-
Notifications
You must be signed in to change notification settings - Fork 321
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add option to mount host ssh agent (--ssh) #382
Conversation
missed error check add debugging fix empty val for SSHAgent fix flag type remove [] debug base64 encode ssh key fix remove debug output code cleanup Update docker.go
61d2c99
to
a2f8157
Compare
@tphoney I noticed we were base64 decoding the ssh key. Is the idea that the end user encodes the ssh key and saves as a secret, and then the plugin decodes? |
Yeah that is the plan, as the keys are multiline |
@tphoney we have a few other plugins that accept ssh keys as input parameters, however, they do not require the user to base64 encode the values. Do we need to base64 encode, or can we omit the encoding requirement to align with existing plugins? Here is an example or prior art: Most ssh keys are pem encoded and can be safely copied / pasted into our user interface when creating the secret. If using the command line to create secrets, we provide an option to create the secret from a file. The key could also be added to the yaml using block scalar syntax (example below) although I suspect most people would use secrets.
|
I had issues with this working without the base64 encoding in place. If you can pull this PR down and provide a test case that works without it, we can use to verify? Maybe I was doing something else wrong? It's probably the multline issue @tphoney mentions above... |
For my use case one key is fine, its foreseeable that other folks might need more than one. I'm not sure what you mean by project ID in this context, can you point me to the code? |
We have a number of plugins that accept multi-line values (ssh keys, json values, etc) as inputs that do not require base64 encoding, so I am certain this will work. We use some of these plugins in our own pipelines (example). You can use the below yaml to confirm that Drone supports passing mutli-line values to plugins and retains newlines. kind: pipeline
name: default
steps:
- name: test
image: alpine
settings:
ssh_key: |-
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIW+BK6UQtCPACAggA
MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBCIvU4FD31mkYR76ugTEhuwBIIJ
UJPHGeObOC1lHMrTTKhdyiekEcJhCO3rzP/gqVpqXkjhUASTWEsE9LEcuGKdrzAN
Dsy/WL9revg9UAQtGAk8WTSqWhv5JaCC4FqLGirqLMzhU51Jf4GbmCOWAWGP7TZu
QEfBUexTcFVf13cVX7LFGOAZ3yIvFc3sfl5nyYY9Nerk8MxUOW+9Ck5loTEzMj9j
xJf5RsNvcoGVg33Rf7vl2xFIAD+PFdehd8n2CveQ48LJ9Zfn0gsRPQrPL+02Nlhu
7f44uW/Vq2YqG3PN1n8GUTexvF/qCKkd2T2QmHYnK9cryRn0xHvzSjSsQls170sA
Svu0sdTwh1tIs/sxRGuSta+iXPfHJnW4sZzh/2lAMvkgML6h9JAeIYV6e/qUqYSq
GxSfj7s0Qs0K5e3Xv1lCQUhSz82fBysznjeAhWa45YEV
-----END ENCRYPTED PRIVATE KEY-----
commands:
- echo -n "$PLUGIN_SSH_KEY" Here are the results of the above yaml using
|
I'll defer to @tphoney on this one, I wasn't able to get it to work 🤷 It is worth noting we use starlark. |
https://medium.com/@tonistiigi/build-secrets-and-ssh-forwarding-in-docker-18-09-ae8161d066 explains it pretty well, it is at the bottom of the blog post. @bradrydzewski i made the changes to use the raw key, looks good. |
a2f8157
to
d704148
Compare
This allows adding of multiple ssh keys to a build,
eg
then in the dockerfile, you can reference particular keys