgent = strings.TrimSuffix(p.Build.SSHAgent, "]")
Copy link
Author

@bkk-bcd bkk-bcd Jul 9, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure what I'm missing here @tphoney -- I'm getting my values for this flag wrapped in []

@RickCraig
Copy link

Hi @bkk-bcd,

We really appreciate the effort you've put into this PR, and it's something we would like to support in Drone. We plan to implement this is a slightly different way. We will be using your PR as a guide.

I've added this is an item to our backlog, and will prioritize it based on the overall vision of CI & Drone at Harness.

In the meantime you can continue to use the fork and decide whether you would like to use our implementation when it's released in the future.

Again thanks for the effort, much appreciated!

@RickCraig RickCraig closed this Aug 18, 2022
@bkk-bcd
Copy link
Author

bkk-bcd commented Aug 21, 2022

Look forward to seeing that happen, hopefully soon 😉

@bkk-bcd
Copy link
Author

bkk-bcd commented Dec 20, 2022

@RickCraig did a solution for this get incorporated into drone master?

@thematrixdev
Copy link

thematrixdev commented Mar 9, 2023
edited
Loading

Have the --ssh been implemented?

I have tried for two weeks but still cannot get it work.

image

@jimsheldon
Copy link

@thematrixdev the comments in #382 might help

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@bkk-bcd @RickCraig @thematrixdev @jimsheldon @ohenning