Using SSH_AUTH_SOCK (ssh agent forwarding) to pull upm private repos (#256)

* using SSH_AUTH_SOCK (ssh agent forwarding) to pull upm private repos * sshAgent as input parameter * yarn run prettier --write "src/**/*.{js,ts}" * yarn run lint --fix && yarn build * fixed compilation after rebase * removed RUN apt-get update && apt-get install -y openssh-client. This change needs to be done upstream. See game-ci/docker#117
2021-05-28 23:51:10 +02:00 · 2021-05-28 23:51:10 +02:00 · 497f2f7b5f
parent 71ca7bdbfc
commit 497f2f7b5f
7 changed files with 2211 additions and 2189 deletions
--- a/action.yml
+++ b/action.yml
@ -106,6 +106,10 @@ inputs:

      Parameters must start with a hyphen (-) and may be followed by a value (without hyphen).
      Parameters without a value will be considered booleans (with a value of true).
+  sshAgent:
+    required: false
+    default: ''
+    description: 'SSH Agent path to forward to the container'
  chownFilesTo:
    required: false
    default: ''
--- a/dist/index.js
+++ b/dist/index.js
@ -229,6 +229,7 @@ class BuildParameters {
                androidKeyaliasName: input_1.default.androidKeyaliasName,
                androidKeyaliasPass: input_1.default.androidKeyaliasPass,
                customParameters: input_1.default.customParameters,
+                sshAgent: input_1.default.sshAgent,
                chownFilesTo: input_1.default.chownFilesTo,
                remoteBuildCluster: input_1.default.remoteBuildCluster,
                awsStackName: input_1.default.awsStackName,
@ -346,7 +347,7 @@ class Docker {
    }
    static run(image, parameters, silent = false) {
        return __awaiter(this, void 0, void 0, function* () {
-            const { version, workspace, runnerTempPath, platform, projectPath, buildName, buildPath, buildFile, buildMethod, buildVersion, androidVersionCode, androidKeystoreName, androidKeystoreBase64, androidKeystorePass, androidKeyaliasName, androidKeyaliasPass, customParameters, chownFilesTo, } = parameters;
+            const { version, workspace, runnerTempPath, platform, projectPath, buildName, buildPath, buildFile, buildMethod, buildVersion, androidVersionCode, androidKeystoreName, androidKeystoreBase64, androidKeystorePass, androidKeyaliasName, androidKeyaliasPass, customParameters, sshAgent, chownFilesTo, } = parameters;
            const command = `docker run \
        --workdir /github/workspace \
        --rm \
@ -387,10 +388,13 @@ class Docker {
        --env RUNNER_TOOL_CACHE \
        --env RUNNER_TEMP \
        --env RUNNER_WORKSPACE \
+        ${sshAgent ? '--env SSH_AUTH_SOCK=/ssh-agent' : ''} \
        --volume "/var/run/docker.sock":"/var/run/docker.sock" \
        --volume "${runnerTempPath}/_github_home":"/root" \
        --volume "${runnerTempPath}/_github_workflow":"/github/workflow" \
        --volume "${workspace}":"/github/workspace" \
+        ${sshAgent ? `--volume ${sshAgent}:/ssh-agent` : ''} \
+        ${sshAgent ? '--volume /home/runner/.ssh/known_hosts:/root/.ssh/known_hosts:ro' : ''} \
        ${image}`;
            yield exec_1.exec(command, undefined, { silent });
        });
@ -662,6 +666,9 @@ class Input {
    static get customParameters() {
        return core.getInput('customParameters') || '';
    }
+    static get sshAgent() {
+        return core.getInput('sshAgent') || '';
+    }
    static get chownFilesTo() {
        return core.getInput('chownFilesTo') || '';
    }
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/src/model/mocks/input.ts
+++ b/src/model/mocks/input.ts
@ -10,6 +10,7 @@ export const mockGetFromUser = jest.fn().mockResolvedValue({
  buildMethod: undefined,
  buildVersion: '1.3.37',
  customParameters: '',
+  sshAgent: '',
  chownFilesTo: '',
 });

--- a/src/model/build-parameters.ts
+++ b/src/model/build-parameters.ts
@ -22,6 +22,7 @@ class BuildParameters {
  public androidKeyaliasName!: string;
  public androidKeyaliasPass!: string;
  public customParameters!: string;
+  public sshAgent!: string;
  public remoteBuildCluster!: string;
  public awsStackName!: string;
  public kubeConfig!: string;
@ -60,6 +61,7 @@ class BuildParameters {
      androidKeyaliasName: Input.androidKeyaliasName,
      androidKeyaliasPass: Input.androidKeyaliasPass,
      customParameters: Input.customParameters,
+      sshAgent: Input.sshAgent,
      chownFilesTo: Input.chownFilesTo,
      remoteBuildCluster: Input.remoteBuildCluster,
      awsStackName: Input.awsStackName,
--- a/src/model/docker.ts
+++ b/src/model/docker.ts
@ -36,6 +36,7 @@ class Docker {
      androidKeyaliasName,
      androidKeyaliasPass,
      customParameters,
+      sshAgent,
      chownFilesTo,
    } = parameters;

@ -79,10 +80,13 @@ class Docker {
        --env RUNNER_TOOL_CACHE \
        --env RUNNER_TEMP \
        --env RUNNER_WORKSPACE \
+        ${sshAgent ? '--env SSH_AUTH_SOCK=/ssh-agent' : ''} \
        --volume "/var/run/docker.sock":"/var/run/docker.sock" \
        --volume "${runnerTempPath}/_github_home":"/root" \
        --volume "${runnerTempPath}/_github_workflow":"/github/workflow" \
        --volume "${workspace}":"/github/workspace" \
+        ${sshAgent ? `--volume ${sshAgent}:/ssh-agent` : ''} \
+        ${sshAgent ? '--volume /home/runner/.ssh/known_hosts:/root/.ssh/known_hosts:ro' : ''} \
        ${image}`;

    await exec(command, undefined, { silent });
--- a/src/model/input.ts
+++ b/src/model/input.ts
@ -85,6 +85,10 @@ class Input {
    return core.getInput('customParameters') || '';
  }

+  static get sshAgent() {
+    return core.getInput('sshAgent') || '';
+  }
+
  static get chownFilesTo() {
    return core.getInput('chownFilesTo') || '';
  }